Overview

URL www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
IP172.67.175.209
ASNCLOUDFLARENET
Location United States
Report completed2022-09-11 21:16:58 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-11 2 www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5u (...) Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (16)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-11 12:16:56 UTC 93.184.220.29
mnemonic passive DNS www.risewell.sa.com (27) 0 2022-09-10 16:39:56 UTC 2022-09-11 15:37:49 UTC 104.21.83.119 Unknown ranking
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2013-06-02 22:47:44 UTC 2022-09-11 04:59:21 UTC 142.251.1.155
mnemonic passive DNS p.typekit.net (1) 620 2012-05-23 14:28:57 UTC 2022-09-11 06:01:35 UTC 184.31.15.48
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-11 15:58:57 UTC 143.204.55.36
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-11 04:57:20 UTC 34.120.237.76
mnemonic passive DNS ocsp.pki.goog (4) 175 2017-06-14 07:23:31 UTC 2022-09-11 04:58:08 UTC 142.250.74.3
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-11 04:57:04 UTC 95.101.11.115
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-11 04:57:50 UTC 35.80.131.74
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-11 04:57:12 UTC 142.250.74.72
mnemonic passive DNS www.risewell.sa.com (27) 0 2022-09-10 16:39:56 UTC 2022-09-11 15:37:49 UTC 172.67.175.209 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-11 04:57:17 UTC 143.204.55.25
mnemonic passive DNS e1.o.lencr.org (2) 6159 2021-08-20 07:36:30 UTC 2022-09-11 05:49:02 UTC 95.101.11.115
mnemonic passive DNS www.google-analytics.com (2) 40 2012-10-03 01:04:21 UTC 2022-09-11 13:30:36 UTC 142.250.74.174
mnemonic passive DNS www.schoolofsquirt.com (1) 0 2015-04-13 03:46:23 UTC 2022-09-11 06:33:08 UTC 74.121.205.60 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-11 04:58:07 UTC 34.117.237.239


Recent reports on same IP/ASN/Domain/Screenshot

Last 4 reports on IP: 172.67.175.209

Date UQ / IDS / BL URL IP
2022-11-23 10:49:54 +0000
0 - 0 - 3 m.parentalsolicitor.top/4579dkBIUmZjZXJmAnclR (...) 172.67.175.209
2022-10-22 19:17:04 +0000
0 - 0 - 20 hentaiprn.com/Hentai/video/lucy-blowjob-cyber (...) 172.67.175.209
2022-09-15 09:02:15 +0000
0 - 0 - 1 www.risewell.sa.com/wmbgt/spbcixqbf874539bllm (...) 172.67.175.209
2022-09-11 21:16:58 +0000
0 - 0 - 1 www.risewell.sa.com/hcdjkpi/qpdhtdik874534uae (...) 172.67.175.209

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-26 23:53:35 +0000
0 - 0 - 15 pelis24.gratis/pelicula/el-instante-mas-oscuro/ 104.21.43.203
2022-11-26 23:51:23 +0000
1 - 0 - 1 storageapi.fleek.co/9affbc31-4c3e-4637-a9c9-5 (...) 104.18.7.145
2022-11-26 23:50:59 +0000
0 - 0 - 1 goodxstore.com/xx/dating.html 104.21.84.49
2022-11-26 23:50:38 +0000
0 - 0 - 2 goodxstore.com/ali/ali.php 104.21.84.49
2022-11-26 23:50:33 +0000
0 - 0 - 4 wildfungames.com/land/rou?campaign=ThIi&web=1 (...) 172.67.70.29

Last 2 reports on domain: risewell.sa.com

Date UQ / IDS / BL URL IP
2022-09-15 09:02:15 +0000
0 - 0 - 1 www.risewell.sa.com/wmbgt/spbcixqbf874539bllm (...) 172.67.175.209
2022-09-11 21:16:58 +0000
0 - 0 - 1 www.risewell.sa.com/hcdjkpi/qpdhtdik874534uae (...) 172.67.175.209

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-26 23:49:45 +0000
0 - 0 - 16 viralhotpot.com/?p=1796 172.67.164.19
2022-11-26 23:29:37 +0000
0 - 0 - 3 195.3.223.79/Uploads/Universallocal9windows/P (...) 195.3.223.79
2022-11-26 23:15:55 +0000
0 - 0 - 2 links.patrioticright.com/a/1523/click/2898/32 (...) 35.238.129.105
2022-11-26 23:08:18 +0000
0 - 0 - 2 144.76.84.81/igetintopc.com/download.php?url_ (...) 144.76.84.81
2022-11-26 22:48:16 +0000
0 - 0 - 2 dc.oxcxoyh.icu/AwE3-_X3gopklyBfLPBoSwDZ_z6zUn (...) 44.228.230.225


