r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6772
Expires: Wed, 21 Sep 2022 07:39:06 GMT
Date: Wed, 21 Sep 2022 05:46:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Retry-After, Content-Type, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 21 Sep 2022 05:13:32 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fAFoYGL2gstoZHqk9ACNMT_hKG7ucwsEvj8wAkufK-9UUd8_AfvrpA==
Age: 1962
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 21 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dIXES3u90CSIWiQvLyAVAXlunjR4FdwwF-rD_6pURO-gFy8oJCq1QA==
age: 4261
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Sep 2022 05:46:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 21 Sep 2022 05:03:22 GMT
Cache-Control: max-age=3600
Expires: Wed, 21 Sep 2022 05:38:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: L_xdpDWU993wDQknShDyLWLUGg_Wn8rWv4dgJo4zi6tPemLOl4Wcjg==
Age: 2573
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5942
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:15 GMT
Last-Modified: Wed, 21 Sep 2022 04:07:13 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
www.immigration.net/tag/601a/
132.148.112.52301 Moved Permanently 0 B URL HTTP/1.1 www.immigration.net/tag/601a/
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /tag/601a/ HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 21 Sep 2022 05:46:14 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 21 Sep 2022 06:46:15 GMT
Cache-Control: max-age=3600
X-Redirect-By: WordPress
Set-Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; expires=Thu, 22-Sep-2022 05:46:15 GMT; Max-Age=86400; path=/
YWRlcnrXO=_xQmGW.fuOg7; expires=Thu, 22-Sep-2022 05:46:15 GMT; Max-Age=86400; path=/
CzepGkADlOSKtb=ry%40%5BA2UD; expires=Thu, 22-Sep-2022 05:46:15 GMT; Max-Age=86400; path=/
enCXHt=Bo1RIGh8nAkf; expires=Thu, 22-Sep-2022 05:46:15 GMT; Max-Age=86400; path=/
pll_language=en; expires=Thu, 21-Sep-2023 05:46:15 GMT; Max-Age=31536000; path=/; SameSite=Lax
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://www.immigration.net/tag/601a/
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
35.86.38.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.86.38.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xaII/+OblUYsVi1LUAj7Fw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: At9rybyKfQSyVhWf65qKRQd1aPw=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9522
Expires: Wed, 21 Sep 2022 08:24:58 GMT
Date: Wed, 21 Sep 2022 05:46:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9522
Expires: Wed, 21 Sep 2022 08:24:58 GMT
Date: Wed, 21 Sep 2022 05:46:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9522
Expires: Wed, 21 Sep 2022 08:24:58 GMT
Date: Wed, 21 Sep 2022 05:46:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9522
Expires: Wed, 21 Sep 2022 08:24:58 GMT
Date: Wed, 21 Sep 2022 05:46:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4d98acc059a69d51165fb5e0c7430ea3
09bd3300d710c3212483159f8398b84cde09da26
6e38bbb5c79c4f714973e10961d7bad9e7ae8711cf24d68b13a77206f474d2a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2a425d5-4fbd-4af0-a85b-75f0878759cb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7507
x-amzn-requestid: 2a40c792-8b1b-4476-92de-1fce3df48fc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCmaHefoAMF4Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e28-6b05350006b7f3fb73d1e37a;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rq4QHCD4EubBKHyCj7jyKqpct5d7U33TvNufqj_w8mWunqQsouoh7w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:21:54 GMT
age: 26662
etag: "09bd3300d710c3212483159f8398b84cde09da26"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14e6ddceb639a5f4875aecb796f95c79
b1cd04a66852694284eeef16a1cde38896e33c03
4c0657a00d7fb4caefa64c28340cad94a306cc393cffe692fcc69c65a80f2391
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f06ad5e-83fd-449e-b227-1b9d5389e57d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10244
x-amzn-requestid: 71f08b9e-e977-48de-ad60-5192a43db517
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYwBkGqjIAMFz0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202d3d-0af3334d085ca4a764e31bb5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7FaZfI_iYUANPdxGBld5NfneWwKJeX2nYA_gmvF9NjML5YOVhZIIoA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 14:38:21 GMT
age: 54475
etag: "b1cd04a66852694284eeef16a1cde38896e33c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F689f6ab4-a759-42b3-82a8-f66964d5ece4.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F689f6ab4-a759-42b3-82a8-f66964d5ece4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eff7103898a5102e685ce6741cdf19f8
3371965b4417ee0b74a3a5094adfc1632d4849b1
c326683c06d56a02d8c1a36dd34c1eff1b9d242b8b5280a1824b0602ccd28020
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F689f6ab4-a759-42b3-82a8-f66964d5ece4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9574
x-amzn-requestid: 3dfa0e8c-77e6-4fc5-9f64-00ac854abbfa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1mEj2IAMFWdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-745819ba4b5c16ee6e649ad7;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _3w3cbABzhrIn3y9Spo6-NCZDzf4gHAfU30Zpvk3WTp8_kgWT7NAMw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:41:04 GMT
age: 29112
etag: "3371965b4417ee0b74a3a5094adfc1632d4849b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5a64d4-8802-4886-ab88-03c39eb96f1a.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5a64d4-8802-4886-ab88-03c39eb96f1a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a21b393fc4213d090f794f3eeee2333
cf334c1fc3191c5dcafaa2df55f62a10e16fda69
43553a352e6d7c8108bd5152d1c949d8acfb922344a00f8c77c986e2d8f665d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab5a64d4-8802-4886-ab88-03c39eb96f1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 19cef827-7a71-4789-ae2f-03861f7d65c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YsvkiG9BoAMFqRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63282c83-695865cd7f0a236300a179cb;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 08:46:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pt-UpDrev8YQvpm0E3xWMpkUSsxo80_jlCq1jJ0ePrpLb9rE7_kQ8w==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:20:37 GMT
age: 26739
etag: "cf334c1fc3191c5dcafaa2df55f62a10e16fda69"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7b780d39877eea116277625aaa01f1b
d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db
ca9d59056e0a3f512d36db11f4a4bd3109c2ce1e13b29b5f40dce84df079e71f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf057f43-44fd-440b-bd96-67b16eb4eb13.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12654
x-amzn-requestid: efc99152-2b51-462d-b48b-67ba8263b1cf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJOGVYoAMFcvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-00eeb6913e06ac151f293263;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wK03Lqow6u4lrQ3QI21klXXHGZqbKYathhCO87k0rZWBbF8o5YYjXw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 07:20:16 GMT
age: 80760
etag: "d8ac8a7e19b06e38070a0319cde24b5bf0eaa7db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8fb4f53-c4a2-4769-939e-c2f7ff562e36.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8fb4f53-c4a2-4769-939e-c2f7ff562e36.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 681b3e236c8b9bc524d935af247ec72b
96048f054243b5a13f14ab3dd9f4a0f3f2e0feae
aaa2f649fd336f89b3c0fc1d9226f8763f5a8cd850826a7f0819ebe7414fbf2a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8fb4f53-c4a2-4769-939e-c2f7ff562e36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7383
x-amzn-requestid: 32b97df0-b979-4e80-a54f-cae77affc915
