Report - www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

Report Overview

Submitted URL
www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
IP
172.67.175.209
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-11 21:16:58
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
www.risewell.sa.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15 kB	214 kB	104.21.83.119
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	95.101.11.115
p.typekit.net	620	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	426 B	357 B	184.31.15.48
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.25
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	59 kB	34.120.237.76
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	1.3 kB	142.250.74.174
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	596 B	713 B	142.251.1.155
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	95.101.11.115
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	43 kB	142.250.74.72
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.80.131.74
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.8 kB	142.250.74.3
www.schoolofsquirt.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	395 B	7.9 kB	74.121.205.60

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-11	medium	www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=UA-22484186-3	108 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=UA-22484186-3 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:52:45 Last Seen2023-03-07 14:52:45 Times Seen1 Hash 637296929b4001c75ca8eac2a315f8cb 181a694021eb076eb492a642ff991ef7f4bfe3ed 4fea62ae39470ca54e87e7643bfe8cec4708ab88a6a051310c74bce22bd3ada6 Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/sticky.js	8.5 kB	2023-03-07	2023-12-09
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/sticky.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:18 Last Seen2023-12-09 22:28:11 Times Seen19 Hash 8529d83b54e8df9b2b9cf7167a711c26 40d85cba1773f4ca7bcbae2f84e37d822dfef244 0cf678c930e404a259cde8363532ab40f706f6e79d568977775d377a40404004 Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/main.js	7.3 kB	2023-03-07	2024-05-10
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/main.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:18 Last Seen2024-05-10 04:52:03 Times Seen299 Hash 9a78d8d0a506805bae156c43e6a64b80 c0f1523518530fbb97d919fdb37314a95998e891 c0901279dec1117310802c450665b34a60788da4a00e066d2de367327cd13456 Loading...

	www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a	154 B	2023-03-07	2024-04-30
Pretty URL www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:24 Last Seen2024-04-30 19:23:37 Times Seen55 Hash ea6fb5829b8b3345ad595b21c0eaedb0 2c6c4609804f99e09ad777a308eaf4f26ec04474 5be5ed06f4b849d7af02562365acb798fac639c00cf9e2e2dd1fbb0df5068cad Loading...

	www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a	2.1 kB	2023-03-07	2023-03-17
Pretty URL www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:18 Last Seen2023-03-17 12:29:33 Times Seen1 Hash ee07ec334a5ae0eea66ed29e8d7a64af bdddcb6161a6eacb5236ea5eb5669a718c957512 ad53d7cd84c7426c8c818e243b41dca62cba59216006697d26a38690fc5cbf32 Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery-migrate.js	11 kB	2023-03-07	2024-05-11
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery-migrate.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-11 01:26:12 Times Seen69213 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a	319 B	2023-03-07	2023-03-07
Pretty URL www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:52:45 Last Seen2023-03-07 14:52:45 Times Seen1 Hash c9e9e8b5e6431408eac733e97194efea bf1b7a9cf68c38a8f8923238e6c73b9b1acd1520 36f405fc7ebe454341ecde4dbd9754abfacc2ef6e015ae49163efbd191185879 Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery.js	90 kB	2023-03-07	2024-05-11
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:17 Last Seen2024-05-11 01:26:12 Times Seen9597 Hash b6f7093369a0e8b83703914ce731b13c d1889f5c173c2a4b20288f1f84758599afd346ef 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827 Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/masonry.js	24 kB	2023-03-07	2024-05-11
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/masonry.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:57 Last Seen2024-05-11 00:02:47 Times Seen15519 Hash 3b3fc826e58fc554108e4a651c9c7848 76778fd446e2ff2377588a7b4ac4d79f258427c9 e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/front.js	6.1 kB	2023-03-07	2024-05-05
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/front.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:56 Last Seen2024-05-05 21:06:47 Times Seen1107 Hash db6afe5fc3125bfbb7631cdc894f95f7 cec78215c216e4bc1c03c1393f459fe1c972ee84 4b179562b883c1257aabbad3a5641f965dd7331faa31fe06382a5d8c62d5ee19 Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/e-202115.js	9.0 kB	2023-03-07	2023-11-07
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/e-202115.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:18 Last Seen2023-11-07 11:17:14 Times Seen5 Hash ba6f15831404dc46da2dde617bda1653 1f356c00c142acab972807baee47fd3f54c9cb11 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2 Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/gtm.js	95 kB	2023-03-07	2023-03-17
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/gtm.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:18 Last Seen2023-03-17 12:29:33 Times Seen1 Hash 69d1a4e5e32a64c69f67154615311a3a 44ba5c623eef9add5bcd4d6edfd76c5891a54c95 6da09b4fc38a23e1e5ed617fab5bba5541664cc2f320cc477db9a7f265620368 Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/analytics.js	49 kB	2023-03-07	2024-04-28
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/analytics.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:18 Last Seen2024-04-28 19:07:36 Times Seen110 Hash 6df1787c4be82d1bb24f8bffa10c7738 3634e839429e462e49c5f42b75fbfb4ba318af6d 2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/wp-emoji-release.js	14 kB	2023-03-07	2024-05-11
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/wp-emoji-release.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:17 Last Seen2024-05-11 01:26:12 Times Seen7978 Hash eaa8641bcda2371f4024a71fbb67de3b 0e46c39d3821683c856605a82254115f9a6a7792 0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c Loading...