JavaScript

Executed Scripts (17)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (55)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 11 Sep 2022 20:48:35 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IHF_4RtsKPIG_Y5A7p-OiAU9g9hIrI_spQrsIp0-qqBkHc15qYvklA==
Age: 1692


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    99b7d23c1748d0526782b9ff9ea45f09
Sha1:   eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
Sha256: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8400
Expires: Sun, 11 Sep 2022 23:36:47 GMT
Date: Sun, 11 Sep 2022 21:16:47 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RpY_SNp-nv2Amz8UKE66MaUmMS0HYMMp7Ge9-QTcVKKT0MGHrINefA==
age: 50375
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 11 Sep 2022 21:16:47 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 11 Sep 2022 20:56:07 GMT
Expires: Sun, 11 Sep 2022 21:30:08 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iCxJ60Liop2zTsFZEA3Pu0WwIpXsc3e-9BUvSeq4oQjejHi2TdOcng==
Age: 1240


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3010
Cache-Control: 'max-age=158059'
Date: Sun, 11 Sep 2022 21:16:47 GMT
Last-Modified: Sun, 11 Sep 2022 20:26:37 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VbRZbyMD1yi0xHb2Yy+1yA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.80.131.74
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WmnjmK+X+PS/xfwWWpQ4CHeopFg=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8158
Expires: Sun, 11 Sep 2022 23:32:47 GMT
Date: Sun, 11 Sep 2022 21:16:49 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8158
Expires: Sun, 11 Sep 2022 23:32:47 GMT
Date: Sun, 11 Sep 2022 21:16:49 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8158
Expires: Sun, 11 Sep 2022 23:32:47 GMT
Date: Sun, 11 Sep 2022 21:16:49 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7519
x-amzn-requestid: 8d8a8df6-abf5-45dd-8d78-de5ae715a9d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE_UNEoWoAMFRLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631845b4-0101ca7a09e432f305aa7066;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:18:12 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: Z0Z4IozbbythqWA7mNaqtO4NWbLi1zL2G6HmMGP0c9VqIzMugvVh_Q==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 00:00:49 GMT
age: 76560
etag: "b3491a6f12c97c8e1848a206a185fae29213c1e5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7519
Md5:    bb1a86dcf94db0a29a6ebe21866766d4
Sha1:   b3491a6f12c97c8e1848a206a185fae29213c1e5
Sha256: d05619e519fed6c0b6c0616cf540908006a68f127b25e38fb9d041dfe2546df4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d72ce1b-951e-4f1f-97b1-db99c399d5f9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8171
x-amzn-requestid: a3eb931f-cd71-4738-acb1-4398fc09f453
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOa7QGqoIAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c0b7b-2a6ed8ca00a0a0640110cf5d;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:58:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QuUPVSWCQk9z9xI03trHifaWzOi5TqBZHLena93lrxhjlAG1PICKKA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 12:19:15 GMT
age: 32254
etag: "6c728c56797ba921e8001919df4d36e56dd37e54"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8171
Md5:    eee5b4d617dab6f10d7053f5c4f4e98e
Sha1:   6c728c56797ba921e8001919df4d36e56dd37e54
Sha256: 76a53e2c81ec8da2bc469760b2c57098d587c6a36fa70e5b7c743a224a47d362
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 22:14:30 GMT
age: 82939
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8485
Md5:    e407da4d97d497925b1ab523fd416787
Sha1:   166741631fb93d109b18dde6d316b3fa3276aa8f
Sha256: 707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F66c0f84d-aba2-4ce6-9e03-ee51e1c347be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6889
x-amzn-requestid: c82ac543-90cd-4aeb-a65b-7e1bbbacc407
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ2UEE-3IAMFYBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d0419-427a29067c9c92ec0db6567f;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:39:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mNvNO0HJjZ1zwPKcjfqiVOnCL0CYXc8BPDSFbV6MXVW71IVt-2K3mQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:54 GMT
age: 84595
etag: "7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6889
Md5:    57d797a1c3f6589746a1135bdb19f54f
Sha1:   7aa14fcd982a5cee38d58fc3c89edc4a8daf4c97
Sha256: ff8855ca951f53ed5f3886cc81a7f28384d41288edeca4fdc621250e4d01c6fe
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13568
x-amzn-requestid: a2fadcbe-350b-4a06-9f9c-ee2da40bb285
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEESeHA_oAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317e742-4740aa3f4ebd479e7a4886ed;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 00:35:14 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: jbF2ZaJUhIoJV-o4f6iviFyUnoDW4R0KHTfC5NySmITnsLbD5iJrPQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:11 GMT
age: 84998
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13568
Md5:    8625e0707046e7a3715a8dbb40b1cae2
Sha1:   0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
Sha256: abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7635
x-amzn-requestid: dbd07cc7-d0f6-4500-83c6-b19fa9fa2e3d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt5xDEfUIAMFYXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f09a0-3771b23118f3711e5caca699;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:11:28 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ILut4hEDJbs6jNr3wpPST1HgAYMabIT7cdZebRFETn8lL_QfS92KBA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:40:34 GMT
age: 84975
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7635
Md5:    4ec2646c56c4c522f0744768ad20342b
Sha1:   ad1d9eee90556a359547dc7cbb6758aee2c804cd
Sha256: 0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4
                                        