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy2sHJ_oAMF0bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31c4-2c6db6e21fa1db233a4c1f49;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bmxUC0kur2YyFURbaNuBfgoyC3_l6XVfmKAyA-41jFdjBN2bY60GkQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:41:04 GMT
etag: "96048f054243b5a13f14ab3dd9f4a0f3f2e0feae"
content-type: image/jpeg
age: 29112
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css?ver=6.0.2
104.17.24.14200 OK 10 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css?ver=6.0.2
IP 104.17.24.14:0
File type ASCII text, with very long lines (59119)
Hash 14e1692fd4263ccfea0b84299bdbf1f5
7783020a9ced5f32c8d38205357c7d10798be1fd
8ff0cd2d1e7f0b6203a762fb9811256d4445a3ad0d97f07102e038ba0eb3db72
GET /ajax/libs/font-awesome/5.15.4/css/all.min.css?ver=6.0.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Sep 2022 05:46:17 GMT
content-type: text/css; charset=utf-8
content-length: 10462
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "613fa20b-28de"
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 3671048
expires: Mon, 11 Sep 2023 05:46:17 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ZDyRTvyN1gFt8VFUS7jB5V23mjAAFT6JdUdXoOe2KqSZ93D0y7nQN%2BGkqwox4HEVFB%2BcGcr%2FVY3O9CSeoTeOZt0kYyNwwZ8Q9PaVwyPcMbnKkPpy50acAjzJxOQZR4yFTbvyZbX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74e07fe06b43b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.immigration.net/tag/601a/
132.148.112.52200 OK 20 kB URL HTTP/2 www.immigration.net/tag/601a/
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11483), with CRLF, LF line terminators
Hash 48894c24316448b88d2f1dc774aedf46
0f49147b78e7275ceb2beca3692178ee1083642d
132716441e6f49b8b4184088b713a39cdc3c910f0c2c24957fa929d05926072b
Analyzer Verdict Alert fortinet Malware
GET /tag/601a/ HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.30
link: <https://www.immigration.net/wp-json/>; rel="https://api.w.org/", <https://www.immigration.net/wp-json/wp/v2/tags/216>; rel="alternate"; type="application/json"
set-cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; expires=Thu, 22-Sep-2022 05:46:16 GMT; Max-Age=86400; path=/; secure
YWRlcnrXO=_xQmGW.fuOg7; expires=Thu, 22-Sep-2022 05:46:16 GMT; Max-Age=86400; path=/; secure
CzepGkADlOSKtb=ry%40%5BA2UD; expires=Thu, 22-Sep-2022 05:46:16 GMT; Max-Age=86400; path=/; secure
enCXHt=Bo1RIGh8nAkf; expires=Thu, 22-Sep-2022 05:46:16 GMT; Max-Age=86400; path=/; secure
pll_language=en; expires=Thu, 21-Sep-2023 05:46:16 GMT; Max-Age=31536000; path=/; secure; SameSite=Lax
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 19775
content-type: text/html; charset=UTF-8
date: Wed, 21 Sep 2022 05:46:16 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61e5226dc3bddf0c0823c3134ebde224
4b35c53e8f91a840a4125b1ff92e99589c007a37
223615fe4754c0953ed65ec85d36d5219904395c8d7d7963670ab6f4c44e22da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4911
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Last-Modified: Wed, 21 Sep 2022 04:24:26 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
a.mailmunch.co/app/v1/site.js
143.204.55.29200 OK 8.4 kB URL HTTP/2 a.mailmunch.co/app/v1/site.js
IP 143.204.55.29:0
File type ASCII text, with very long lines (26047), with no line terminators
Hash d7737c5342c196e4b5ae33ef401ce949
e97975d456bb4457c7195f41c051e8ff16f3c95c
b34525cc99f50b83d8066782765cd956b52fbb39af075f0add0785703d999b8f
GET /app/v1/site.js HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 8416
date: Tue, 20 Sep 2022 19:21:12 GMT
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Mon, 19 Sep 2022 13:30:33 GMT
etag: "d7737c5342c196e4b5ae33ef401ce949"
cache-control: max-age=172800
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tI-vNQeoZMIHWunjwT4PJWnalvc88tJABPW0s08azvWDdW__cuoY1Q==
age: 37506
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a54412631157f051402860bcfb96e844
dd4b026cfc1ad18439db8ace65213318f18ae9f0
a43d2fbb8e64eea2f1bb4ab920cbf7c18bf90a42da0cfe3b41e5912824debc08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5320
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Last-Modified: Wed, 21 Sep 2022 04:17:38 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e5d7d983b288c67e17280c6a1c0d80d9
8a1e575f8b8427e872c1e4c5645d9ce3e5445e52
a08530049c460e7e3cf236a9969b94b4a794d83f3f4279ac43934194f39dedd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 596ea0e7cffcb12819c214fd7e55e6b5
fdf581b35743d7693bf8c7f6154471a1b2646f06
a78eee2be3725b096407fde832e7762dad74ac69165f57a10b1ef76b5b2d9874
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e5d7d983b288c67e17280c6a1c0d80d9
8a1e575f8b8427e872c1e4c5645d9ce3e5445e52
a08530049c460e7e3cf236a9969b94b4a794d83f3f4279ac43934194f39dedd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash eecc9c09e31a5a915650c6b6508baeca
f6a460eb23772ff6c1637e016ab6feded14a4d4d
e72ee4aef1765e7239ac109172f87f01ab1d875adb86e7bb7b0dbad255cf876a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5642
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Last-Modified: Wed, 21 Sep 2022 04:12:15 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61e5226dc3bddf0c0823c3134ebde224
4b35c53e8f91a840a4125b1ff92e99589c007a37
223615fe4754c0953ed65ec85d36d5219904395c8d7d7963670ab6f4c44e22da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4911
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Last-Modified: Wed, 21 Sep 2022 04:24:26 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.3.0
132.148.112.52200 OK 4.3 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash ab51a57b0a7892002f038df1b5804f17
8ff348441a76ff9aad17e731bc33b9e53aa406d0
22d2bf6b4a7f66c1bff36c3228d6887436400deb15f1ab44517b9ad0efa07a1f
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b419fc-5c7b-5e700677cd6ca-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4318
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-10928892074
142.250.74.72200 OK 62 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10928892074
IP 142.250.74.72:0
File type ASCII text, with very long lines (4682)
Hash db336fef51c08d75adf2c3d2818b6e93
5a457b26303c4fa4c2e62ab173c28d8ee981e395
edb75507a08d73dd1466620031960edcaddf6a16acd6ebadb90ae57736e12b4a
GET /gtag/js?id=AW-10928892074 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 21 Sep 2022 05:46:17 GMT
expires: Wed, 21 Sep 2022 05:46:17 GMT
cache-control: private, max-age=900
last-modified: Wed, 21 Sep 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 62288
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e5d7d983b288c67e17280c6a1c0d80d9
8a1e575f8b8427e872c1e4c5645d9ce3e5445e52
a08530049c460e7e3cf236a9969b94b4a794d83f3f4279ac43934194f39dedd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.css?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2
132.148.112.52200 OK 1.1 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.css?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (7116)
Hash 826884fdb05b65bb7a14b9db8a343e78
c82f3e28cdc0ff73c184174378a7e1ba0b0bc538
824f944e16e18ef36d50608cadec803c542ea322f4931f1e08896822a2c932ee
GET /nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.css?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:49 GMT
etag: "28e0426-2043-5e90a2a25e5f7-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1051
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
132.148.112.52200 OK 3.3 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (27709)
Hash de25deb1514a3ba39e90bb45665aaa2f
fd5d4c836cc80f4350101414de25e665c4df4b51
67cdfdaf9767c318d1f269c0c46e768a65520ff151b103f40fc1446b473abec8
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 14 Jul 2021 15:50:19 GMT