	www.risewell.sa.com/clicks/SquirtingSchool2_files/imagesloaded.js	5.6 kB	2023-03-07	2024-05-10
Pretty URL www.risewell.sa.com/clicks/SquirtingSchool2_files/imagesloaded.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:40 Last Seen2024-05-10 18:21:16 Times Seen31136 Hash 3a56752b736635bf69cb069b8818cbfd 42e0951fe74bb3f56a30f51291823bcd4a84d76e ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869 Loading...

	www.risewell.sa.com/jquery-1.11.0.min.js	96 kB	2023-03-07	2024-05-10
Pretty URL www.risewell.sa.com/jquery-1.11.0.min.js IP 104.21.83.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-05-10 22:40:05 Times Seen18781 Hash 8fc25e27d42774aeae6edbc0a18b72aa b66ed708717bf0b4a005a4d0113af8843ef3b8ff b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Loading...

	www.schoolofsquirt.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7	19 kB	2023-03-07	2024-05-10
Pretty URL www.schoolofsquirt.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7 IP 74.121.205.60 ASN #394303 BIGSCOOTS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-05-10 20:32:53 Times Seen38257 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

HTTP Transactions (55)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 20:48:35 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IHF_4RtsKPIG_Y5A7p-OiAU9g9hIrI_spQrsIp0-qqBkHc15qYvklA==
Age: 1692

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8400
Expires: Sun, 11 Sep 2022 23:36:47 GMT
Date: Sun, 11 Sep 2022 21:16:47 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.25

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.25:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RpY_SNp-nv2Amz8UKE66MaUmMS0HYMMp7Ge9-QTcVKKT0MGHrINefA==
age: 50375
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 11 Sep 2022 21:16:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 20:56:07 GMT
Expires: Sun, 11 Sep 2022 21:30:08 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iCxJ60Liop2zTsFZEA3Pu0WwIpXsc3e-9BUvSeq4oQjejHi2TdOcng==
Age: 1240

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
26e829ba5f754918e20cbd316dc4348e
ba198501da0812dd11ca3b38a51325b5de6cfa60
4352c25d4af7637a8435b0df6d042fc606d37a348e966b99fecce8a853b8ebc0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3010
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:16:47 GMT
Last-Modified: Sun, 11 Sep 2022 20:26:37 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.80.131.74

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.80.131.74:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VbRZbyMD1yi0xHb2Yy+1yA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WmnjmK+X+PS/xfwWWpQ4CHeopFg=

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8158
Expires: Sun, 11 Sep 2022 23:32:47 GMT
Date: Sun, 11 Sep 2022 21:16:49 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8158
Expires: Sun, 11 Sep 2022 23:32:47 GMT
Date: Sun, 11 Sep 2022 21:16:49 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8158
Expires: Sun, 11 Sep 2022 23:32:47 GMT
Date: Sun, 11 Sep 2022 21:16:49 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7519 bytes)
Hash
bb1a86dcf94db0a29a6ebe21866766d4
b3491a6f12c97c8e1848a206a185fae29213c1e5
d05619e519fed6c0b6c0616cf540908006a68f127b25e38fb9d041dfe2546df4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7519
x-amzn-requestid: 8d8a8df6-abf5-45dd-8d78-de5ae715a9d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_UNEoWoAMFRLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631845b4-0101ca7a09e432f305aa7066;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:18:12 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Z0Z4IozbbythqWA7mNaqtO4NWbLi1zL2G6HmMGP0c9VqIzMugvVh_Q==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 00:00:49 GMT
age: 76560
etag: "b3491a6f12c97c8e1848a206a185fae29213c1e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8171 bytes)
Hash
eee5b4d617dab6f10d7053f5c4f4e98e
6c728c56797ba921e8001919df4d36e56dd37e54
76a53e2c81ec8da2bc469760b2c57098d587c6a36fa70e5b7c743a224a47d362

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8171
x-amzn-requestid: a3eb931f-cd71-4738-acb1-4398fc09f453
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOa7QGqoIAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c0b7b-2a6ed8ca00a0a0640110cf5d;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:58:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QuUPVSWCQk9z9xI03trHifaWzOi5TqBZHLena93lrxhjlAG1PICKKA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 12:19:15 GMT
age: 32254
etag: "6c728c56797ba921e8001919df4d36e56dd37e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8485 bytes)
Hash
e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 22:14:30 GMT
age: 82939
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6889 bytes)
Hash
57d797a1c3f6589746a1135bdb19f54f
7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mNvNO0HJjZ1zwPKcjfqiVOnCL0CYXc8BPDSFbV6MXVW71IVt-2K3mQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:54 GMT
age: 84595
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13568 bytes)
Hash
8625e0707046e7a3715a8dbb40b1cae2
0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13568
x-amzn-requestid: a2fadcbe-350b-4a06-9f9c-ee2da40bb285
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEESeHA_oAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317e742-4740aa3f4ebd479e7a4886ed;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 00:35:14 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: jbF2ZaJUhIoJV-o4f6iviFyUnoDW4R0KHTfC5NySmITnsLbD5iJrPQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:11 GMT
age: 84998
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7635 bytes)
Hash
4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ILut4hEDJbs6jNr3wpPST1HgAYMabIT7cdZebRFETn8lL_QfS92KBA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 84975
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

