Overview

URLcaitlinricefit.com/unfragrance/endocrinopathic_subornation.html?sc=fgvpi1ml
IP 151.101.130.159 (United States)
ASN#54113 FASTLY
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-09 07:47:21 UTC
StatusLoading report..
IDS alerts0
Blocklist alert7
urlquery alerts No alerts detected
Tags None

Domain Summary (12)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
befjajh.hornydats.com (11) 0 No data No data 178.162.199.80 Unknown ranking
caitlinricefit.com (2) 0 2014-04-10 15:37:54 UTC 2022-11-09 03:47:01 UTC 151.101.130.159 Unknown ranking
r3.o.lencr.org (7) 344 No data No data 23.36.77.32
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-09 05:05:32 UTC 34.117.237.239
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
cdnjs.cloudflare.com (1) 235 2015-04-17 20:46:33 UTC 2022-11-09 05:04:47 UTC 104.17.25.14
code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2020-04-21 12:46:20 UTC 69.16.175.42
firefox.settings.services.mozilla.com (1) 867 2020-06-04 20:08:41 UTC 2022-11-09 05:26:04 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
datingvenus.com (3) 0 2018-06-27 00:52:03 UTC 2022-11-02 06:34:20 UTC 46.161.40.116 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 54.189.139.67

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-09 2 caitlinricefit.com/unfragrance/endocrinopathic_subornation.html?sc=fgvpi1ml Malware
2022-11-09 2 caitlinricefit.com/unfragrance/endocrinopathic_subornation.html?sc=fgvpi1ml Malware
2022-11-09 2 befjajh.hornydats.com/s/62cf1c2230951 Phishing
2022-11-09 2 befjajh.hornydats.com/js/click.js?8 Phishing
2022-11-09 2 befjajh.hornydats.com/bundle/275/assets/js/functions.js Phishing
2022-11-09 2 befjajh.hornydats.com/bundle/275/assets/fonts/Lato-Regular.ttf Phishing
2022-11-09 2 befjajh.hornydats.com/js/fp2.min.js Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 151.101.130.159
Date UQ / IDS / BL URL IP
2023-02-01 11:59:19 +0000 0 - 6 - 0 www.benningtongreen.co.uk/ 151.101.130.159
2023-01-28 20:01:01 +0000 0 - 2 - 0 www.doktor.se/ 151.101.130.159
2023-01-26 21:20:46 +0000 0 - 3 - 0 toronto.iabc.to/wp-login.php 151.101.130.159
2023-01-22 05:06:45 +0000 0 - 0 - 13 franosbarbershop.com/wp-content/verif.accs.se (...) 151.101.130.159
2023-01-14 22:19:11 +0000 0 - 0 - 2 infusetheplanet.com/wp-content/themes/twentys (...) 151.101.130.159


Last 5 reports on ASN: FASTLY
Date UQ / IDS / BL URL IP
2023-02-03 10:24:18 +0000 0 - 0 - 5 links.vip/scheduleproject 199.36.158.100
2023-02-03 10:20:53 +0000 0 - 0 - 6 remondremeret.firebaseapp.com/ 199.36.158.100
2023-02-03 10:07:13 +0000 0 - 0 - 2 raw.githubusercontent.com/Shinyenigma/XSudo-w (...) 185.199.109.133
2023-02-03 09:55:33 +0000 0 - 0 - 2 mcvehil.com/wp-content/cache/qur/login.php 151.101.2.159
2023-02-03 09:26:10 +0000 0 - 0 - 2 newadobeee.firebaseapp.com/ 199.36.158.100


Last 3 reports on domain: caitlinricefit.com
Date UQ / IDS / BL URL IP
2022-11-24 09:03:17 +0000 0 - 0 - 10 caitlinricefit.com/wp-content/plugins/wp-edit (...) 151.101.130.159
2022-11-09 07:47:21 +0000 0 - 0 - 7 caitlinricefit.com/unfragrance/endocrinopathi (...) 151.101.130.159
2022-11-08 11:37:06 +0000 0 - 0 - 7 caitlinricefit.com/wp-content/plugins/wp-edit (...) 151.101.130.159