                                            GET /hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sun, 11 Sep 2022 21:16:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nK3d%2B5BoIrTfwyW92Eg%2F9MPt2gAWZQ8P9CjBLo8k0mootffKWK1eT2t7RMpXpAbb1agdICGHg702X3iC%2Fyn%2BhRsdteEzXrQ%2BW9fMVZbhCvcuDSC7P%2F0qrXTJZltYNhaVKajw7LH2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74936d2a5a520b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   527
Md5:    12e9e8bcb12b1920a28bed0802ed4c00
Sha1:   7697c98b8d8441d73f4903d325fb762ee865e0b5
Sha256: 0b1f06ee3af140d95d47081cbaaac4427050a0f734ce95ea480e8311d3d2264a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 21:16:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtag/js?id=UA-22484186-3 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 11 Sep 2022 21:16:49 GMT
expires: Sun, 11 Sep 2022 21:16:49 GMT
cache-control: private, max-age=900
last-modified: Sun, 11 Sep 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41911
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1615)
Size:   41911
Md5:    60af81295b83155efd7d1610bcf994e0
Sha1:   4285e2890b091f5f205bd818689279af2e4978fb
Sha256: 622cb81412f765765160e1bc87b17fdf87f67d69c07a5a7d9bf4b4c5b053f9f7
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 21:16:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /jquery-1.11.0.min.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/hcdjkpi/qpdhtdik874534uaevfb/d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:03:39 GMT
ETag: W/"62e8238b-1787d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UYknIVoNoW2c%2B1plKO1JMdry8O4JkoRUMc6YiT1fQv2gHSeMFld5U9k2fIa45GRZdviA6MVpl%2BlCHPKhXcidAFMmLc6fGBzUkWjqgQEektqj1J88OcApZiEcsgS0dBK0KH%2FdZap7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d3a09f80b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (32341)
Size:   33436
Md5:    95fe3f4dd117c33f6015e1c3d6df1d0d
Sha1:   d5b8856932d1ea63f51824de0bb50670d2e960bc
Sha256: e6945ac3f1927f242a9fd7a5cf67720f7763888127a7427eb24ffc52019d4b16
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "D516DF540B596ED030FFF4DE1AFF89B98A83B29C601B0394E95784F7DFB957FC"
Last-Modified: Sun, 11 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 12 Sep 2022 03:16:50 GMT
Date: Sun, 11 Sep 2022 21:16:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "D516DF540B596ED030FFF4DE1AFF89B98A83B29C601B0394E95784F7DFB957FC"
Last-Modified: Sun, 11 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21599
Expires: Mon, 12 Sep 2022 03:16:50 GMT
Date: Sun, 11 Sep 2022 21:16:51 GMT
Connection: keep-alive

                                        
                                            GET /clicks/SquirtingSchool2_files/screen.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-484"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9zaFeExgynjniQ4EVxmcZ8w3pRFKycSGStfJnc1Vd1ox%2FYSIpDAc7V9afDNb7wZSpUpt1uNz%2BKSgRJ6bu8Z%2FB%2Bg0bvwDzCvsOxPRswzuMC8HCQ6lkvywAVnfVK77TuTdMV%2FdyJi3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51d933b50c-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1156), with no line terminators
Size:   451
Md5:    9cbb12ded165859b75441a829fb683af
Sha1:   1e85f7bd7f0fa9dbc53157bbead5eb703c502db8
Sha256: 3dba212407392e05ef866072e63f519c9ef7365ea376cb5a8824e77726a6759b
                                        