etag: "1a00e34-6c70-5c7174fb524c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3267
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 596ea0e7cffcb12819c214fd7e55e6b5
fdf581b35743d7693bf8c7f6154471a1b2646f06
a78eee2be3725b096407fde832e7762dad74ac69165f57a10b1ef76b5b2d9874
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bit.ly/3qtHNyR
67.199.248.10301 Moved Permanently 163 B IP 67.199.248.10:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 541c17809172ccc0057dfdc275a00cdd
e35982fdbeabce9ac267a95076e40e77d8fcee2a
3e3f83a55f14f1106a07e846d10890f5fa09f559369e81f5500213e24c8c02d0
GET /3qtHNyR HTTP/1.1
Host: bit.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Wed, 21 Sep 2022 05:46:17 GMT
content-type: text/html; charset=utf-8
content-length: 163
cache-control: private, max-age=90
location: https://resource.kenect.com/api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG
set-cookie: _bit=m8l5Kh-358a02dcbfb613f81a-00Y; Domain=bit.ly; Expires=Mon, 20 Mar 2023 05:46:17 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a54412631157f051402860bcfb96e844
dd4b026cfc1ad18439db8ace65213318f18ae9f0
a43d2fbb8e64eea2f1bb4ab920cbf7c18bf90a42da0cfe3b41e5912824debc08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5320
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Last-Modified: Wed, 21 Sep 2022 04:17:38 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash eecc9c09e31a5a915650c6b6508baeca
f6a460eb23772ff6c1637e016ab6feded14a4d4d
e72ee4aef1765e7239ac109172f87f01ab1d875adb86e7bb7b0dbad255cf876a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5642
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Last-Modified: Wed, 21 Sep 2022 04:12:15 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
www.immigration.net/nova/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
132.148.112.52200 OK 12 kB URL HTTP/2 www.immigration.net/nova/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (43771)
Hash e5548800176e913a9084f47a3e1e04f6
eff4604acc5c26ae82a19188de2f98bf5b79d80c
a2569c768eaca09f2483b971fcebb97badd57c9a16b5ae3e16b8cdcd8c688b07
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 13 Jul 2022 02:59:58 GMT
etag: "1a400f6-15b64-5e3a6faf52780-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 11681
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/visual-link-preview/dist/public.css?ver=2.2.4
132.148.112.52200 OK 273 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/visual-link-preview/dist/public.css?ver=2.2.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (637)
Hash 7088432ee0ac9084b81eb0db71aed8d1
b3ec7fa11323e31b1787888bcd2db74bc50d6706
b5c3abb76b713f1f1a1a893667e19d0cbf0900244599b77e88239a4544086011
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/visual-link-preview/dist/public.css?ver=2.2.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Feb 2022 15:00:22 GMT
etag: "1a2066a-27f-5d71e64b30d80-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 273
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
IP 142.250.74.3:0
Hash d7f69b9b28872b08d66024cfd5d24923
57f941909b09e630dc8ea1ee770ceb5eab6e0e3d
986136a03d49cba47025e43a15b039d8f25f1c318172f0b482713d7d4e66580a
POST /s/gts1d4/_FxBsn3OejE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/plugins/wp-ada-compliance-check-basic/styles.css?ver=1650652011
132.148.112.52200 OK 4.7 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/wp-ada-compliance-check-basic/styles.css?ver=1650652011
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (405)
Hash 9aac96cd088c656c1abd20bec99485e0
abe636351b19d1a3ffc035137ed1647002a90712
09d6c27aa7abbe68f0bd42ae82ea85e6f489df3d6d9937e928c404cffb5a5a90
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/wp-ada-compliance-check-basic/styles.css?ver=1650652011 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 22 Apr 2022 18:26:51 GMT
etag: "19e1271-5502-5dd425ec370c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4740
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/themes/x-child/style.css?ver=9.1.4
132.148.112.52200 OK 463 B URL HTTP/2 www.immigration.net/nova/wp-content/themes/x-child/style.css?ver=9.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash 19903779c578815d1ffa44a56f0e4c29
0a9ed74ac05dc366b27fb9807da23afac3a2cc17
1b38b631e6276d507645db54e100cd24ee5c4f830f45ef8536a2c675e81e5cd6
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/themes/x-child/style.css?ver=9.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 18 Nov 2021 16:39:29 GMT
etag: "1a21108-482-5d112cd633240-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 463
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/monarch/css/style.css?ver=1.3.16
132.148.112.52200 OK 13 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/monarch/css/style.css?ver=1.3.16
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (718)
Hash bf4e8a511d82daf1e22f290808d204d6
ff0d4c9d382224e906f316191212e799f453b798
3fcc24dac9076fdb99d3106c540c92a3b074c6574e2417821daac276fccfa5e9
GET /nova/wp-content/plugins/monarch/css/style.css?ver=1.3.16 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 11 Jan 2018 19:02:28 GMT
etag: "1a00edd-1c56d-56284ca03b900-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 12734
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
132.148.112.52200 OK 212 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash db66de13c05ea53fcf76501102756efa
e124611eaa5ac52ad1ffa6d8e13bd54ec53f251b
bcc8b236b089f186585569d3128078fcc27eafe97a8d01b2075f6f8528779e07
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 19:36:11 GMT
etag: "1a00197-137-5e4ce877c00c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 212
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
resource.kenect.com/api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG
34.149.59.194200 OK 24 kB URL HTTP/2 resource.kenect.com/api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG
IP 34.149.59.194:0
File type Unicode text, UTF-8 text, with very long lines (24355), with no line terminators
Hash be61b0a0004e754488ea7fb2fcd77e44
212cb3448da348e4210b33835cae508ead202423
f7142e633bb1306b0454dd2670cf771431546f346bdd700da0b46a7c8ae06469
GET /api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG HTTP/1.1
Host: resource.kenect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.immigration.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.23.1
date: Wed, 21 Sep 2022 05:46:17 GMT
content-type: text/javascript;charset=UTF-8
content-length: 24363
x-cloud-trace-context: 0a9c74484865aac5739847c8133619a0/6531233601467241069
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
IP 142.250.74.3:0
Hash d7f69b9b28872b08d66024cfd5d24923
57f941909b09e630dc8ea1ee770ceb5eab6e0e3d
986136a03d49cba47025e43a15b039d8f25f1c318172f0b482713d7d4e66580a
POST /s/gts1d4/_FxBsn3OejE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:17 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/themes/x/framework/dist/css/site/stacks/integrity-light.css?ver=9.1.4
132.148.112.52200 OK 33 kB URL HTTP/2 www.immigration.net/nova/wp-content/themes/x/framework/dist/css/site/stacks/integrity-light.css?ver=9.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash d43fc828f8dcd8cbda95e57b1ece2450
cf5f94a9916d67d0017d6c31d56afbd0c69888ec
1f83236713a2ab03b6808de3ff2f8e3572f283866b3785ab8bd1026b5c7284ae
GET /nova/wp-content/themes/x/framework/dist/css/site/stacks/integrity-light.css?ver=9.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Nov 2021 16:25:39 GMT
etag: "1a21133-2ff49-5d0d6426446c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 33334
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4
132.148.112.52200 OK 1.8 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (8319)