104.21.83.119

200 OK

527 B

URL HTTP/1.1
www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
527 B (527 bytes)
Hash
12e9e8bcb12b1920a28bed0802ed4c00
7697c98b8d8441d73f4903d325fb762ee865e0b5
0b1f06ee3af140d95d47081cbaaac4427050a0f734ce95ea480e8311d3d2264a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nK3d%2B5BoIrTfwyW92Eg%2F9MPt2gAWZQ8P9CjBLo8k0mootffKWK1eT2t7RMpXpAbb1agdICGHg702X3iC%2Fyn%2BhRsdteEzXrQ%2BW9fMVZbhCvcuDSC7P%2F0qrXTJZltYNhaVKajw7LH2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74936d2a5a520b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c3d8032059a24d14d00c2ee5d8840c01
62efae1ea6aaea612a12d42b6e5b65d24be11437
2319fe90c8b4d3cc41ec9cce275c82d19fb764015196bd1c52dfb9c5d85b9b0b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:16:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-22484186-3

142.250.74.72

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1615)
Size
42 kB (41911 bytes)
Hash
60af81295b83155efd7d1610bcf994e0
4285e2890b091f5f205bd818689279af2e4978fb
622cb81412f765765160e1bc87b17fdf87f67d69c07a5a7d9bf4b4c5b053f9f7

HTTP Headers

GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 21:16:49 GMT
expires: Sun, 11 Sep 2022 21:16:49 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41911
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c3d8032059a24d14d00c2ee5d8840c01
62efae1ea6aaea612a12d42b6e5b65d24be11437
2319fe90c8b4d3cc41ec9cce275c82d19fb764015196bd1c52dfb9c5d85b9b0b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:16:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.risewell.sa.com/jquery-1.11.0.min.js

104.21.83.119

200 OK

33 kB

URL HTTP/1.1
www.risewell.sa.com/jquery-1.11.0.min.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32341)
Size
33 kB (33436 bytes)
Hash
95fe3f4dd117c33f6015e1c3d6df1d0d
d5b8856932d1ea63f51824de0bb50670d2e960bc
e6945ac3f1927f242a9fd7a5cf67720f7763888127a7427eb24ffc52019d4b16

HTTP Headers

GET /jquery-1.11.0.min.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:03:39 GMT
ETag: W/"62e8238b-1787d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UYknIVoNoW2c%2B1plKO1JMdry8O4JkoRUMc6YiT1fQv2gHSeMFld5U9k2fIa45GRZdviA6MVpl%2BlCHPKhXcidAFMmLc6fGBzUkWjqgQEektqj1J88OcApZiEcsgS0dBK0KH%2FdZap7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d3a09f80b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

e1.o.lencr.org/

95.101.11.115

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
77ee53c2a0019fd530059dccea14692b
8c0eeac2340a43d03fea2f71c6c6436f0a084502
d516df540b596ed030fff4de1aff89b98a83b29c601b0394e95784f7dfb957fc

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D516DF540B596ED030FFF4DE1AFF89B98A83B29C601B0394E95784F7DFB957FC"
Last-Modified: Sun, 11 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 12 Sep 2022 03:16:50 GMT
Date: Sun, 11 Sep 2022 21:16:50 GMT
Connection: keep-alive

e1.o.lencr.org/

95.101.11.115

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
77ee53c2a0019fd530059dccea14692b
8c0eeac2340a43d03fea2f71c6c6436f0a084502
d516df540b596ed030fff4de1aff89b98a83b29c601b0394e95784f7dfb957fc

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D516DF540B596ED030FFF4DE1AFF89B98A83B29C601B0394E95784F7DFB957FC"
Last-Modified: Sun, 11 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Mon, 12 Sep 2022 03:16:50 GMT
Date: Sun, 11 Sep 2022 21:16:51 GMT
Connection: keep-alive

www.risewell.sa.com/clicks/SquirtingSchool2_files/screen.css

104.21.83.119

200 OK

451 B

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/screen.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1156), with no line terminators
Size
451 B (451 bytes)
Hash
9cbb12ded165859b75441a829fb683af
1e85f7bd7f0fa9dbc53157bbead5eb703c502db8
3dba212407392e05ef866072e63f519c9ef7365ea376cb5a8824e77726a6759b

HTTP Headers

GET /clicks/SquirtingSchool2_files/screen.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:53 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-484"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9zaFeExgynjniQ4EVxmcZ8w3pRFKycSGStfJnc1Vd1ox%2FYSIpDAc7V9afDNb7wZSpUpt1uNz%2BKSgRJ6bu8Z%2FB%2Bg0bvwDzCvsOxPRswzuMC8HCQ6lkvywAVnfVK77TuTdMV%2FdyJi3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51d933b50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/gtm.js

104.21.83.119

200 OK

35 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/gtm.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1769)
Size
35 kB (35077 bytes)
Hash
0836fe24cc27b8bb4487f54b58f02862
0d15857b796c032367c80f9896619f90d93e72dc
ddb1db449d1988abbfe8e4a0aa6aa347ce62f14deeb486469691e324547dd72a