                                            GET /clicks/SquirtingSchool2_files/gtm.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-1745f"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DxVLJBpDp5NdAL%2FS%2BtxgGw1k0iEc6niMAq%2FHFUIJlhFBdgFo2VSsOuSIfZWnbvDPd2e%2FWnf%2FNDB8LfaBRqsYPBs1qUQixHn6GJ8Dxwy0icupsKSRzxsW38FgLWxj5TrEaRSdaAGN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51ab4f1c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1769)
Size:   35077
Md5:    0836fe24cc27b8bb4487f54b58f02862
Sha1:   0d15857b796c032367c80f9896619f90d93e72dc
Sha256: ddb1db449d1988abbfe8e4a0aa6aa347ce62f14deeb486469691e324547dd72a
                                        
                                            GET /clicks/SquirtingSchool2_files/wp-emoji-release.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-3795"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3xNrJEIRQ0%2FK8j62qy0r9pNRNMUCtOnIBh00JvY0x5rqyUJFW1Y8BFFAFCtAVoED1NzNqjHHfnH36R92vAtIGFP7GjlkxlzZI%2BuRsj1oApMLqf0wfhVbfNOgK3nKB66Tv5mAnp%2Bl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51bc6bb505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (11272)
Size:   4657
Md5:    71b6d75cd4e93368516cec04a93790f8
Sha1:   d274862e4ee8bea24bf1d6d6f8f1e231abd778c2
Sha256: 7f1d272195370f3d6541779815b23d961b1cb9474d3bf57786f9844840083596
                                        
                                            GET /clicks/SquirtingSchool2_files/style.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-e33b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0dQCza1Mdz5XOFo00JhFKVniJxNsTS6NAF8yUPxff1r9e6351KwSp9TAkKTE6UCLsig0o%2FhtqhaXtz%2BV91wYXTIMnSMAferc0F1Wz7shy11kNyTwqwgtovbacn7lSNkwCZajN3q1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51d8280b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (29677)
Size:   8609
Md5:    9fb5134f2a659735f48ff96b78196847
Sha1:   9c39894b8e981273e4a45754f8f3ad93e8955522
Sha256: 28d1eb4db568bac23b22b4f660dce0bbf0adbf2de7114fffa8249b4e2f59acc1
                                        
                                            GET /clicks/SquirtingSchool2_files/style_002.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-556a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IKYV4V62xv3ZoMOZ7zIv%2FY03%2B%2FyTb8JcB4T8yYJOhJTExYrg0KGe5528KKGa0UboSCxMfSsizCkIQasNyyjvnhUZJoreBU%2F8WK%2Byjdr0ufU78k1RVwfEnUtOKK3SffoWoLGs0MxS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d54b824b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (21866), with no line terminators
Size:   5099
Md5:    83f8bf595ce89616b8f84b08029c4bf4
Sha1:   b96af70e68a3bae9b4f40a6f1f72387e63e075fc
Sha256: 9cd4310731c9a1edb3d464f1758bf914b91211f293144015e32eb17509b2a016
                                        
                                            GET /offer.php?id=314&sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.67.175.209
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 11 Sep 2022 21:16:51 GMT
x-powered-by: PHP/7.3.25
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2VfhAdzCXBvl6jmlSCr6bQa9Kg4Z1woIlW2hBqVkAOpRFr4OVQ2tOBAuN9ycDbku%2FL7z8YbuzY7f26US4tMi7sExhh5NlImjT9d90u8r3fCJeDMdexRVPPTtBUy5xfWuTfUqYPny"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74936d420acf1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (309)
Size:   14169
Md5:    75098e495fd25cdaaf41ce8880e2ff12
Sha1:   7fd4919a3f091e777338119ef03ed848000afa9f
Sha256: d6bfed69c4d00fa3a4adab4ef23431a58ea99457bcc33bad65c16c7ea9ae906f
                                        
                                            GET /clicks/SquirtingSchool2_files/analytics.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-c001"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d2ooImd9Baz1F%2B9cLeBUZ3eXaNMNIFMSQNXVkISkK09KoazAv9wnBmizLB%2F5g3rpMMy5NrIterUOG50IqSO18UiaOeM6dixgDHWMva32LK4dw%2BTMQokufE7%2B5zdlcXEAq7U3nmEy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d51bd4fb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19637
Md5:    e05cd91b4da4b637a86022978482730a
Sha1:   2e496d2c1af77dab8b487a211516c4c774429abc
Sha256: 4372a296d6c3ad1e561a80e226b58d429199f0b174b4df22771c888a03bc87d1
                                        