Hash 4ef76087ceebf8f309ed48ec12e63876
8c01ce47d1fd1bdbdf77f4b4b1e002ccd7d92afa
2a79fd037132847cedca153e7cb2ac6057afb3a33af627d63c0fce9a5393b8d5
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:50 GMT
etag: "28e01bb-2080-5e90a2a3a96f4-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1786
content-type: text/css
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
132.148.112.52200 OK 195 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash f9d342a66f882a21aaa6bf2f886dec5f
208b0196ddc4618f81a4acbe5e03b0789da1b9b3
16354818e612c2d6a9457960b8425bc745d7d48aa7e35f2c4ff4a32be4633cdf
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:48:16 GMT
etag: "1a00e3c-14b-5e909a3df7e09-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 195
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.3.0
132.148.112.52200 OK 3.4 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (21440)
Hash a033d66bedb7d4b81e367e0cd3bdd24b
366af2db24db29b2b6bed3d627f4d8de0d97e77e
5a540db5c135e3911ef9c9e78d3e2eaf780da89aa49567b2c176928ad6bf3294
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b41a13-54f7-5e700677cde9a-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3372
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.0
132.148.112.52200 OK 764 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1533)
Hash 5482bab316d4745f945ceedf9a6a4a74
e19b9f0423ec7ea517fb3af8d04a08182e323da6
72be1dd2581dc327b485bb623a54884f951fa91ac86c39b534adf3ee80b87415
GET /nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:48:05 GMT
etag: "1a001b7-625-5e909a331958e-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 764
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
132.148.112.52200 OK 4.2 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
GET /nova/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:23:40 GMT
etag: "1a40217-2bd8-5e9094be24ec5-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4169
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4
132.148.112.52200 OK 4.6 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1003)
Hash 48e61f2f2c6015a4336e6366befb522d
527f22a82e9f5fba1da3443b191acb0792b24f1f
efa0fbecb4898606bdd63c8d6cc44759e1baf2c26af09a749b6857651432cb06
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:50 GMT
etag: "28e01a1-35f6-5e90a2a3a8f24-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4564
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.3.16
132.148.112.52200 OK 1.9 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.3.16
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (4205)
Hash adffe288d354bc53918565e48f7b60b7
3b5815526f8fbe9b19fe9c472d33b54f86b75991
4f3d1120aa1a8584b66c9407d9cf3979767bd42e2f3b8d59a4f1492398c3fe90
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.3.16 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:54:11 GMT
etag: "1a00ee9-10e3-5e0d106d592c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1882
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.0
132.148.112.52200 OK 1.5 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (2976)
Hash ef92f9c387fe31483aa1baa625d6f380
6af89e953cff5893779d1183467f89d6ea753b17
42bf5be4ace7a18492dc4fd2cbf563867812f799b7930021e648752e1e109e7a
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:48:05 GMT
etag: "1a001b3-bc7-5e909a3318205-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1538
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
132.148.112.52200 OK 2.9 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9680), with no line terminators
Hash 7c2c4ebd10adb73367b5c5f0e1e5d3ce
a67e4fd0e3e7452e74b22517ba924b58307d7758
5244443e699788a134cc77adfc3fd18f03386df5fe49e6c82b057387ba4d0ebd
GET /nova/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 06:29:09 GMT
etag: "1ac01ee-25d0-5e7abd904cb2a-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2914
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
132.148.112.52200 OK 5.0 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (15660)
Hash e6624e0b978e6ddba476be41aaaa82df
822e920d8233072110ed7c8a7f379e5b13209b18
dac86a9ce08e4d8cded47b4fa900a664b0c997d8910c2a1be54a423678925a41
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:23:40 GMT
etag: "1802a54-48b9-5e9094be1c60d-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 5009
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
132.148.112.52200 OK 3.9 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (12211), with no line terminators
Hash 7ef755c2700783f9eae63fc539149a18
e57c0c5ceb5e2fbf1aaad44aad6319f8b26b69a1
95c808afbeaf569865125c132b69df4a68bca03fd6b792d38ef9a0e341dbf06b
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 06:29:09 GMT
etag: "1ac01f1-2fb3-5e7abd904cb2a-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3934
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.0
132.148.112.52200 OK 415 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash 62e6439ea22c07d86674d88b688a9fb1
e499a5c06d34f838fc1a5b36a924ca5600f4f9cd
2e117cc65e06418d0232894884eb7b596ecc9d82c5c7c2c5ea6ee2c630af8e43
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:48:05 GMT
etag: "1a001ae-415-5e909a3317265-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 415
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4
132.148.112.52200 OK 1.1 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (3102)
Hash 92aff458c46ce464686ea160ceae90a7
c77d998b0eda7b5a56194b7d18240e628e540523
3c4f4a2919827a5e38510c6fdf3dc66ed3af07e5662a72035839d2bee19cc30f
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:50 GMT
etag: "28e0191-c1f-5e90a2a3a8754-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1082
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/monarch/js/custom.js?ver=1.3.16
132.148.112.52200 OK 6.5 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/monarch/js/custom.js?ver=1.3.16
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1815)
Hash 4f7996d43ee4c68714b20f4296799364
e8f38c124d82ef19779bb48fbdcf54c0089fc28f
f57fd305904a112ffc4678dffc512e5506890fd338b142c874b907c99c7ba295
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/monarch/js/custom.js?ver=1.3.16 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:54:11 GMT
etag: "1a00ee8-6e10-5e0d106d592c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 6466
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
132.148.112.52200 OK 31 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65447)
Hash 9640915738503451aa21181699feab5b
c053eaf36ef0da96619706b3abda326305063bd6
f8834e669ad1f4039442c26aaa373ec39c35a233b9786d374fc3f670f16b0adc
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:23:40 GMT
etag: "1a4021f-15db1-5e9094be246f5-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 30908
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/themes/x/framework/dist/js/site/x.js?ver=9.1.4
132.148.112.52200 OK 15 kB URL HTTP/2 www.immigration.net/nova/wp-content/themes/x/framework/dist/js/site/x.js?ver=9.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (54351), with no line terminators
Hash ccbefa361a7ff48b275b71aa9def53bc
e6921539bfeed4ff0a4e2a004e9e333e30ab8606
d7b1a7dd56e78c321cf377310a318082af7c43f1d126bbeab12aae8e4f5545b7
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/themes/x/framework/dist/js/site/x.js?ver=9.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:54:18 GMT
etag: "1a2113e-d44f-5e0d107406280-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 15382
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.3.0
132.148.112.52200 OK 42 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65343)
Hash 8915ae671d1b078d67b86d554ee78087
2bb06cd05eb0e9e3375df44a1e8dce34a96db301