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-28 20:14:52 +0000 0 - 0 - 1 www.mczcl.com/wp-includes/blocks/pullquote/wo (...) 156.234.100.156
2023-01-20 06:37:18 +0000 0 - 0 - 10 pestv1m.dfybuild.com/wp-content/plugins/avalv (...) 170.39.79.184
2023-01-14 20:52:57 +0000 0 - 0 - 5 bdfcahi.naughtywhors.com/s/626e195e025c5?track=69 178.162.199.80
2023-01-05 07:12:27 +0000 0 - 0 - 7 www.ahcohaiti.org/hau/hyperadiposis_arain.htm (...) 107.180.4.5
2023-01-04 23:42:23 +0000 0 - 2 - 0 gg.gg/12woe5 91.215.42.31

JavaScript

Executed Scripts (7)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (38)


Request Response
                                        
                                            GET /unfragrance/endocrinopathic_subornation.html?sc=fgvpi1ml HTTP/1.1 
Host: caitlinricefit.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         151.101.130.159
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Connection: keep-alive
Content-Length: 162
Location: https://caitlinricefit.com/unfragrance/endocrinopathic_subornation.html?sc=fgvpi1ml
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
X-FW-Server: Flywheel/5.1.0
X-FW-Hash: r3y3wqbvj4
X-FW-Version: 5.0.0
Server: Flywheel/5.1.0
Accept-Ranges: bytes
Date: Wed, 09 Nov 2022 07:47:09 GMT
X-Served-By: cache-bma1679-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1667980030.719993,VS0,VE126
Vary: Authorization
X-FW-Serve: TRUE
X-FW-Static: NO
X-FW-Type: VISIT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3337
Expires: Wed, 09 Nov 2022 08:42:46 GMT
Date: Wed, 09 Nov 2022 07:47:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4460
Cache-Control: max-age=100702
Date: Wed, 09 Nov 2022 07:47:09 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 11:45:31 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5117
Cache-Control: max-age=101359
Date: Wed, 09 Nov 2022 07:47:09 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 11:56:28 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "17894427C471F7FA02CA274795DC55DF1BFC99D7BD83F9EE36249394035110FD"
Last-Modified: Wed, 09 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11223
Expires: Wed, 09 Nov 2022 10:54:13 GMT
Date: Wed, 09 Nov 2022 07:47:10 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Alt-Used: 0

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 09 Nov 2022 07:43:42 GMT
cache-control: public,max-age=3600
age: 208
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    d130218d0e2841f39c99610fe1a2ab90
Sha1:   29fbe1e177ee55c7a61ae0a206afff271cf5f945
Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: bWUv4uFYLmOVpj8D0krIAsRXPa/G7oW3qGumGChw4URX1tYXZXHq6QjvkW44T7JYUew5A9zUGx2zh1CBHwuDVw==
x-amz-request-id: 8WZVYQ1PM760QTMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 09 Nov 2022 06:48:52 GMT
age: 3498
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 09 Nov 2022 07:47:10 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /unfragrance/endocrinopathic_subornation.html?sc=fgvpi1ml HTTP/1.1 
Host: caitlinricefit.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         151.101.130.159
HTTP/2 200 OK
content-type: text/html
                                        
last-modified: Sat, 20 Aug 2022 08:21:30 GMT
etag: W/"6300998a-70"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: r3y3wqbvj4
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 09 Nov 2022 07:47:10 GMT
x-served-by: cache-bma1676-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667980030.073921,VS0,VE124
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: NO
x-fw-type: VISIT
content-length: 116
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   116
Md5:    ef96f70002cb2b75d9c4b0436c814fe1
Sha1:   3279b91c30a22693f577ae4cbef065230e4135fd
Sha256: c2a0eec0b5196cdba79bbf89eef58baee02d9d2021859a81861f04bbd0548ca7

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /venus2/index.html HTTP/1.1 
Host: datingvenus.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         46.161.40.116
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 09 Nov 2022 07:47:10 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 26 May 2021 18:12:52 GMT
ETag: "7c-5c33f97483100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 114
Keep-Alive: timeout=2, max=100


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   114
Md5:    a8bcb92cad83595aea92d5cce3846750
Sha1:   39b701b14d8214a7580e35ab600160ea75dfb663
Sha256: ad38224be64f82bbf803ff6bb43db294414e9a67b3a13ff3587a286f7de6fd6f
                                        