                                            POST /j/collect?v=1&_v=j90&a=1602247781&t=pageview&_s=1&dl=http%3A%2F%2Fwww.risewell.sa.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D993058%26h%3Dd-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa%2Fxii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=YEBAAUABAAAAAC~&jid=1771647634&gjid=1042182507&cid=1512030959.1662931003&tid=UA-22484186-3&_gid=799282715.1662931003&_r=1&gtm=2ou970&z=1706169243 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.risewell.sa.com
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://www.risewell.sa.com
date: Sun, 11 Sep 2022 21:16:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    cc7a1e792bca8ccb1946b7a07f6dbc03
Sha1:   11a2757082428311f587b7664fa9840376137f80
Sha256: de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
                                        
                                            POST /j/collect?v=1&_v=j90&a=1602247781&t=pageview&_s=1&dl=http%3A%2F%2Fwww.risewell.sa.com%2Fclicks%2Fwts_ss2.php%3Fsid%3D993058%26h%3Dd-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa%2Fxii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a&ul=en-us&de=UTF-8&dt=School%20Of%20Squirt%20-%20The%20Original%20%26%20Best%20Place%20To%20Learn%20About%20Squirting&sd=24-bit&sr=1280x1024&vp=&je=0&_u=YEDAAUABAAAAAC~&jid=1824654678&gjid=1526907528&cid=1512030959.1662931003&tid=UA-50355398-1&_gid=799282715.1662931003&_r=1&gtm=2wg5c1WQK7ZT&z=973672037 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.risewell.sa.com
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://www.risewell.sa.com
date: Sun, 11 Sep 2022 21:16:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            GET /clicks/SquirtingSchool2_files/sticky.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-74d"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwIFYZWP7JP9qfucklGAC2kRveaI9YJ%2B26deR4OyQT6jGdqKG%2BIwPD1j14B5inIG1asG7HhMVSb%2F94byt8JFEVO%2Fak3OCzIzcPxcb42pSVTj%2BXFwQaLXkl7wSM6DPqzxpfc2XJO%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d573cdbb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1869), with no line terminators
Size:   482
Md5:    72c3bf996dd5aef0ecb40d656c74088a
Sha1:   1afb023c6cbbad030079e8f640b9132e10305e30
Sha256: c1ca5b2f6c5f9b6f65cbba9cf8fe7b63c36c2d79b9c47df6c9dd6ee974989241
                                        
                                            GET /clicks/SquirtingSchool2_files/style_003.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-6b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PLRmloZFB2%2BFfDLqI%2FMQoRBR2TnmdB8JRSgletxtAe8aFktLxQoZic4TMQ0Rix0U3xW8q7uos%2B%2BqX2N4x8EaXNiQi3GiFFAYPiMZQif9OuSN6gJ3hsxQ3pP8jCZbiAGJKbU8n2eF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d573ef70b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text
Size:   110
Md5:    c0ce07835cc3940928c3e6bd8d501dee
Sha1:   9da1f52b500128d489a43a63b6c40bd3c731be88
Sha256: cc7cee1a2fe3834abcd828389484f777ddaeda38f477091c8b7479057de799e1
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-22484186-3&cid=1512030959.1662931003&jid=1771647634&gjid=1042182507&_gid=799282715.1662931003&_u=YEBAAUAAAAAAAC~&z=111907851 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.risewell.sa.com
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.251.1.155
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: http://www.risewell.sa.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 11 Sep 2022 21:16:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    48c0473b7821185d937e685216e2168b
Sha1:   3743e47f8a429a5e87b86cb582d78940733d9d2e
Sha256: 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /clicks/SquirtingSchool2_files/unsemantic-grid.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-3107"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xDvpjuAedMDce4QXFUpUbl1Fny0XO5M5ttKbp%2BJJWohMa6y1xqbHZQCxPcGfyyGPSxmj3idXfA%2BBekH6LGXQ9SmoV1K3Eo0ShHaOZEjPOjUA954AQlpIbE22jTolrh2%2FLxwXAVx6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d543ddf1c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (12551), with no line terminators
Size:   2214
Md5:    32b7e5a2b0fe6a7e72680d51da96ea2a
Sha1:   ef8af7f6261e77158293a4f6d9a012c33695c541
Sha256: 214a39b0b08579b9821d5c676de0d9c646786e5ce2a82c66cdfa4ba538efeb8b
                                        