fa807f6f33b991c713df5b48eddbec3ddd35f5eba9b7cd98bd997d490570ba65
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b41a12-1e049-5e700677cdab2-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 41980
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2018/01/Kuck_Baxter_Logo_2018.png
132.148.112.52200 OK 37 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/Kuck_Baxter_Logo_2018.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 2001 x 824, 8-bit/color RGBA, non-interlaced\012- data
Hash 7d44788bc34ac5e61dbfd213fa8d599e
415bde76066080d99326779e7e2630aa700b80b8
a4e84089771d0353a227f74d203ba7b67a89177077f235279066414ca1959429
GET /nova/wp-content/uploads/2018/01/Kuck_Baxter_Logo_2018.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 04 Jan 2018 12:16:09 GMT
etag: "1a2158d-9121-561f24c061440"
accept-ranges: bytes
content-length: 37153
content-type: image/png
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/js/site/cs.6f62d0f.js
132.148.112.52200 OK 46 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/js/site/cs.6f62d0f.js
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash ce8386fcb7d86dbda40a00d063d6cd57
5960ed916fa94e0846df795a50b39d9e02b58de1
149afab4a6ae5889221997de240deadf6c16d9791ef1a1453bc3415c2c7ce935
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/js/site/cs.6f62d0f.js HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:53:55 GMT
etag: "1a0097c-22b10-5e0d105e16ec0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 46135
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 17:10:21 GMT
expires: Wed, 20 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 45357
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 17:10:21 GMT
expires: Wed, 20 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 45357
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 24408, version 1.0\012- data
Hash efee2d080d7bebdd2e0aeb2e030813a0
f8d38f9f9584e48c2e469877ebd94232265585f1
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
GET /s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24408
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 20:02:00 GMT
expires: Tue, 19 Sep 2023 20:02:00 GMT
cache-control: public, max-age=31536000
age: 121458
last-modified: Tue, 26 Apr 2022 15:50:25 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net//nova/wp-content/uploads/2018/07/yelp-brands.jpg
132.148.112.52200 OK 1.1 kB URL HTTP/2 www.immigration.net//nova/wp-content/uploads/2018/07/yelp-brands.jpg
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 32x32, components 3\012- data
Hash 6a09a2f803b7310a34915a131c78c23f
6866bf0f42f32745cd2d01b6ab1aac9f221cb0fe
0fc12d125cbb69bef362d8831222705d0a07a59d0b549cc23df4b020ac58247e
GET //nova/wp-content/uploads/2018/07/yelp-brands.jpg HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/nova/wp-content/themes/x-child/style.css?ver=9.1.4
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 01 Aug 2018 01:04:51 GMT
etag: "1a21680-438-572554819f2c0"
accept-ranges: bytes
content-length: 1080
content-type: image/jpeg
date: Wed, 21 Sep 2022 05:46:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-brands-400.woff2
132.148.112.52200 OK 78 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-brands-400.woff2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 78464, version 331.-31392\012- data
Hash ff496de99efc36ce4f6f1e611ada7e65
f6b96b15619d6c70e152ccc6901f5872b58b08be
59beb1f8f4ea7e16c50ae0652005e6f7a39f58f9deb0e155d8c8981ea99544b0
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/fonts/fa-brands-400.woff2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Nov 2021 16:26:12 GMT
etag: "1a0096b-13280-5d0d6445bd100"
accept-ranges: bytes
content-length: 78464
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Wed, 21 Sep 2022 05:46:18 GMT
server: Apache
X-Firefox-Spdy: h2
cdn.oribi.io/XzI4MTU4OTU5OA/oribi.js
143.204.55.82200 OK 3 B URL HTTP/2 cdn.oribi.io/XzI4MTU4OTU5OA/oribi.js
IP 143.204.55.82:0
File type JSON data\012- , ASCII text
Hash 8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
GET /XzI4MTU4OTU5OA/oribi.js HTTP/1.1
Host: cdn.oribi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=UTF-8
content-length: 3
date: Wed, 21 Sep 2022 05:46:18 GMT
cache-control: public, max-age=60
x-cache: Miss from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: A-3FlBqI8DSGtT7ncMis-0yKuUsuGi05FWrDX1mlDyzRJCwDHt2tmQ==
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2
104.17.24.14200 OK 78 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2
IP 104.17.24.14:0
File type Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196\012- data
Hash d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
GET /ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Sep 2022 05:46:18 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 78268
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "613fa20b-131bc"
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 4785483
expires: Mon, 11 Sep 2023 05:46:18 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bdr6gy8LjCQjiXCBHe205WRPuIAOp5ita%2F2G%2BQiE3dU%2BgZqNBuogx5HiZDI2AKE3ofFHAZR%2BDHnOZV4QW%2F1PH%2FFVF7lQJv03iQh2RHm9j0tOjPLlg3cDD7fShK51WQeYsWEiQmog"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74e07fe8fb01b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-solid-900.woff2
132.148.112.52200 OK 141 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-solid-900.woff2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 140996, version 331.-31392\012- data
Size 141 kB (140996 bytes)
Hash 25d740d42658b6e2c293ce7b3322aac7
41cc9ae4b5dd70fd3988059dfb864f20f99ae371
8b5a3ff47c2413e0bf3dd3bb7899a25aeef9b390a055847a1185a39ad48a2da2
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/fonts/fa-solid-900.woff2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Nov 2021 16:26:12 GMT
etag: "1a00974-226c4-5d0d6445bd100"
accept-ranges: bytes
content-length: 140996
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Wed, 21 Sep 2022 05:46:18 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2291e29b88d2d3965aba9480230239c6
41025cfc8b92a3449c8d29f5c4d789f0a762e543
bb177c190535ef0bb672b080619963c52cf35fb36a26ad01ff64fa879ea3d3b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2291e29b88d2d3965aba9480230239c6
41025cfc8b92a3449c8d29f5c4d789f0a762e543
bb177c190535ef0bb672b080619963c52cf35fb36a26ad01ff64fa879ea3d3b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2291e29b88d2d3965aba9480230239c6
41025cfc8b92a3449c8d29f5c4d789f0a762e543
bb177c190535ef0bb672b080619963c52cf35fb36a26ad01ff64fa879ea3d3b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.11.207200 OK 7.6 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (27303)
Hash 944caf36484b24e4c54eda89187848a4
22c5a46b993b8fddb83acca1b9907da7a74636c9
347b09ff5dd97590bd3e31537e2bd5e68cdf92aaceb888f7afdcf8fb0dd048fc
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Sep 2022 05:46:17 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 9183425
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74e07fe0ae510b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
storage.googleapis.com/widget.kenect.com/resources/prompt.html.gz
142.250.74.16200 OK 1.4 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/prompt.html.gz
IP 142.250.74.16:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1300)
Hash 8f25df841e51cfab45b5aae5db6d18b8
90e76f0a60f48f3d790e95540aa1be35a6f884ac
03a07b070691db50795f43a532e134326abc81f2907d8e2ffb067f27f0ce105b
GET /widget.kenect.com/resources/prompt.html.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdvJ0n8AR03Al-9KadvrgFxJJXUpPj8WxjPSduzTzctCDILsT6dDTz7pqrx67yYjCUHIA65CkGuIWEznt3r1TpJH
x-goog-generation: 1657738774177700