                                            GET /venus2/obfuscated_redirect.js HTTP/1.1 
Host: datingvenus.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://datingvenus.com/venus2/index.html

search
                                         46.161.40.116
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 09 Nov 2022 07:47:10 GMT
Server: Apache/2
Last-Modified: Sat, 01 Oct 2022 10:15:00 GMT
ETag: "4d1-5e9f662101100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 634
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1233), with no line terminators
Size:   634
Md5:    d4c212f797a8d43198a44df9aa2612cc
Sha1:   9a2ededa4fcc8814fc7ecd729289da8fe3c56e9e
Sha256: 3e04597967910e115bd3a610a0a81f38c6631682a2858100455f91f77fa7e63c
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: datingvenus.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://datingvenus.com/venus2/index.html

search
                                         46.161.40.116
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Wed, 09 Nov 2022 07:47:10 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 198
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   198
Md5:    d928d07633ee9e4cf30c5f5f85a16465
Sha1:   b806f46f079d3fbab99b52200eec4c2e66676414
Sha256: 11393b1ad24726b3c8b0a8c85e92f6579252832cfb5aff1c4b08571c4ffb0047
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2626
Cache-Control: max-age=93802
Date: Wed, 09 Nov 2022 07:47:10 GMT
Etag: "636a1c26-1d7"
Expires: Thu, 10 Nov 2022 09:50:32 GMT
Last-Modified: Tue, 08 Nov 2022 09:06:46 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 95k9gvRfH3TvGyz02Y3pxw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.189.139.67
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Knq0r++VOFdhfgHA6kA1CSmCzTg=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2622
Expires: Wed, 09 Nov 2022 08:30:54 GMT
Date: Wed, 09 Nov 2022 07:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2622
Expires: Wed, 09 Nov 2022 08:30:54 GMT
Date: Wed, 09 Nov 2022 07:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2622
Expires: Wed, 09 Nov 2022 08:30:54 GMT
Date: Wed, 09 Nov 2022 07:47:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2622
Expires: Wed, 09 Nov 2022 08:30:54 GMT
Date: Wed, 09 Nov 2022 07:47:12 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0adf10c-d2d8-4768-a99e-671dd205fa5f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9741
x-amzn-requestid: 19706043-9952-4148-bf73-815d2b80f88a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bKom8FixIAMFjzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63675492-26d889196e698552262b0ef6;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 06:30:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 30pGKplOuXFYhdd8rDJhmKimfi5RdviDma-8hJ6Bf6zrwO8KgVhODw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 22:03:53 GMT
age: 34999
etag: "dd74707d8871dd800aa29bda2edc6105bd00adf6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9741
Md5:    10699bfbe3966b42cce253bfd3c09d0d
Sha1:   dd74707d8871dd800aa29bda2edc6105bd00adf6
Sha256: 26b571dbe9c885db2a2a6ae4e4a432b843a2815fb34ec976db7a3e6148a4dc8e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C7GYpM3mXSf0hVyGO9Zzlxa3IHXHdyPlXsvr3i0GoQnaPZF6lO-OwA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 06:24:20 GMT
age: 4972
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10462
Md5:    4e2853cc6ec6223160471401e6871f4b
Sha1:   f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
Sha256: bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a8ff193-2f9a-4dbd-aabc-a70f9abdf169.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5125
x-amzn-requestid: c4f7c3d2-4c43-442e-a477-84a5baf6ff49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bM4rXGdcoAMF5zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63683b15-1aec78204d291cfe5061d179;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 22:54:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZH49PpL-lN1JhCh03uyZJqRLu5vHF1RDMIBKKCvHOaKYdDOASOdUcw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:43:50 GMT
age: 36202
etag: "b97207d04eced8e6412f60c3764cdb527cce26d0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5125
Md5:    e265c87faef55af1d47d72286d93268a
Sha1:   b97207d04eced8e6412f60c3764cdb527cce26d0
Sha256: bf3f4fc715e107947c5bf3d622fbf9de1f591649a5008d8790a23463aa8703db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0cb56270-7d8d-4ba2-bc30-de736a42e1dd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12796
x-amzn-requestid: 31108e5a-3c69-4b62-99ea-1816df71a2aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bKuDcEzooAMF1iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63675d49-708c32857b683c5a39046202;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 07:07:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hRbYl8z9BgnFvtV-7f14N5JoCSebFBrKB7-seyEJAFPN628ccXDjLw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 06:57:17 GMT
age: 2995
etag: "c0d68e81500af89bb4a3ac2c9bf010d941f7b5ee"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12796
Md5:    bb3fe96fee7d9da0905d9d565b44fc32
Sha1:   c0d68e81500af89bb4a3ac2c9bf010d941f7b5ee
Sha256: 2b602aa92c61c060a0cfa9b13a7bbbcb65388b91559702c4d509bf199cf30bed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10822
x-amzn-requestid: 1b1e2dfc-4096-45cf-adb3-58f0b1d614bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEAXHFhroAMF_Zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364adc6-7b94977b4143970a48bc1857;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 06:14:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vzUPLMO4CDywKUQvQ9gbltVLYlNher7ZTXYC9A00LfwycdEmG7m9wg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 11:14:46 GMT
age: 73946
etag: "e26769d82108f89057b05096061f1276d34e223a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10822
Md5:    86ec3f22045de1a100eccf27d91593ae
Sha1:   e26769d82108f89057b05096061f1276d34e223a
Sha256: b863d19ab12945922b4d014c517f5ffe349cefe2bbe1c2f16661371f22378cbd
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9313
x-amzn-requestid: be3f6b0f-cf61-4bec-ad1a-87abdbc45d73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTwF5AoAMFZAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-5ca45b5b1065a4ea492f2ac6;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: SEA19-C3, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 9lVY7YgQQ0FAP3ItgCSWePY0Msd4RIyBz4eNPc-K51BtnWUjOObv6g==
via: 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:43:31 GMT
etag: "9265cae98aa663a5498925b70079abdd8e7031fd"
age: 36221
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9313
Md5:    29429581f8dc762c69c5916009f70080
Sha1:   9265cae98aa663a5498925b70079abdd8e7031fd
Sha256: c3deee74c80905a1e92b84868b9987cb30ad7a210dca066b97c325cc2c83872e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "50556642F0666550184BF65A795390823A615686C01BA196F4CF17B73B808BDF"
Last-Modified: Tue, 08 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17537
Expires: Wed, 09 Nov 2022 12:39:30 GMT
Date: Wed, 09 Nov 2022 07:47:13 GMT
Connection: keep-alive