HTTP Headers

GET /clicks/SquirtingSchool2_files/gtm.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-1745f"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DxVLJBpDp5NdAL%2FS%2BtxgGw1k0iEc6niMAq%2FHFUIJlhFBdgFo2VSsOuSIfZWnbvDPd2e%2FWnf%2FNDB8LfaBRqsYPBs1qUQixHn6GJ8Dxwy0icupsKSRzxsW38FgLWxj5TrEaRSdaAGN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51ab4f1c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/wp-emoji-release.js

104.21.83.119

200 OK

4.7 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/wp-emoji-release.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (11272)
Size
4.7 kB (4657 bytes)
Hash
71b6d75cd4e93368516cec04a93790f8
d274862e4ee8bea24bf1d6d6f8f1e231abd778c2
7f1d272195370f3d6541779815b23d961b1cb9474d3bf57786f9844840083596

HTTP Headers

GET /clicks/SquirtingSchool2_files/wp-emoji-release.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:53 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-3795"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xNrJEIRQ0%2FK8j62qy0r9pNRNMUCtOnIBh00JvY0x5rqyUJFW1Y8BFFAFCtAVoED1NzNqjHHfnH36R92vAtIGFP7GjlkxlzZI%2BuRsj1oApMLqf0wfhVbfNOgK3nKB66Tv5mAnp%2Bl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51bc6bb505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/style.css

104.21.83.119

200 OK

8.6 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/style.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (29677)
Size
8.6 kB (8609 bytes)
Hash
9fb5134f2a659735f48ff96b78196847
9c39894b8e981273e4a45754f8f3ad93e8955522
28d1eb4db568bac23b22b4f660dce0bbf0adbf2de7114fffa8249b4e2f59acc1

HTTP Headers

GET /clicks/SquirtingSchool2_files/style.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:53 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-e33b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0dQCza1Mdz5XOFo00JhFKVniJxNsTS6NAF8yUPxff1r9e6351KwSp9TAkKTE6UCLsig0o%2FhtqhaXtz%2BV91wYXTIMnSMAferc0F1Wz7shy11kNyTwqwgtovbacn7lSNkwCZajN3q1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51d8280b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/style_002.css

104.21.83.119

200 OK

5.1 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/style_002.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (21866), with no line terminators
Size
5.1 kB (5099 bytes)
Hash
83f8bf595ce89616b8f84b08029c4bf4
b96af70e68a3bae9b4f40a6f1f72387e63e075fc
9cd4310731c9a1edb3d464f1758bf914b91211f293144015e32eb17509b2a016

HTTP Headers

GET /clicks/SquirtingSchool2_files/style_002.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:54 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-556a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IKYV4V62xv3ZoMOZ7zIv%2FY03%2B%2FyTb8JcB4T8yYJOhJTExYrg0KGe5528KKGa0UboSCxMfSsizCkIQasNyyjvnhUZJoreBU%2F8WK%2Byjdr0ufU78k1RVwfEnUtOKK3SffoWoLGs0MxS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d54b824b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/offer.php?id=314&sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

172.67.175.209

200 OK

14 kB

URL HTTP/2
www.risewell.sa.com/offer.php?id=314&sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
IP
172.67.175.209:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (309)
Size
14 kB (14169 bytes)
Hash
75098e495fd25cdaaf41ce8880e2ff12
7fd4919a3f091e777338119ef03ed848000afa9f
d6bfed69c4d00fa3a4adab4ef23431a58ea99457bcc33bad65c16c7ea9ae906f

HTTP Headers

GET /offer.php?id=314&sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 11 Sep 2022 21:16:51 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.25
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2VfhAdzCXBvl6jmlSCr6bQa9Kg4Z1woIlW2hBqVkAOpRFr4OVQ2tOBAuN9ycDbku%2FL7z8YbuzY7f26US4tMi7sExhh5NlImjT9d90u8r3fCJeDMdexRVPPTtBUy5xfWuTfUqYPny"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74936d420acf1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.risewell.sa.com/clicks/SquirtingSchool2_files/analytics.js

104.21.83.119

200 OK

20 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/analytics.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1325)
Size
20 kB (19637 bytes)
Hash
e05cd91b4da4b637a86022978482730a
2e496d2c1af77dab8b487a211516c4c774429abc
4372a296d6c3ad1e561a80e226b58d429199f0b174b4df22771c888a03bc87d1

HTTP Headers

GET /clicks/SquirtingSchool2_files/analytics.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-c001"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d2ooImd9Baz1F%2B9cLeBUZ3eXaNMNIFMSQNXVkISkK09KoazAv9wnBmizLB%2F5g3rpMMy5NrIterUOG50IqSO18UiaOeM6dixgDHWMva32LK4dw%2BTMQokufE7%2B5zdlcXEAq7U3nmEy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51bd4fb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.google-analytics.com/j/collect?v=1&_v=j90&a=1602247781&t=pageview&_s=1&dl=http%3A%2F%2Fwww.risewell.sa.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D993058%26h%3Dd-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa%2Fxii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=YEBAAUABAAAAAC~&jid=1771647634&gjid=1042182507&cid=1512030959.1662931003&tid=UA-22484186-3&_gid=799282715.1662931003&_r=1&gtm=2ou970&z=1706169243