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1436
content-encoding: gzip
x-goog-hash: crc32c=AnuppQ==, md5=jyXfhB5Rz6tFtarl220YuA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1436
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Wed, 21 Sep 2022 05:31:54 GMT
expires: Wed, 21 Sep 2022 06:31:54 GMT
cache-control: public,max-age=3600
age: 864
last-modified: Wed, 13 Jul 2022 18:59:34 GMT
etag: "8f25df841e51cfab45b5aae5db6d18b8"
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=65492
date: Wed, 21 Sep 2022 05:46:18 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9405985bfe6aab7c008cf3a305f79b0f
d698b786300ea45e2cd1b9d3fadf2639e71efe5e
28c7a840f64d83b92b41d7255788845fbe83aefbee8acf3d8cb131ffd81f6267
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5851
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Last-Modified: Wed, 21 Sep 2022 04:08:47 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
storage.googleapis.com/widget.kenect.com/resources/scripts/newRelic.js.gz
142.250.74.16200 OK 10 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/scripts/newRelic.js.gz
IP 142.250.74.16:0
File type ASCII text, with very long lines (29341)
Hash e8ae319d1b0ed5134b4a1514e3908a69
5b8c05c3a99c1dc66315b955458d05e37bb01a3c
ab12cde2168a0e555cb0a85f48246018ca63208f1652225e043cdd7b46d52c73
GET /widget.kenect.com/resources/scripts/newRelic.js.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycduLKiuvVFBtQFjX4y_FlNBvR97t4DtUOlPoG_dEGaV6dBoL8hiftjtO8LfljuhSGhVARovA58pUPBC9f6olQlzCa4y-VoYY
x-goog-generation: 1657738775559969
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 10369
content-encoding: gzip
x-goog-hash: crc32c=g0phvw==, md5=6K4xnRsO1RNLShUU45CKaQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 10369
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Wed, 21 Sep 2022 05:31:54 GMT
expires: Wed, 21 Sep 2022 06:31:54 GMT
cache-control: public,max-age=3600
age: 864
last-modified: Wed, 13 Jul 2022 18:59:35 GMT
etag: "e8ae319d1b0ed5134b4a1514e3908a69"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 21 Sep 2022 04:41:12 GMT
expires: Wed, 21 Sep 2022 06:41:12 GMT
cache-control: public, max-age=7200
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
age: 3906
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 67b756e82caefc7860b9f2d4a4f40341
adeae15d52089bcca4ca247fc4aebceef8406e34
72ff9f52080a633dc841554f7d4cc70083edd2572b535d84093ae63f0c50b832
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
142.250.74.138200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32038)
Hash 103708790db3586027df27ded660f8ef
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe
GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 19:09:20 GMT
expires: Wed, 20 Sep 2023 19:09:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 38218
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
storage.googleapis.com/widget.kenect.com/resources/button.min.js.gz
142.250.74.16200 OK 1.2 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/button.min.js.gz
IP 142.250.74.16:0
File type ASCII text, with very long lines (2745)
Hash 4cc815772707982e8c2b9ec45fd2fc96
95e0d491cda07f48bf73ea97355e71be7975020b
239d57f3384ca410ab6bfa207d1bf9c48949469f29c42acd4d3d27b3eca27fd2
GET /widget.kenect.com/resources/button.min.js.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://storage.googleapis.com/widget.kenect.com/resources/button.html.gz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycduClYVvU7Or1Rr2-8Ed9yandlqlyjnwKv0E3Aiee_Di3by2pOPGbtE88PA0-0YQ9JSqWPR29MWysSPe-SVznDBFGJyhKLRq
x-goog-generation: 1657738774766484
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1182
content-encoding: gzip
x-goog-hash: crc32c=nJPn3A==, md5=TMgVdycHmC6MK57EX9L8lg==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1182
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Wed, 21 Sep 2022 05:31:55 GMT
expires: Wed, 21 Sep 2022 06:31:55 GMT
cache-control: public,max-age=3600
age: 863
last-modified: Wed, 13 Jul 2022 18:59:34 GMT
etag: "4cc815772707982e8c2b9ec45fd2fc96"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash 9ecd89752214ef749272eef344b9089a
70a58a49c08934265ee34c74efb01d6b3124095d
f76c51487e348977288fcaf83984cd8fe4e73758cc352402774d9eb94680d528
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: ca20Xw+d8whh1WyOCoxOGtPhtWLendx9FUbqG9iEGBo3jdxYH5kctbH790TDR03IwIe1GOzNKkrF0FHSrHCYqA==
content-length: 26839
x-fb-trip-id: 1679558926
date: Wed, 21 Sep 2022 05:46:18 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2291e29b88d2d3965aba9480230239c6
41025cfc8b92a3449c8d29f5c4d789f0a762e543
bb177c190535ef0bb672b080619963c52cf35fb36a26ad01ff64fa879ea3d3b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 21 Sep 2022 05:46:18 GMT
expires: Wed, 21 Sep 2022 05:46:18 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9405985bfe6aab7c008cf3a305f79b0f
d698b786300ea45e2cd1b9d3fadf2639e71efe5e
28c7a840f64d83b92b41d7255788845fbe83aefbee8acf3d8cb131ffd81f6267
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5851
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Last-Modified: Wed, 21 Sep 2022 04:08:47 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
a.mailmunch.co/app/v1/styles.css
143.204.55.29200 OK 2.3 kB URL HTTP/2 a.mailmunch.co/app/v1/styles.css
IP 143.204.55.29:0
File type ASCII text, with very long lines (21666), with no line terminators
Hash d1960a22292f1bb765b3e3b001e5d1fb
c7a423651222e15e88c266e69bc7026a683ce169
52e6bcf70e9a97094be1eb6af8a3d71fc2534ccc18e88ae665d66bb6e2ede1f8
GET /app/v1/styles.css HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 2274
date: Mon, 19 Sep 2022 21:03:25 GMT
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Mon, 19 Sep 2022 13:30:38 GMT
etag: "d1960a22292f1bb765b3e3b001e5d1fb"
cache-control: max-age=172800
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: u5U2VQhALBRcc7JVbmIaer_yzcqGbsowEPjm_o1pNWc_4bYqsi-Bxw==
age: 117774
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bb4bdc4c3c6869c822618f0b9ef1bdc5
6a438b8d9d87aa30e0989ace7fc0d4cafce1f29d
eb762661b0a0ecc4ccdf50229ce134d0062e8d60698b7ed1970c5073b18f31ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
storage.googleapis.com/widget.kenect.com/build/index.html.gz?token=6Sj957aIcyVWOLohrUqwmG
142.250.74.16200 OK 1.2 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/build/index.html.gz?token=6Sj957aIcyVWOLohrUqwmG
IP 142.250.74.16:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2673), with no line terminators
Hash 4e1143b063372f7126154563379abcd0
a3300862db2ccc98b160811cb95085fe431ca1bd
44da3a189b96ae54334ecc435c3ee23777face457d287b1b2ea2a1a6ddb46f2e
GET /widget.kenect.com/build/index.html.gz?token=6Sj957aIcyVWOLohrUqwmG HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdt948a9fWhkXDuSLsNVcSe7wu0yenl9PmCRK0XCEwuH6tGBk8CyYuQMrYrV-SUpYZFJFNnflbNvsoqc6oXtLJznjDkcnSQw
date: Wed, 21 Sep 2022 05:46:18 GMT
cache-control: public,max-age=3600
expires: Wed, 21 Sep 2022 06:46:18 GMT
last-modified: Tue, 19 Jul 2022 04:59:34 GMT
etag: "4e1143b063372f7126154563379abcd0"
x-goog-generation: 1658206774132232
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1176
content-type: text/html
content-encoding: gzip
x-goog-hash: crc32c=REEuxA==, md5=ThFDsGM3L3EmFUVjN5q80A==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1176
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://storage.googleapis.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 02:02:22 GMT
expires: Sun, 17 Sep 2023 02:02:22 GMT
cache-control: public, max-age=31536000
age: 359036
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9baaa3878151bf5d83c8d7014da17e5d
d8952bdd01ddec1d9a5a480f17ff5e39f6bdb037