                                            GET /clicks/SquirtingSchool2_files/mobile.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-ec5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VMCoYFhc05NvpQ%2BnfbOIiVNN8fiP2FMwKD4UHY0xQYg7wPpCsOy5UwsrRbMeabhmzX28eSt1KHkUtEwPdsBECCOhrWnFxTwVcEkNN1lPLm%2F1%2BmuW11DM%2BKEnwajUFTgxqh1UDahg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d54fb530b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (3781), with no line terminators
Size:   1126
Md5:    776786ab3f58f5c0eb2ca63a9628e73c
Sha1:   7d74cddc365ed8bcd306d054655dfb2e9c38602e
Sha256: d456ed7b3f59cfe6efa0aa068ad0e382e9436f95c6287f17998d223c10215ca4
                                        
                                            GET /clicks/SquirtingSchool2_files/jquery.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-15d98"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjyjGxyUeKPTa%2BdniRdJllRnSsjaFOwZiWPxfQkHxVvtgmEfpmmDO7PnA6SLUxjJXLFL%2FC6P%2FK5MHITd2ycO50L43PVpe84V55zbYBTR8sMC89QNNckr%2Ff4J9OX4ew4k6B%2BWZfIr"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d591b1c1c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30908
Md5:    de51a7f2c2c244ceb7103216144f03dc
Sha1:   9545e4547e01b6fcabebdfa08c2d75089808fbee
Sha256: 10b58517301b7a47ed1354030c9b652a1d96259d24e1e1b4c4b1aa33b94682ee
                                        
                                            GET /clicks/SquirtingSchool2_files/jetpack.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-12f9f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=waDGPamTU6q7zI%2BgLBqCNlix%2Fd0gJVMIiMzTVgFDBBjQJ%2F5lUDuEU9o03GNIUMLRuPCeNeEwdBkmZQiP6%2F4VjCjYSXGJA3tV3r6E9fxYDcXpqObhksEJnBfdPGssOktHwYyM3QfD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5848330b51-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (21094)
Size:   13743
Md5:    fa0206609d148e4d384589bd7a57cdfa
Sha1:   d9a87ad4fec075a6c03ead16f5ee5c72a85d1d5f
Sha256: c1d6b2d7e92a2d4499ddbb71d3810ae3acd7efe3500f45972e8f07c0da46f403
                                        
                                            GET /clicks/SquirtingSchool2_files/font-icons.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-ade"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5J4ZDVKns5zX3p9dsjPBqT9WhlpxQTK7gEGhaT4sb8pWwy96IKOFqVAslqppXuS3UM9TGyIr6Af%2FYduskjqJPXgxRcKosAZpin8jRQLJTJsnL8u2JmxAOEKFwaTlzz7K5so8cbvM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d55fa29b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (2782), with no line terminators
Size:   747
Md5:    bd44afb37826464e574701ae847b16c2
Sha1:   8a5a06edf34aeadf78e755379f7d6be8bff5e048
Sha256: 1e26ba685f20d10f19b5bf8a9e354a6d09786a1a12b9f45b0767f73ae52fd490
                                        
                                            GET /clicks/SquirtingSchool2_files/edc2avj.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-cae"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FU%2FwcUc7CPjfZo4eS7SyTHOgpEo0PSAcgcsv%2Be27Cm6RlMFKGdvZCx5u27ILxNQaRcTu43YDwmJUzS7huGtbmjF8SP2O6TDPXLuyFSDcuyJwEDuue%2FKSfFwMr9SqGlFV30IUh3%2BC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5a3c321c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (516)
Size:   705
Md5:    74bf8e45d66b7014769ab20b05350661
Sha1:   ad1ef70c0dc132a6b3ff0f89be04d4bc4115b91a
Sha256: 752723aeb62873f2e7dd0a681e2d14b7ba1c3e1ff02c0058c87a7cd1da2c3c56
                                        
                                            GET /clicks/SquirtingSchool2_files/menu-logo.css HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-678"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHATsO63ki6i%2ByHFmYyQss19NSRFNPj6gZqxHZgxSWgwAu32pga0fsc%2FRo87xLPyzhrOBNPGjOa9IrhYeU%2F768yQIPOb760uEmPQ28dKKBRudpR2M%2BXEN7KVirr8uBmQEykI1Grt"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d581dfeb518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1656), with no line terminators
Size:   504
Md5:    20c4b619c52f48f55d451eebf6c7ad4e
Sha1:   4796ec4c04c717364aa60b8c0b249caa309ececf
Sha256: d56b5b82cda9c72fa1bb91012f2a50da264453411fe661580e4b7df2199d5b50
                                        