142.250.74.174

200 OK

2 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j90&a=1602247781&t=pageview&_s=1&dl=http%3A%2F%2Fwww.risewell.sa.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D993058%26h%3Dd-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa%2Fxii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=YEBAAUABAAAAAC~&jid=1771647634&gjid=1042182507&cid=1512030959.1662931003&tid=UA-22484186-3&_gid=799282715.1662931003&_r=1&gtm=2ou970&z=1706169243
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
cc7a1e792bca8ccb1946b7a07f6dbc03
11a2757082428311f587b7664fa9840376137f80
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

HTTP Headers

POST /j/collect?v=1&_v=j90&a=1602247781&t=pageview&_s=1&dl=http%3A%2F%2Fwww.risewell.sa.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D993058%26h%3Dd-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa%2Fxii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=YEBAAUABAAAAAC~&jid=1771647634&gjid=1042182507&cid=1512030959.1662931003&tid=UA-22484186-3&_gid=799282715.1662931003&_r=1&gtm=2ou970&z=1706169243 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.risewell.sa.com
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://www.risewell.sa.com
date: Sun, 11 Sep 2022 21:16:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/j/collect?v=1&_v=j90&a=1602247781&t=pageview&_s=1&dl=http%3A%2F%2Fwww.risewell.sa.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D993058%26h%3Dd-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa%2Fxii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=YEDAAUABAAAAAC~&jid=1824654678&gjid=1526907528&cid=1512030959.1662931003&tid=UA-50355398-1&_gid=799282715.1662931003&_r=1&gtm=2wg5c1WQK7ZT&z=973672037

142.250.74.174

200 OK

1 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j90&a=1602247781&t=pageview&_s=1&dl=http%3A%2F%2Fwww.risewell.sa.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D993058%26h%3Dd-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa%2Fxii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=YEDAAUABAAAAAC~&jid=1824654678&gjid=1526907528&cid=1512030959.1662931003&tid=UA-50355398-1&_gid=799282715.1662931003&_r=1&gtm=2wg5c1WQK7ZT&z=973672037
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?v=1&_v=j90&a=1602247781&t=pageview&_s=1&dl=http%3A%2F%2Fwww.risewell.sa.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D993058%26h%3Dd-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa%2Fxii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=YEDAAUABAAAAAC~&jid=1824654678&gjid=1526907528&cid=1512030959.1662931003&tid=UA-50355398-1&_gid=799282715.1662931003&_r=1&gtm=2wg5c1WQK7ZT&z=973672037 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.risewell.sa.com
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://www.risewell.sa.com
date: Sun, 11 Sep 2022 21:16:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.risewell.sa.com/clicks/SquirtingSchool2_files/sticky.css

104.21.83.119

200 OK

482 B

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/sticky.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1869), with no line terminators
Size
482 B (482 bytes)
Hash
72c3bf996dd5aef0ecb40d656c74088a
1afb023c6cbbad030079e8f640b9132e10305e30
c1ca5b2f6c5f9b6f65cbba9cf8fe7b63c36c2d79b9c47df6c9dd6ee974989241

HTTP Headers

GET /clicks/SquirtingSchool2_files/sticky.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:54 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-74d"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwIFYZWP7JP9qfucklGAC2kRveaI9YJ%2B26deR4OyQT6jGdqKG%2BIwPD1j14B5inIG1asG7HhMVSb%2F94byt8JFEVO%2Fak3OCzIzcPxcb42pSVTj%2BXFwQaLXkl7wSM6DPqzxpfc2XJO%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d573cdbb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/style_003.css

104.21.83.119

200 OK

110 B

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/style_003.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
110 B (110 bytes)
Hash
c0ce07835cc3940928c3e6bd8d501dee
9da1f52b500128d489a43a63b6c40bd3c731be88
cc7cee1a2fe3834abcd828389484f777ddaeda38f477091c8b7479057de799e1

HTTP Headers

GET /clicks/SquirtingSchool2_files/style_003.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:54 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-6b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PLRmloZFB2%2BFfDLqI%2FMQoRBR2TnmdB8JRSgletxtAe8aFktLxQoZic4TMQ0Rix0U3xW8q7uos%2B%2BqX2N4x8EaXNiQi3GiFFAYPiMZQif9OuSN6gJ3hsxQ3pP8jCZbiAGJKbU8n2eF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d573ef70b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
324364e9311c1f7cb5e4068f3d947d5d
ddb00dc97404cee267838983ce8bb4ae48d6647a
d6cc296b22c48f9e7bb3a905dd9e899441ae7c29faec4a62e71628e1f23d61a2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:16:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-22484186-3&cid=1512030959.1662931003&jid=1771647634&gjid=1042182507&_gid=799282715.1662931003&_u=YEBAAUAAAAAAAC~&z=111907851

142.251.1.155

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-22484186-3&cid=1512030959.1662931003&jid=1771647634&gjid=1042182507&_gid=799282715.1662931003&_u=YEBAAUAAAAAAAC~&z=111907851
IP
142.251.1.155:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-22484186-3&cid=1512030959.1662931003&jid=1771647634&gjid=1042182507&_gid=799282715.1662931003&_u=YEBAAUAAAAAAAC~&z=111907851 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.risewell.sa.com
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://www.risewell.sa.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 11 Sep 2022 21:16:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
324364e9311c1f7cb5e4068f3d947d5d
ddb00dc97404cee267838983ce8bb4ae48d6647a
d6cc296b22c48f9e7bb3a905dd9e899441ae7c29faec4a62e71628e1f23d61a2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 11 Sep 2022 21:16:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.risewell.sa.com/clicks/SquirtingSchool2_files/unsemantic-grid.css