1734ff9035c0a9c965cb5047e9fdbc2c1184b6c568066e856c6dbf0b8dc51df3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663739178572&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663739178572&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=4573033&time=1663739178572&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663739178572%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252Ftag%252F601a%252F%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLz1rXDrpeLjgAAAYNelS67mlMBXkKs0URjEE6DM-PbZlLvKDEIS_vRw6iQu_dG2YSZ4PF_QkeyWQ; Max-Age=2592000; Expires=Fri, 21 Oct 2022 05:46:18 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQJAh8Bcd_g_hgAAAYNelS67vqxE8iILZ6bK7CGPJGJhbs6GdO3AO0m9NkbTa5OT_E-3uW-l5TnFfMtfEW-Eng; Max-Age=2592000; Expires=Fri, 21 Oct 2022 05:46:18 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&302e7947-a5fb-4a61-8731-9b3b698cf235"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 21-Sep-2023 05:46:18 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2391:u=1:x=1:i=1663739178:t=1663825578:v=2:sig=AQEQwwkOGSrOq3vVzI7sVvhuIVghMnG1"; Expires=Thu, 22 Sep 2022 05:46:18 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXpKXa+am7RA44VeQZ3ZQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 76079F6CD71B4D998F78D775509DA4BD Ref B: OSL30EDGE0308 Ref C: 2022-09-21T05:46:18Z
date: Wed, 21 Sep 2022 05:46:18 GMT
content-length: 0
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10928892074/?random=1663739178690&cv=9&fst=1663739178690&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&auid=1212115511.1663739178&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.66200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10928892074/?random=1663739178690&cv=9&fst=1663739178690&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&auid=1212115511.1663739178&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.66:0
File type ASCII text, with very long lines (2284), with no line terminators
Hash 20d9773291d5e16f0d8435470be34768
3b081767e3b302401902ff67413589e58aff1658
8694944d16082b7481f512d1bba86d03b6d8d7e27a42222f46eae22b3a2f90ce
GET /pagead/viewthroughconversion/10928892074/?random=1663739178690&cv=9&fst=1663739178690&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&auid=1212115511.1663739178&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Sep 2022 05:46:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1043
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 21-Sep-2022 06:01:18 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fde987c85b17b2242afddd76c3fd3b62
08e87b8185fc39462e6b331d565a864df2fd5865
49bc15e88c546089cc42939f8dc9f7046f1dd98332c31cf52435586bc8ea177c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/10928892074/?random=1663739178690&cv=9&fst=1663736400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&async=1&fmt=3&is_vtc=1&random=163138869&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10928892074/?random=1663739178690&cv=9&fst=1663736400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&async=1&fmt=3&is_vtc=1&random=163138869&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10928892074/?random=1663739178690&cv=9&fst=1663736400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&async=1&fmt=3&is_vtc=1&random=163138869&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 21 Sep 2022 05:46:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash af1c090b9aa65893c6ad7d9aa6019e0a
8391cc167112fa546d55ee4d0aaf6a584f07ae13
c3fdf14de02889ed3f82501f4e36543f2adc1fddcf59cf3c8d1e09dd05c59014
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C3FDF14DE02889ED3F82501F4E36543F2ADC1FDDCF59CF3C8D1E09DD05C59014"
Last-Modified: Sun, 18 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3536
Expires: Wed, 21 Sep 2022 06:45:14 GMT
Date: Wed, 21 Sep 2022 05:46:18 GMT
Connection: keep-alive
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663739178572%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252Ftag%252F601a%252F%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663739178572%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252Ftag%252F601a%252F%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663739178572%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252Ftag%252F601a%252F%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.immigration.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663739178572&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&e637792d-bff3-4cde-8519-c4a0a448d3c2"; Domain=.linkedin.com; Expires=Thu, 21-Sep-2023 05:46:18 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220921054618e798ab98-aa33-4675-82ec-a97441638c10AQGfLUixoheIU82WfBIO04CmZ13oBLgg"; Domain=.www.linkedin.com; Expires=Thu, 21-Sep-2023 05:46:18 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjM3MzkxNzg7MjswMjFp8wsyArE02Chz8UiERxuZtw73x5VZfyPJJLNcVrZe3g==; Domain=.linkedin.com; Expires=Mon, 20 Mar 2023 05:46:18 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2387:u=1:x=1:i=1663739178:t=1663825578:v=2:sig=AQGQpMriS4ykv-459h54nJsjHihTaZ2A"; Expires=Thu, 22 Sep 2022 05:46:18 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXpKXbBLZh+mq/nBm4CYA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: AC9610E3803F49489BB83CFEEB50C9A7 Ref B: OSL30EDGE0308 Ref C: 2022-09-21T05:46:18Z
date: Wed, 21 Sep 2022 05:46:18 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fde987c85b17b2242afddd76c3fd3b62
08e87b8185fc39462e6b331d565a864df2fd5865
49bc15e88c546089cc42939f8dc9f7046f1dd98332c31cf52435586bc8ea177c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-32x32.png
132.148.112.52200 OK 788 B URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-32x32.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash c6aa6a2a07ab263497254c23bb616b8a
0c66fff3499b4f4e034ad214320b293ba66ec3bd
89f7476a2b80bf46a47a313fecef13e0e0c57d5ce4e511194db5c971666e262e
GET /nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-32x32.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en; _gcl_au=1.1.1212115511.1663739178; _ga=GA1.2.1510218616.1663739179; _gid=GA1.2.1710862586.1663739179; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Apr 2020 01:45:31 GMT
etag: "1a215a0-314-5a2bda7c864c0"
accept-ranges: bytes
content-length: 788
content-type: image/png
date: Wed, 21 Sep 2022 05:46:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-192x192.png
132.148.112.52200 OK 6.3 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-192x192.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 22088157dc6b204dde2ee845068880e5
316cf54d748255ddc055a0b40547396a944322ec
82333541f18d98b110bd0f85302b99868c2512c9a74990b4d05b026211cd9aec
GET /nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-192x192.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en; _gcl_au=1.1.1212115511.1663739178; _ga=GA1.2.1510218616.1663739179; _gid=GA1.2.1710862586.1663739179; _gat=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Apr 2020 01:45:31 GMT
etag: "1a2159c-186e-5a2bda7c864c0"
accept-ranges: bytes
content-length: 6254
content-type: image/png
date: Wed, 21 Sep 2022 05:46:18 GMT
server: Apache
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=3361911217415580&ev=PageView&dl=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&rl=&if=false&ts=1663739178932&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.1.1663739178931.2020009481&it=1663739178687&coo=false&rqm=GET
157.240.200.35200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=3361911217415580&ev=PageView&dl=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&rl=&if=false&ts=1663739178932&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.1.1663739178931.2020009481&it=1663739178687&coo=false&rqm=GET