                                            GET /p.css?s=1&k=edc2avj&ht=tk&f=139.140.175.176&a=13090676&app=typekit&e=css HTTP/1.1 
Host: p.typekit.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         184.31.15.48
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
etag: "613bee4d-5"
last-modified: Fri, 10 Sep 2021 23:46:21 GMT
server: nginx
content-length: 5
unused62: 8096267
date: Sun, 11 Sep 2022 21:16:55 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   5
Md5:    83d24d4b43cc7eef2b61e66c95f3d158
Sha1:   f0cafc285ee23bb6c28c5166f305493c4331c84d
Sha256: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
                                        
                                            GET /clicks/SquirtingSchool2_files/jquery-migrate.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-2bd8"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8YG3elsvbjmDIweEUik0rqa6TDeDVD4kIP5BfKVBli1vZNS1je6ms304d5s7gph6s5Nwi34EWs77kV9WGH8vF%2FtUXNh3bKoBllHdZC2UAOkHNIBM8%2FwfBAS9%2BxARWDt4opWED5TD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5a096c0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   4165
Md5:    0d5bb2a36d1fc2e095235bc201eb5579
Sha1:   98f0154e2ed5322a9f65077f954868d6c800b337
Sha256: fe6382620c35c12aa4f3f96fe395e5813defe330c1d95fd3de1e94f8f5d1f0a5
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=5.7 HTTP/1.1 
Host: www.schoolofsquirt.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.risewell.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         74.121.205.60
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sun, 11 Sep 2022 21:16:53 GMT
last-modified: Wed, 25 May 2022 12:55:05 GMT
vary: Accept-Encoding
etag: W/"628e2729-48b9"
server: nginx centminmod
x-powered-by: centminmod
x-hosted-by: BigScoots
cache-control: public, must-revalidate, proxy-revalidate, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=604800
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   7439
Md5:    d2e6e1e9e4832fdeec5942afb98e16d5
Sha1:   c59b3a8dc3dcf9528e4172f031106eb486ff8c65
Sha256: 6e3776830350a59137963ba6ed073fecb1a5b532736dc5756ad1c25b0f39e352
                                        
                                            GET /clicks/SquirtingSchool2_files/masonry.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-5e4a"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2BXbfJanacB8h%2FklSvlyiMsx%2Fr1Cjt%2Bsonmz7ma6EFIM%2FwoyXhI7LXoVq5Ag5empMcdBLPMG208yfZ2qGxXBuLqa50DB%2FO9nS7iYqKxg%2BPNfjjq5P5Jyg6cA1UEKUSOKNbYg6E%2B7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5c3b37b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (23966)
Size:   7368
Md5:    6ce3f21f929ba0582a1aebcac0392fe6
Sha1:   b328e3a868d0e515fecd0b9c1fe273ba893d9cc0
Sha256: 7cd5ef9624b8a0425c875c005df78cb5626b23c4a9526b0668ec278cd17e4517
                                        
                                            GET /clicks/SquirtingSchool2_files/jquery_002.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-71b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sjLahLOSMNee%2F%2FdUY8KpkCPI87YJddIy2JdOom2lDS7AOcOLFrj8%2BtdzRxP8nVkHym%2Fi6n7kZtH9wcuGrrMNaGX60oFuKFmZphRxZc5szraM5yTzcTh7PEIyvK2ZBDHIgVulYdHx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5c8dcc0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1626)
Size:   715
Md5:    46cfee7a6b6ed76c0fd609b98415e886
Sha1:   27a59318b05327183e1b7807e2071626f4a08419
Sha256: 21245efcfeb0ee1d850f895f472eca45c5d471e10f03e8f10e826218be1c356a
                                        
                                            GET /clicks/SquirtingSchool2_files/imagesloaded.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-15fd"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7lNBJg%2BAJFgjyb5gcTzBd7S%2FjZ58CZtb5dqLusy2bwnS0RvcfjWjOkm8DkzAk%2FHBZeXAGTO4KsSbYS9bNT7mOOCSICPrmLHN07Kb8eubG03ecjORAYaB6o%2B3WpjJP%2Fbg%2BY%2F5O7X7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5bed881c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (5477)
Size:   1831
Md5:    5bc847fcae1a1a6c4b7f79c00d2b7e29
Sha1:   b2237db0dd679c2c8e397e833f04df00d43165e7
Sha256: bfa7a74e5830c0c26da7ccc50b8e44b401ce1ee8604fceb62e6c1310c47ddb2a
                                        