104.21.83.119

200 OK

2.2 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/unsemantic-grid.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12551), with no line terminators
Size
2.2 kB (2214 bytes)
Hash
32b7e5a2b0fe6a7e72680d51da96ea2a
ef8af7f6261e77158293a4f6d9a012c33695c541
214a39b0b08579b9821d5c676de0d9c646786e5ce2a82c66cdfa4ba538efeb8b

HTTP Headers

GET /clicks/SquirtingSchool2_files/unsemantic-grid.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:54 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-3107"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xDvpjuAedMDce4QXFUpUbl1Fny0XO5M5ttKbp%2BJJWohMa6y1xqbHZQCxPcGfyyGPSxmj3idXfA%2BBekH6LGXQ9SmoV1K3Eo0ShHaOZEjPOjUA954AQlpIbE22jTolrh2%2FLxwXAVx6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d543ddf1c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/mobile.css

104.21.83.119

200 OK

1.1 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/mobile.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3781), with no line terminators
Size
1.1 kB (1126 bytes)
Hash
776786ab3f58f5c0eb2ca63a9628e73c
7d74cddc365ed8bcd306d054655dfb2e9c38602e
d456ed7b3f59cfe6efa0aa068ad0e382e9436f95c6287f17998d223c10215ca4

HTTP Headers

GET /clicks/SquirtingSchool2_files/mobile.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:54 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-ec5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMCoYFhc05NvpQ%2BnfbOIiVNN8fiP2FMwKD4UHY0xQYg7wPpCsOy5UwsrRbMeabhmzX28eSt1KHkUtEwPdsBECCOhrWnFxTwVcEkNN1lPLm%2F1%2BmuW11DM%2BKEnwajUFTgxqh1UDahg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d54fb530b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery.js

104.21.83.119

200 OK

31 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65451)
Size
31 kB (30908 bytes)
Hash
de51a7f2c2c244ceb7103216144f03dc
9545e4547e01b6fcabebdfa08c2d75089808fbee
10b58517301b7a47ed1354030c9b652a1d96259d24e1e1b4c4b1aa33b94682ee

HTTP Headers

GET /clicks/SquirtingSchool2_files/jquery.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-15d98"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjyjGxyUeKPTa%2BdniRdJllRnSsjaFOwZiWPxfQkHxVvtgmEfpmmDO7PnA6SLUxjJXLFL%2FC6P%2FK5MHITd2ycO50L43PVpe84V55zbYBTR8sMC89QNNckr%2Ff4J9OX4ew4k6B%2BWZfIr"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d591b1c1c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/jetpack.css

104.21.83.119

200 OK

14 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/jetpack.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (21094)
Size
14 kB (13743 bytes)
Hash
fa0206609d148e4d384589bd7a57cdfa
d9a87ad4fec075a6c03ead16f5ee5c72a85d1d5f
c1d6b2d7e92a2d4499ddbb71d3810ae3acd7efe3500f45972e8f07c0da46f403

HTTP Headers

GET /clicks/SquirtingSchool2_files/jetpack.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:54 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-12f9f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=waDGPamTU6q7zI%2BgLBqCNlix%2Fd0gJVMIiMzTVgFDBBjQJ%2F5lUDuEU9o03GNIUMLRuPCeNeEwdBkmZQiP6%2F4VjCjYSXGJA3tV3r6E9fxYDcXpqObhksEJnBfdPGssOktHwYyM3QfD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5848330b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/font-icons.css

104.21.83.119

200 OK

747 B

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/font-icons.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2782), with no line terminators
Size
747 B (747 bytes)
Hash
bd44afb37826464e574701ae847b16c2
8a5a06edf34aeadf78e755379f7d6be8bff5e048
1e26ba685f20d10f19b5bf8a9e354a6d09786a1a12b9f45b0767f73ae52fd490

HTTP Headers

GET /clicks/SquirtingSchool2_files/font-icons.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:54 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-ade"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5J4ZDVKns5zX3p9dsjPBqT9WhlpxQTK7gEGhaT4sb8pWwy96IKOFqVAslqppXuS3UM9TGyIr6Af%2FYduskjqJPXgxRcKosAZpin8jRQLJTJsnL8u2JmxAOEKFwaTlzz7K5so8cbvM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d55fa29b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/edc2avj.css

104.21.83.119

200 OK

705 B

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/edc2avj.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (516)
Size
705 B (705 bytes)
Hash
74bf8e45d66b7014769ab20b05350661
ad1ef70c0dc132a6b3ff0f89be04d4bc4115b91a
752723aeb62873f2e7dd0a681e2d14b7ba1c3e1ff02c0058c87a7cd1da2c3c56

HTTP Headers

GET /clicks/SquirtingSchool2_files/edc2avj.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-cae"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FU%2FwcUc7CPjfZo4eS7SyTHOgpEo0PSAcgcsv%2Be27Cm6RlMFKGdvZCx5u27ILxNQaRcTu43YDwmJUzS7huGtbmjF8SP2O6TDPXLuyFSDcuyJwEDuue%2FKSfFwMr9SqGlFV30IUh3%2BC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5a3c321c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/menu-logo.css