IP 157.240.200.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=3361911217415580&ev=PageView&dl=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&rl=&if=false&ts=1663739178932&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.1.1663739178931.2020009481&it=1663739178687&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Wed, 21 Sep 2022 05:46:18 GMT
expires: Wed, 21 Sep 2022 05:46:18 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
forms.mailmunch.co/sites/542742
52.204.242.176200 OK 130 B URL HTTP/1.1 forms.mailmunch.co/sites/542742
IP 52.204.242.176:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e1cec67539f05885d5020852976640e5
90cd1975490117742b30e4b15272c189f351ba7e
111fe4916bbfcb47dbfa0bd4c9b99f9d41159ce2b083700e15aa78b29f88b690
GET /sites/542742 HTTP/1.1
Host: forms.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-MM-Form-Tool, X-MM-Coupons
Access-Control-Expose-Headers: X-MM-Comp-Tracking, X-MM-EU-Continent, X-MM-T
Content-Type: application/json; charset=utf-8
Content-Length: 130
Etag: W/"82-kM0ZdUkBF3QrMOSxUnLBifNRun4"
Vary: Accept-Encoding
Date: Wed, 21 Sep 2022 05:46:18 GMT
Via: 1.1 vegur
px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663739178572&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663739178572&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=4573033&time=1663739178572&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.immigration.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&5cf6db5f-b493-47d5-8849-4f9282ed3585"; domain=.linkedin.com; Path=/; Secure; Expires=Thu, 21-Sep-2023 05:46:19 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2387:u=1:x=1:i=1663739179:t=1663825579:v=2:sig=AQFnVEZhumCkDesOvcGHfUl9Edf_wqdy"; Expires=Thu, 22 Sep 2022 05:46:19 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXpKXbD3E75sK0XfA1mfg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 125DF7E090304E9AAC68D76B426533F2 Ref B: OSL30EDGE0308 Ref C: 2022-09-21T05:46:18Z
date: Wed, 21 Sep 2022 05:46:18 GMT
content-length: 0
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1211.min.js
151.101.86.137200 OK 16 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1211.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32005)
Hash 7b77b3d7bee1029e0448396ce9b2a5cd
597bd0afc66a54e49f6eaab08ae66fe2e5c0ecd1
c29053215fa48791043f848a5a44effa881c8625e60d33585944a166e14db01e
GET /nr-spa-1211.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: unJyFjwMueefdw98CsCPPiCQzxwwDzQR5PsqUf7i1PqDfi/S2kW9zovTM8xnmkfD3kpFuU4eggQ=
x-amz-request-id: TXTEKQ3D4T65FNTE
last-modified: Mon, 27 Sep 2021 20:46:51 GMT
etag: "a5ee6c68d7de5e7446d73910964b5c10"
x-amz-version-id: CLSa7QJ2hagEFCkLjcLamPCZ0EDdPlaV
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 21 Sep 2022 05:46:19 GMT
via: 1.1 varnish
x-served-by: cache-bma1669-BMA
x-cache: HIT
x-cache-hits: 22
x-timer: S1663739179.191550,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 16260
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 37b6097226b409c237ef99f1da688e60
71ab02ee2fd165ba99e9b964a1a3e5055c88224b
ab0e339aa9b34926c6fb4e1191e121febe026996f1cb0bc05ecb187a69653282
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6350
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Sep 2022 05:46:19 GMT
Last-Modified: Wed, 21 Sep 2022 04:00:30 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=4835&ck=1&ref=https://www.immigration.net/tag/601a/&be=4185&fe=4738&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663739174403,%22n%22:0,%22f%22:1166,%22dn%22:1166,%22dne%22:1168,%22c%22:1168,%22s%22:1318,%22ce%22:1616,%22rq%22:1616,%22rp%22:2515,%22rpe%22:2666,%22dl%22:2524,%22di%22:3973,%22ds%22:4008,%22de%22:4043,%22dc%22:4734,%22l%22:4735,%22le%22:4742%7D,%22navigation%22:%7B%7D%7D&fcp=3756&jsonp=NREUM.setToken
162.247.241.14200 OK 77 B URL HTTP/1.1 bam.nr-data.net/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=4835&ck=1&ref=https://www.immigration.net/tag/601a/&be=4185&fe=4738&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663739174403,%22n%22:0,%22f%22:1166,%22dn%22:1166,%22dne%22:1168,%22c%22:1168,%22s%22:1318,%22ce%22:1616,%22rq%22:1616,%22rp%22:2515,%22rpe%22:2666,%22dl%22:2524,%22di%22:3973,%22ds%22:4008,%22de%22:4043,%22dc%22:4734,%22l%22:4735,%22le%22:4742%7D,%22navigation%22:%7B%7D%7D&fcp=3756&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
GET /1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=4835&ck=1&ref=https://www.immigration.net/tag/601a/&be=4185&fe=4738&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663739174403,%22n%22:0,%22f%22:1166,%22dn%22:1166,%22dne%22:1168,%22c%22:1168,%22s%22:1318,%22ce%22:1616,%22rq%22:1616,%22rp%22:2515,%22rpe%22:2666,%22dl%22:2524,%22di%22:3973,%22ds%22:4008,%22de%22:4043,%22dc%22:4734,%22l%22:4735,%22le%22:4742%7D,%22navigation%22:%7B%7D%7D&fcp=3756&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 21 Sep 2022 05:46:19 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74e07fee6dde0b49-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=343922d3ab0ebd44; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5044&ck=1&ref=https://www.immigration.net/tag/601a/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5044&ck=1&ref=https://www.immigration.net/tag/601a/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5044&ck=1&ref=https://www.immigration.net/tag/601a/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 326
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 21 Sep 2022 05:46:19 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74e07fef7e9e0b49-OSL
Access-Control-Allow-Origin: https://www.immigration.net
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.3.0
132.148.112.52200 OK 0 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b41a11-2048e-5e700677cdab2-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
a.mailmunch.co/forms-cache/542742/settings-1663681080.json
143.204.55.29200 OK 0 B URL HTTP/2 a.mailmunch.co/forms-cache/542742/settings-1663681080.json
IP 143.204.55.29:0
GET /forms-cache/542742/settings-1663681080.json HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Tue, 20 Sep 2022 15:08:35 GMT
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Tue, 20 Sep 2022 13:38:13 GMT
etag: W/"1cd542084896d4f46dd12168f42e8113"
cache-control: max-age=31556952
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PYUaiu6QcuRoRUIuRjO_1vNyiZDCLpeGkc-CX_JDYoqVnfMs5HsNVw==
age: 52665
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.min.js?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2
132.148.112.52200 OK 0 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.min.js?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
GET /nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.min.js?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:49 GMT
etag: "28e0421-4d71d-5e90a2a25e20f-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/javascript
date: Wed, 21 Sep 2022 05:46:17 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,400i,700,700i&subset=latin,latin-ext&display=auto
216.58.211.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:400,400i,700,700i&subset=latin,latin-ext&display=auto
IP 216.58.211.10:0
GET /css?family=Lato:400,400i,700,700i&subset=latin,latin-ext&display=auto HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 21 Sep 2022 05:46:17 GMT
date: Wed, 21 Sep 2022 05:46:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,700
216.58.211.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,700
IP 216.58.211.10:0
GET /css?family=Open+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 21 Sep 2022 05:46:17 GMT
date: Wed, 21 Sep 2022 05:46:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2