                                            GET /clicks/SquirtingSchool2_files/front.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-17cb"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FimSu4ii1%2B6bNCOjzElPLk78apPKkWxZ6gLNPPcFlp3S58i5IcR47mYBW0zl24eUpXiMYaQy%2BoUQJZXTc4frpL25WImGila2etgxwiufWfGbCntq6%2FmDJoJNw8y8cjNivilvRK0Y"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5b6a62b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (6091), with no line terminators
Size:   2339
Md5:    4f4a997bc181498157d148ba9b649949
Sha1:   87ff26f8385fcf11c28fcc40c2e5619a8138f44d
Sha256: fe722eb1adc5eb6c3642f87ba188bfb0b899130719fd73381712d6d710d3ed4b
                                        
                                            GET /clicks/SquirtingSchool2_files/frontend.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-728"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JGRC1osPtxCp5BSravg2HqONXtLvUjIZHeolJUglGLgUsrA02qBqmXTGj97DzTucsmqc4KbUkjnDrHex4RR%2B4bAVpur1TUOtMc3hdHfNFgBjWwNCepAD%2BvVy%2B2noE6erYvDUZmFE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5e3f8b0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (1728)
Size:   906
Md5:    1eb2d85be572c4156f592d1598abbec7
Sha1:   6e28faaea39603f81049ff7668cf771cd1c591cb
Sha256: 0fdded1df72c99324bfb42c29ba15b752740e12a2960899506262c120bd3e7ba
                                        
                                            GET /clicks/SquirtingSchool2_files/wp-embed.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-592"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTzLe7ft34J6jHrMpoVOH3QxU3cVjR7vd9JJMwvv6YUvD68wdiueIacIb%2F0xsPdy0eOvIVzG9XDB%2FsbZEpb8ruckFgoNVrQVtQuvt5VJfWJYsPOUo1YgEgNBdNxS1rMt571SYfEB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5e78bc1c16-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (1391)
Size:   769
Md5:    82e67f050afdb38c20ac6eb305f97c17
Sha1:   df1349df76d66a9cf64377cf335c67c337d85470
Sha256: 5f6c33116e2106cd0f2f28c16062f1d584e74b8539a14ed45e17957634d71b7e
                                        
                                            GET /clicks/SquirtingSchool2_files/main.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-1c98"
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wS9ebO9UGLYuho5k0%2FhU3B7vJKpvfWyiajFbv67Xd5Bt0gLJF1g6exdYoHvarVBd8aK5ckSqtDV2FKxlSEZ4HLWoxpSDmvYn3glJtNof3%2Be9to9rAqXSe3mCFC%2FBwR5e4eObM%2FSd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5d4c64b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (7320), with no line terminators
Size:   1752
Md5:    7675b9cdce538b3351d44c317fc8bcd8
Sha1:   98e14e7d933d89799603e78eb68175196b119b7c
Sha256: 23d60748f50065e6664f663e339999277f3fdad54a104e3581395a197bbf74b9
                                        
                                            GET /clicks/SquirtingSchool2_files/e-202115.js HTTP/1.1 
Host: www.risewell.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.risewell.sa.com/clicks/wts_ss2.php?sid=993058&h=d-px-4xgj4ocsztghxemnj6k5uxdozrxzkm-lnfx0xa/xii8us2hwnehkkmbx4c6vncyoemtogs47cqatww8wtrbhftszjaenp02pthbrphvajzdrcqbce7kfpwg8-xbb-zhh9wtxpateos43xtnadctclsofannkchovfzskqgzsoi-tm9xyksc6vc6oogg3a
Cookie: _gcl_au=1.1.341508931.1662931003

                                         
                                         104.21.83.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sun, 11 Sep 2022 21:16:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:37 GMT
ETag: W/"62e82401-230c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fQekCbNUEruRYuF0NXZU%2B6bBNOHR3uzg%2B%2Fq9L5LXcTq2%2FYjR0a6V2PtjM1Hx8zncm%2FLvwOsoBDxBz4O28FiAygIFn3xpWJF3e0%2FFzBmnMah%2FlnPWIAl6RgNhCoksxSO0gNJWNsRv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74936d5f2fbab505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (2692)
Size:   2987
Md5:    59b791e299f9a3a35fc01011197f480c
Sha1:   76147580053e798533dbb2c9c4e2604893572ee6
Sha256: 1f126b8513afe8102ffb9299bdfff3673dd55601524b17bbc9d0b641b7fe6d77