                                        
                                            GET /s/62cf1c2230951 HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://datingvenus.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D; expires=Thu, 10-Nov-2022 07:47:13 GMT; Max-Age=86400; path=/; domain=hornydats.com SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=hornydats.com ESID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=hornydats.com
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size:   1799
Md5:    ca9baa1b5a2ef969031b70f1139ff304
Sha1:   cc4a20876188f8a5491a600fa1bece439589b393
Sha256: 4b05476e515f71e5010bdce1a01f76ea2e8fd8b0f1e2b082ff7f7e0ab01f4aa7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ajax/libs/animate.css/3.5.2/animate.min.css HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Wed, 09 Nov 2022 07:47:14 GMT
content-length: 3279
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d2a-ce35"
last-modified: Mon, 04 May 2020 16:04:58 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4366203
expires: Mon, 30 Oct 2023 07:47:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d01x7NuFrBKRUhSFsFyeiyvfyCfQ9SZpYn9TNeLKomOlTyL%2FU0OxlTaNZY%2BL4Ybj%2BweSLTjVJeea3nyJdfmREJzCDvrajLdgzTcp90C%2BrFwG4OYRzvFYfglPVsQaVF8PAuIpQIoT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7674f06e8e4ab509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (52592)
Size:   3279
Md5:    9266f9107ebcfd5961b230047eb0bb94
Sha1:   082cca30d08963a57887613907e9c397889d3c10
Sha256: d134df9ecd44a8aa61a0c0f309bc44664472f0555bdb7948021f2ed3b329368c
                                        
                                            GET /bundle/275/assets/css/style.css HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:14 GMT
Content-Length: 15642
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
Vary: Accept-Encoding
ETag: "5e78a7f4-3d1a"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   15642
Md5:    dbc14074261efe7a301b4ec0554cd210
Sha1:   9ba275b540b9929b7e04dc55f3342971cd00f1fc
Sha256: ed416a64ba763bf65cc02caf79a7163306667720a4b1e039e13ad3a97692ca99
                                        
                                            GET /bundle/275/assets/img/no.png HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:14 GMT
Content-Length: 3134
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-c3e"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size:   3134
Md5:    e51438397f6333f22081857d4236efca
Sha1:   4508bc8a99ce403e595f5b31c9e74efeade3b684
Sha256: fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1
                                        
                                            GET /js/click.js?8 HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:14 GMT
Content-Length: 5260
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 13:18:04 GMT
Vary: Accept-Encoding
ETag: "6363bf8c-148c"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   5260
Md5:    8207d083c909c6386927c5197eff584c
Sha1:   a5f1148a0e9923191d3f8ed4c1750240374af2a9
Sha256: f71ae9723255b00dcc8e3631fe419cbbb56a80b3034f184ca5292127d7b3eea9

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bundle/275/assets/js/functions.js HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:14 GMT
Content-Length: 389
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
Vary: Accept-Encoding
ETag: "5e78a7f4-185"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (381), with CRLF line terminators
Size:   389
Md5:    7be0a389385d045c27842522fed8530e
Sha1:   930956308fe93dee12fc7689a8684c82a137745c
Sha256: f179811dfa8ab006893bb729eb43c956e86f5f86047a093325aa31f8e8632f51

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bundle/275/assets/img/yes.png HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:14 GMT
Content-Length: 3480
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-d98"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size:   3480
Md5:    3d0dab8337c085af1541ee5b7d63b53b
Sha1:   b8bc0b819b1f4259f179049edb58ed16cc8caf0e
Sha256: 6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
                                        
                                            GET /bundle/275/assets/img/pattern.png HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:14 GMT
Content-Length: 2801
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-af1"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced\012- data
Size:   2801
Md5:    f06b5903c3ed5ef39db9b98b60deba70
Sha1:   f2d93c7d32069d157fa3047b550ef406bea1aa05
Sha256: 5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
                                        
                                            GET /bundle/275/assets/fonts/Lato-Regular.ttf HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:14 GMT
Content-Length: 120196
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-1d584"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 30 names, Macintosh, Copyright (c) 2010-2011 by tyPoland Lukasz Dziedzic with Reserved Font Name "Lato". Licensed und\012- data
Size:   120196
Md5:    7f690e503a254e0b8349aec0177e07aa
Sha1:   127f241871a9fe42cd8d073a0835410f3824d57c
Sha256: 7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /bundle/275/assets/img/1.jpg HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:14 GMT
Content-Length: 90519
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-16197"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1040x660, components 3\012- data
Size:   90519
Md5:    9a350f9b30c1f5f5635f896bf2487345
Sha1:   82fcc5cbc8e1ba0ab697d27017ab9fe8c6dc5f19
Sha256: 15d4127cd56e1b50b5d57340161ff54d22713da009df6904925833779ab125d0
                                        
                                            GET /bundle/275/assets/img/favicon.png HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:15 GMT
Content-Length: 796
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-31c"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size:   796
Md5:    a6ad4df9ec78d77e3ba0b6cd82fe297a
Sha1:   1314387b8238a472e68db26bcc1cf29948cc1730
Sha256: 6c0f700fed24177a4ba0d9032fc78f9d34254bb9dfae532fd28d28ec4e105b28
                                        
                                            GET /jquery-2.2.4.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://befjajh.hornydats.com
Connection: keep-alive
Referer: https://befjajh.hornydats.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         69.16.175.42
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 09 Nov 2022 07:47:14 GMT
content-encoding: gzip
content-length: 29811
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1667980034.dop203.sk1.t,1667980034.cds234.sk1.hn,1667980034.cds214.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32065)
Size:   29811
Md5:    82885772205f23cd59e25a221521b059
Sha1:   96ed36f45544295f28df1ab251e7e38faceeff0e
Sha256: 8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215
                                        