104.21.83.119

200 OK

504 B

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/menu-logo.css
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1656), with no line terminators
Size
504 B (504 bytes)
Hash
20c4b619c52f48f55d451eebf6c7ad4e
4796ec4c04c717364aa60b8c0b249caa309ececf
d56b5b82cda9c72fa1bb91012f2a50da264453411fe661580e4b7df2199d5b50

HTTP Headers

GET /clicks/SquirtingSchool2_files/menu-logo.css HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-678"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHATsO63ki6i%2ByHFmYyQss19NSRFNPj6gZqxHZgxSWgwAu32pga0fsc%2FRo87xLPyzhrOBNPGjOa9IrhYeU%2F768yQIPOb760uEmPQ28dKKBRudpR2M%2BXEN7KVirr8uBmQEykI1Grt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d581dfeb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

p.typekit.net/p.css?s=1&k=edc2avj&ht=tk&f=139.140.175.176&a=13090676&app=typekit&e=css

184.31.15.48

200 OK

5 B

URL HTTP/2
p.typekit.net/p.css?s=1&k=edc2avj&ht=tk&f=139.140.175.176&a=13090676&app=typekit&e=css
IP
184.31.15.48:0
ASN
#20940 Akamai International B.V.

File type
ASCII text
Size
5 B (5 bytes)
Hash
83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

HTTP Headers

GET /p.css?s=1&k=edc2avj&ht=tk&f=139.140.175.176&a=13090676&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css
cross-origin-resource-policy: cross-origin
etag: "613bee4d-5"
last-modified: Fri, 10 Sep 2021 23:46:21 GMT
server: nginx
content-length: 5
unused62: 8096267
date: Sun, 11 Sep 2022 21:16:55 GMT
X-Firefox-Spdy: h2

www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery-migrate.js

104.21.83.119

200 OK

4.2 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery-migrate.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (11126)
Size
4.2 kB (4165 bytes)
Hash
0d5bb2a36d1fc2e095235bc201eb5579
98f0154e2ed5322a9f65077f954868d6c800b337
fe6382620c35c12aa4f3f96fe395e5813defe330c1d95fd3de1e94f8f5d1f0a5

HTTP Headers

GET /clicks/SquirtingSchool2_files/jquery-migrate.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-2bd8"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8YG3elsvbjmDIweEUik0rqa6TDeDVD4kIP5BfKVBli1vZNS1je6ms304d5s7gph6s5Nwi34EWs77kV9WGH8vF%2FtUXNh3bKoBllHdZC2UAOkHNIBM8%2FwfBAS9%2BxARWDt4opWED5TD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5a096c0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.schoolofsquirt.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7

74.121.205.60

200 OK

7.4 kB

URL HTTP/2
www.schoolofsquirt.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7
IP
74.121.205.60:0
ASN
#394303 BIGSCOOTS

File type
ASCII text, with very long lines (15660)
Size
7.4 kB (7439 bytes)
Hash
d2e6e1e9e4832fdeec5942afb98e16d5
c59b3a8dc3dcf9528e4172f031106eb486ff8c65
6e3776830350a59137963ba6ed073fecb1a5b532736dc5756ad1c25b0f39e352

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=5.7 HTTP/1.1
Host: www.schoolofsquirt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 11 Sep 2022 21:16:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 25 May 2022 12:55:05 GMT
vary: Accept-Encoding
etag: W/"628e2729-48b9"
server: nginx centminmod
x-powered-by: centminmod
x-hosted-by: BigScoots
cache-control: public, must-revalidate, proxy-revalidate, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=604800
content-encoding: br
X-Firefox-Spdy: h2

www.risewell.sa.com/clicks/SquirtingSchool2_files/masonry.js

104.21.83.119

200 OK

7.4 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/masonry.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (23966)
Size
7.4 kB (7368 bytes)
Hash
6ce3f21f929ba0582a1aebcac0392fe6
b328e3a868d0e515fecd0b9c1fe273ba893d9cc0
7cd5ef9624b8a0425c875c005df78cb5626b23c4a9526b0668ec278cd17e4517

HTTP Headers

GET /clicks/SquirtingSchool2_files/masonry.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-5e4a"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2BXbfJanacB8h%2FklSvlyiMsx%2Fr1Cjt%2Bsonmz7ma6EFIM%2FwoyXhI7LXoVq5Ag5empMcdBLPMG208yfZ2qGxXBuLqa50DB%2FO9nS7iYqKxg%2BPNfjjq5P5Jyg6cA1UEKUSOKNbYg6E%2B7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5c3b37b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery_002.js

104.21.83.119

200 OK

715 B

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/jquery_002.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1626)
Size
715 B (715 bytes)
Hash
46cfee7a6b6ed76c0fd609b98415e886
27a59318b05327183e1b7807e2071626f4a08419
21245efcfeb0ee1d850f895f472eca45c5d471e10f03e8f10e826218be1c356a

HTTP Headers

GET /clicks/SquirtingSchool2_files/jquery_002.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-71b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sjLahLOSMNee%2F%2FdUY8KpkCPI87YJddIy2JdOom2lDS7AOcOLFrj8%2BtdzRxP8nVkHym%2Fi6n7kZtH9wcuGrrMNaGX60oFuKFmZphRxZc5szraM5yTzcTh7PEIyvK2ZBDHIgVulYdHx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5c8dcc0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/imagesloaded.js