                                            GET /js/fp2.min.js HTTP/1.1 
Host: befjajh.hornydats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=pcwSIzELt1la3bRAgHbikkAyuGx5ZQqxRYjWM5pNq0LtT1fQML%2B8iHhNMFLh5NzsNek%2BGQOv5c%2BCpduB7WiECCB%2BNvgRH6NV%2FTdQXiJj4fdWtVjrYNuIIo4OAu9XA5dosMIjuRw8VAxp5IeecM2OTfLQG3pTdAuC6HcqdwfhteH2O0%2BqksrtuXmzXQbKKfmwwrNQL6M5XD9a16zq6rxqnGWAHHGBOggCnMHkcD8Lha07OAod5zfCj7YhMFqccPNKjf3OMkexdv9crEzoetSh5ghMSVuFkZWInf0ekIl4goPbD%2FdEMybKFlD5NtOJdkoH%2By5dmp5ufnlivzj%2Fg7KAhxpljVHpx47tfSbmMlqWYt2skg2gCVvhtR0UNXB5lBAQBEKoyPYQ8zgZVqDgCmZ7v3Gd5bKoXtfjpLqoFbdRXAkONPYB3EL6aIIebDFXD8jAsZ%2FhoqWxYTecF8VjJeS%2BErgFzv9hyJO863g%2FrkHOdjMzwCvvdeChKMINdjp8NA1pFFB0aVt%2FfqF596PNc1U%2BhQ8NsidNvZEgt2%2BczAsHcMGV5vuRVQuTaHdR6j18vw%2FkulyHblPvJZvBFL5ylze25IlEH6hTlHcHDQ1NbbON9K0y0dugJwmyA%2F%2BdX7pKh1LryfWwea9o3T7KQSmJXAdskVh0O7OpSQ%2BQSroK%2FeRDzCaLLFw0nRjykaZsYV48RrfDMHEcJaX%2BpbOD7k%2BXji6Wsio6maty5fFxgpQl5ZJ%2FusRGQyScfAPQA8qCBxhexysKTLiHsxxgKMlb9NGlHRCDhlyHP6fuIwFMHrOwopSKG0xVbB72XZrcCPcVMkrwkZLz2Is62iJNozAJ8Yf9UOpqYLPiQzh1TtmO40TOdS8AQrtk3ZTInmNz6NCj7XHH1hVdtaVb%2F5nqRq%2FLxHizSB4GFw0v58vzLSJvB109H%2BUNNme34rM5hF64p4mlokPaqF%2Bm4l5O2mXB29yiuOFNZgBgmIbGwvG5oyWq7bIpC2Vem0OY6rKuzBe%2B6YV9D%2FccjfYvn1eFKdIGAE0Hj32vw%2FM6xMw3VbUw69WYEDG2%2B6FzGHlfpDGRedU%2F560C5biqCPmhF59IhKXZAFoDA3BfsWLJz5VG2A0JpraxLfL71gb1kxmwz85KnF8koBUiX18dFm%2FUV2H7t2Ep93h%2BTdAybfCXgN8lI6eTbGdCHMNkG9VnwYr0O2NvGa%2BzlW1QNMy2%2BDS8x%2FAB9stjQt1FZ4Tz5FwSEKSfaNJuHFr8272HGoFzYcjs0m4ruht1Yv2Dvm9uIUtBHh6KlzUWQaamLflQsGqcsqeEm%2BOkZfFF1HEK%2FymQ6UBukbxZEENhj6tx7JAlh%2BzLJPguZHIHAVFGf48PxeaRKrgytBWBsOad%2F%2Btabb7xzJUZo6sfm1RobTQjQsBWApHo1rkMUrbdKKaZ3nqy208rf9M9VKqstJTqsFfSdPiMcKbTeihoyUo6N3Lbd%2FEoa%2BH26Ogl%2B%2BXVMz6e4AmCKjER6ivzJapQXkWBD7aGuQgYgioHtz7h%2Bn90wLZwz3xD0ihZ0qRepONQUwjjWd1Jor4UAK7NgMQkmJ5fEAO3X85M%2BopU0kUDD%2F8obhYvHDQhpnDEAQ%3D%3D; CF=LuYkqN8x5gN+oKdGTLacDA__
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         178.162.199.80
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: openresty/1.19.3.1
Date: Wed, 09 Nov 2022 07:47:16 GMT
Content-Length: 30685
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 13:18:04 GMT
Vary: Accept-Encoding
ETag: "6363bf8c-77dd"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (30507)
Size:   30685
Md5:    e7d6b85edb141824af8951e19333337c
Sha1:   76600b2cb1978ca24d9fe39b1412f052da855ddb
Sha256: 6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e

Alerts:
  Blocklists:
    - fortinet: Phishing