104.21.83.119

200 OK

1.8 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/imagesloaded.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (5477)
Size
1.8 kB (1831 bytes)
Hash
5bc847fcae1a1a6c4b7f79c00d2b7e29
b2237db0dd679c2c8e397e833f04df00d43165e7
bfa7a74e5830c0c26da7ccc50b8e44b401ce1ee8604fceb62e6c1310c47ddb2a

HTTP Headers

GET /clicks/SquirtingSchool2_files/imagesloaded.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-15fd"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7lNBJg%2BAJFgjyb5gcTzBd7S%2FjZ58CZtb5dqLusy2bwnS0RvcfjWjOkm8DkzAk%2FHBZeXAGTO4KsSbYS9bNT7mOOCSICPrmLHN07Kb8eubG03ecjORAYaB6o%2B3WpjJP%2Fbg%2BY%2F5O7X7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5bed881c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/front.js

104.21.83.119

200 OK

2.3 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/front.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6091), with no line terminators
Size
2.3 kB (2339 bytes)
Hash
4f4a997bc181498157d148ba9b649949
87ff26f8385fcf11c28fcc40c2e5619a8138f44d
fe722eb1adc5eb6c3642f87ba188bfb0b899130719fd73381712d6d710d3ed4b

HTTP Headers

GET /clicks/SquirtingSchool2_files/front.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-17cb"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FimSu4ii1%2B6bNCOjzElPLk78apPKkWxZ6gLNPPcFlp3S58i5IcR47mYBW0zl24eUpXiMYaQy%2BoUQJZXTc4frpL25WImGila2etgxwiufWfGbCntq6%2FmDJoJNw8y8cjNivilvRK0Y"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5b6a62b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/frontend.js

104.21.83.119

200 OK

906 B

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/frontend.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (1728)
Size
906 B (906 bytes)
Hash
1eb2d85be572c4156f592d1598abbec7
6e28faaea39603f81049ff7668cf771cd1c591cb
0fdded1df72c99324bfb42c29ba15b752740e12a2960899506262c120bd3e7ba

HTTP Headers

GET /clicks/SquirtingSchool2_files/frontend.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-728"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGRC1osPtxCp5BSravg2HqONXtLvUjIZHeolJUglGLgUsrA02qBqmXTGj97DzTucsmqc4KbUkjnDrHex4RR%2B4bAVpur1TUOtMc3hdHfNFgBjWwNCepAD%2BvVy%2B2noE6erYvDUZmFE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5e3f8b0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/wp-embed.js

104.21.83.119

200 OK

769 B

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/wp-embed.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1391)
Size
769 B (769 bytes)
Hash
82e67f050afdb38c20ac6eb305f97c17
df1349df76d66a9cf64377cf335c67c337d85470
5f6c33116e2106cd0f2f28c16062f1d584e74b8539a14ed45e17957634d71b7e

HTTP Headers

GET /clicks/SquirtingSchool2_files/wp-embed.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-592"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTzLe7ft34J6jHrMpoVOH3QxU3cVjR7vd9JJMwvv6YUvD68wdiueIacIb%2F0xsPdy0eOvIVzG9XDB%2FsbZEpb8ruckFgoNVrQVtQuvt5VJfWJYsPOUo1YgEgNBdNxS1rMt571SYfEB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5e78bc1c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/main.js

104.21.83.119

200 OK

1.8 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/main.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (7320), with no line terminators
Size
1.8 kB (1752 bytes)
Hash
7675b9cdce538b3351d44c317fc8bcd8
98e14e7d933d89799603e78eb68175196b119b7c
23d60748f50065e6664f663e339999277f3fdad54a104e3581395a197bbf74b9

HTTP Headers

GET /clicks/SquirtingSchool2_files/main.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-1c98"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wS9ebO9UGLYuho5k0%2FhU3B7vJKpvfWyiajFbv67Xd5Bt0gLJF1g6exdYoHvarVBd8aK5ckSqtDV2FKxlSEZ4HLWoxpSDmvYn3glJtNof3%2Be9to9rAqXSe3mCFC%2FBwR5e4eObM%2FSd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5d4c64b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.risewell.sa.com/clicks/SquirtingSchool2_files/e-202115.js

104.21.83.119

200 OK

3.0 kB

URL HTTP/1.1
www.risewell.sa.com/clicks/SquirtingSchool2_files/e-202115.js
IP
104.21.83.119:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2692)
Size
3.0 kB (2987 bytes)
Hash
59b791e299f9a3a35fc01011197f480c
76147580053e798533dbb2c9c4e2604893572ee6
1f126b8513afe8102ffb9299bdfff3673dd55601524b17bbc9d0b641b7fe6d77

HTTP Headers

GET /clicks/SquirtingSchool2_files/e-202115.js HTTP/1.1
Host: www.risewell.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

HTTP/1.1 200 OK
Date: Sun, 11 Sep 2022 21:16:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-230c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fQekCbNUEruRYuF0NXZU%2B6bBNOHR3uzg%2B%2Fq9L5LXcTq2%2FYjR0a6V2PtjM1Hx8zncm%2FLvwOsoBDxBz4O28FiAygIFn3xpWJF3e0%2FFzBmnMah%2FlnPWIAl6RgNhCoksxSO0gNJWNsRv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5f2fbab505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations