| firefox.settings.services.mozilla.com/v1/ |  143.204.55.35 | 200 OK | 939 B |
URL HTTP/1.1firefox.settings.services.mozilla.com/v1/ IP143.204.55.35:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash99b7d23c1748d0526782b9ff9ea45f09 eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 19 Sep 2022 01:12:32 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Q7KMZWRta9PVXYYTJqpNLwbi0UUP7WKgF3UMsWLOh3M7VpQMpCnvsA==
Age: 2911
|
|
| r3.o.lencr.org/ |  23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash861cfa99de956423d917ed0ddbea4b9c ad65dbc394b48b04a45c205f56af296c8d008db4 5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13458
Expires: Mon, 19 Sep 2022 05:45:21 GMT
Date: Mon, 19 Sep 2022 02:01:03 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain | 143.204.55.49 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain IP143.204.55.49:0
File typePEM certificate\012- , ASCII text Hash6113f8408c59aebe188d6af273b90743 7398873bf00f99944eaa77ad3ebc0d43c23dba6b b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 18 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CMU6BYwUC34eb622efkU_VfLal5Ys__Q8kmKflztd8Cgbvw575VZXQ==
age: 77150
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/?p=4280 | 192.124.249.115 | 301 Moved Permanently | 0 B |
URL HTTP/1.1whatthefhappened.net/?p=4280 IP192.124.249.115:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /?p=4280 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: Sucuri/Cloudproxy
Date: Mon, 19 Sep 2022 02:01:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Sucuri-ID: 19015
X-Frame-Options: SAMEORIGIN
Age: 0
Content-Security-Policy: upgrade-insecure-requests
Location: https://whatthefhappened.net/?p=4280
Strict-Transport-Security: max-age=300
Vary: User-Agent
X-Backend: local
X-Cache: uncached
X-Cache-Hit: MISS
X-Cacheable: YES:Forced
X-Cacheproxy-Retries: 0/2
X-Content-Type-Options: nosniff, nosniff
X-Fawn-Proc-Count: 1,2,24
X-Php-Version: 7.4
X-Redirect-By: WordPress
X-XSS-Protection: 1; mode=block, 1; mode=block
X-Sucuri-Cache: MISS
|
|
| ocsp.godaddy.com/ | 192.124.249.24 | 200 OK | 1.8 kB |
IP192.124.249.24:0
Hash5c3637c0778c98172bb0797de183fcee 66b10331439604056f7bc3966da62f998586273e eab6ba7db7ab1fd2bd6938e3b6a0f257b7499aa22ddeac299d63132697854e82
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 19 Sep 2022 02:01:03 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 18 Sep 2022 22:31:20 GMT
Expires: Mon, 19 Sep 2022 22:31:20 GMT
ETag: "66b10331439604056f7bc3966da62f998586273e"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 143.204.55.35 | 200 OK | 329 B |
URL HTTP/1.1firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP143.204.55.35:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 19 Sep 2022 01:03:22 GMT
Expires: Mon, 19 Sep 2022 01:20:17 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YDo-JM3c4YQXrqyOQ9EtdnMinNfYSbLS0ncuAvjMIDOw4TVsRopZTA==
Age: 3461
|
|
| ocsp.digicert.com/ |  93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hash5fd1174f35b25298fc44a6de1af3f3d6 d45a47995ec34c7df480b3efafb13f55d9df7eb8 f60573eff255ef3d7603ca813f410c30588931b4018ffa0e07fa0bb2653c47af
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3731
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:04 GMT
Last-Modified: Mon, 19 Sep 2022 00:58:53 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
|
|
| push.services.mozilla.com/ | 35.161.231.36 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.161.231.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7BC1ef6b/hEkCv1lptBNwQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kIzErJ6C+DeiFRAK5mkqu7RcnyQ=
|
|
| whatthefhappened.net/wp-content/plugins/disable-right-click/css/style.css?ver=6.0.2 | 192.124.249.115 | 200 OK | 379 B |
URL HTTP/2whatthefhappened.net/wp-content/plugins/disable-right-click/css/style.css?ver=6.0.2 IP192.124.249.115:0
File typeASCII text, with CRLF line terminators Hash1329fbeccddb7029864f6f2bf47afe45 330d5e99d8d2aef71896c9ed8922ee3849f2987a 34f94bff0485b24225b72cf215a9662e5c5503114b81225b17a7530b911363d7
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/disable-right-click/css/style.css?ver=6.0.2 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 379
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 122766
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
last-modified: Wed, 22 Apr 2020 07:45:21 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2106 | 192.124.249.115 | 200 OK | 456 B |
URL HTTP/2whatthefhappened.net/wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2106 IP192.124.249.115:0
File typeASCII text, with very long lines (1156), with no line terminators Hashb7205a2d5cec0b767565df05eb340997 7293a6fb6fac0da4fb2a34a17189e794f0116bf3 46b5c911c6fbd53c3a9744a21d7253b9814916b32411f0cb4c67d98a0a9407d9
GET /wp-content/plugins/table-of-contents-plus/screen.min.css?ver=2106 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 456
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 189735
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
last-modified: Tue, 22 Mar 2022 19:47:49 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/complianz-gdpr/assets/css/cookieblocker.min.css?ver=6.3.2.1 | 192.124.249.115 | 200 OK | 713 B |
URL HTTP/2whatthefhappened.net/wp-content/plugins/complianz-gdpr/assets/css/cookieblocker.min.css?ver=6.3.2.1 IP192.124.249.115:0
File typeASCII text, with very long lines (2723), with no line terminators Hash7e67979bdd7b91ff88c5113cd3db186e 1ef16fddac63946359c3d47b46d1985c3961ea26 10f99207a897bca4be545b3a4a330907e90e0dc49326c774946393ed4adcd83c
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/complianz-gdpr/assets/css/cookieblocker.min.css?ver=6.3.2.1 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 713
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 47758
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "aa3-5e8376ce735e1-gzip"
last-modified: Fri, 09 Sep 2022 05:00:31 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/coblocks/includes/Dependencies/GoDaddy/Styles/build/latest.css?ver=0.4.2 | 192.124.249.115 | 200 OK | 1.0 kB |
URL HTTP/2whatthefhappened.net/wp-content/plugins/coblocks/includes/Dependencies/GoDaddy/Styles/build/latest.css?ver=0.4.2 IP192.124.249.115:0
File typeASCII text, with very long lines (301) Hash9663dd8916a7914c7bcb7a8f988440b1 f814917c037bd4103cc2d4091bc01921d2aae087 0485f32721ee2ea0790abae0818160d24f7bba3e684fa2be2a04b14a598cbe4d
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/coblocks/includes/Dependencies/GoDaddy/Styles/build/latest.css?ver=0.4.2 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 1040
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 14632
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
last-modified: Fri, 15 Jul 2022 09:14:31 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/css/bootstrap.min.css?ver=4.5.0 | 192.124.249.115 | 200 OK | 24 kB |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/css/bootstrap.min.css?ver=4.5.0 IP192.124.249.115:0
File typeASCII text, with very long lines (65324) Hashd8b8037e618e0918d03629a24a43a355 7077dc2c260d5f0d65986a308a38f3053c290458 acbb0054514eb6bd2c1abf982c5a077e8e2b1feaf59beb0dfc4ccec937f16bef
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/themes/padma/assets/css/bootstrap.min.css?ver=4.5.0 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 23845
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 44532
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "27293-5e808d83069be-gzip"
last-modified: Tue, 06 Sep 2022 21:26:07 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/css/font-awesome.min.css?ver=4.7.0 | 192.124.249.115 | 200 OK | 7.1 kB |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/css/font-awesome.min.css?ver=4.7.0 IP192.124.249.115:0
File typeASCII text, with very long lines (30837) Hash52f1a8a2ce85fa8432308b33bc1a2e79 fd80917af5371c8ecad0198592a1e7cce4b77b0e 07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/themes/padma/assets/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 7053
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 44532
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "7918-5e808d830c5df-gzip"
last-modified: Tue, 06 Sep 2022 21:26:08 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/css/slicknav.min.css?ver=1.0.3 | 192.124.249.115 | 200 OK | 807 B |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/css/slicknav.min.css?ver=1.0.3 IP192.124.249.115:0
File typeASCII text, with very long lines (2414) Hash37d64980310ad7764c0b7f8a624e69b7 058b46b912bc03bf2cce7aa6eb8c2518d5fd5bca 99d41ca56205510067e8a8196568dc16b02245078ef8e8df9176147f7a6ec816
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/themes/padma/assets/css/slicknav.min.css?ver=1.0.3 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 807
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 44532
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "9c9-5e808d8309aed-gzip"
last-modified: Tue, 06 Sep 2022 21:26:07 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/css/padma-style.css?ver=1.0.0 | 192.124.249.115 | 200 OK | 4.4 kB |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/css/padma-style.css?ver=1.0.0 IP192.124.249.115:0
File typeASCII text, with CRLF line terminators Hashc1b0ff33996e971804049e3148ff23ff fda0faf8e9c669e83a6d6d9bebe26aa72f8b8a03 3308a36d63f328e9cae1a149b43bc3b47d22bd87f7044ed528af496e5b1aaf05
GET /wp-content/themes/padma/assets/css/padma-style.css?ver=1.0.0 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 4386
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 44532
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "5aaf-5e808d82fb3db-gzip"
last-modified: Tue, 06 Sep 2022 21:26:07 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/css/custom-style.css?ver=6.0.2 | 192.124.249.115 | 200 OK | 0 B |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/css/custom-style.css?ver=6.0.2 IP192.124.249.115:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/themes/padma/assets/css/custom-style.css?ver=6.0.2 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 0
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 44532
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "0-5e808d82fd036"
last-modified: Tue, 06 Sep 2022 21:26:07 GMT
strict-transport-security: max-age=300
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/disable-right-click/disable-right-click-js.js?ver=6.0.2 | 192.124.249.115 | 200 OK | 248 B |
URL HTTP/2whatthefhappened.net/wp-content/plugins/disable-right-click/disable-right-click-js.js?ver=6.0.2 IP192.124.249.115:0
File typeASCII text, with CRLF line terminators Hash578807bc7cfcd5cb9d99c2c3c38b7a2f b30450ccd62030bf09087f3a469e2afb96aafcf3 8f6cf61608c090b7ae8c2f4b856658bfcd6bfd6a2d937bfd6d1a82f30cc53ead
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/disable-right-click/disable-right-click-js.js?ver=6.0.2 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: application/javascript
content-length: 248
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 57296
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
last-modified: Wed, 22 Apr 2020 07:45:21 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/simple-social-buttons/assets/css/front.css?ver=4.0.2 | 192.124.249.115 | 200 OK | 10 kB |
URL HTTP/2whatthefhappened.net/wp-content/plugins/simple-social-buttons/assets/css/front.css?ver=4.0.2 IP192.124.249.115:0
Hash8af8c368d1e75388c772d9ba45b73bda 2106d940f28073c38863c2eeafde2bc3c7bfba9f 42f8c191d31071891abee628d921aead2b34e7c32af4456ae3c5b372892c8eae
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/simple-social-buttons/assets/css/front.css?ver=4.0.2 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/css
content-length: 10349
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 29292
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "17f90-5e85e594637fd-gzip"
last-modified: Sun, 11 Sep 2022 03:26:45 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 | 192.124.249.115 | 200 OK | 5.0 kB |
URL HTTP/2whatthefhappened.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 IP192.124.249.115:0
File typeASCII text, with very long lines (15660) Hashe6624e0b978e6ddba476be41aaaa82df 822e920d8233072110ed7c8a7f379e5b13209b18 dac86a9ce08e4d8cded47b4fa900a664b0c997d8910c2a1be54a423678925a41
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: application/javascript
content-length: 5009
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 86810
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "48b9-5e87c6459069a-gzip"
last-modified: Mon, 12 Sep 2022 15:17:20 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/table-of-contents-plus/front.min.js?ver=2106 | 192.124.249.115 | 200 OK | 2.3 kB |
URL HTTP/2whatthefhappened.net/wp-content/plugins/table-of-contents-plus/front.min.js?ver=2106 IP192.124.249.115:0
File typeASCII text, with very long lines (6091), with no line terminators Hash800a020e545750ee77c5757f4a7fdd07 0749696aa2bc039d407e5656fd3a147dc6a8742c c3e8ee33653d9d7a3f97ff0758336f9d9bff6160653ca1adef62a1eb380b3763
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/table-of-contents-plus/front.min.js?ver=2106 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: application/javascript
content-length: 2349
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 20970
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
last-modified: Tue, 22 Mar 2022 19:47:49 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/js/bootstrap.min.js?ver=4.5.0 | 192.124.249.115 | 200 OK | 15 kB |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/js/bootstrap.min.js?ver=4.5.0 IP192.124.249.115:0
File typeASCII text, with very long lines (59893) Hashf236cc80370139ed4d1587ef5ff6296f dd802df8719dd40d40d191cd7d6630524d17813d 0340a26dbf5e696d2177ae3e33cfbc23ea745f09086939c751563f444e84b310
GET /wp-content/themes/padma/assets/js/bootstrap.min.js?ver=4.5.0 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: application/javascript
content-length: 14890
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 44533
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "eb0e-5e808d82e9303-gzip"
last-modified: Tue, 06 Sep 2022 21:26:07 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/js/jquery.slicknav.min.js?ver=1.0.3 | 192.124.249.115 | 200 OK | 2.6 kB |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/js/jquery.slicknav.min.js?ver=1.0.3 IP192.124.249.115:0
File typeASCII text, with very long lines (8320) Hash6ae82953bce12b276c3c56193db9727c 201e0d566aebf579741ecf6efbc271fdffbe715b 0f80c373fdd5672651d9e7a3475691c2378866c6eaeb74bfced5ffdea3a3ce9b
GET /wp-content/themes/padma/assets/js/jquery.slicknav.min.js?ver=1.0.3 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: application/javascript
content-length: 2648
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 44532
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "20df-5e808d82ebe0b-gzip"
last-modified: Tue, 06 Sep 2022 21:26:07 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/complianz-gdpr/cookiebanner/js/complianz.min.js?ver=6.3.2.1 | 192.124.249.115 | 200 OK | 11 kB |
URL HTTP/2whatthefhappened.net/wp-content/plugins/complianz-gdpr/cookiebanner/js/complianz.min.js?ver=6.3.2.1 IP192.124.249.115:0
File typeC source textAlgol 68 source text\012- Pascal source, ASCII text, with very long lines (48055), with no line terminators Hash70f139b2a4166a6727f44d234952d22c 70467b36623cde0a3ea1b416feb4aa3b403792b8 840efdd3de510b12c11d8de792f56456e994a80001eb2a463124068f3a6789b4
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/complianz-gdpr/cookiebanner/js/complianz.min.js?ver=6.3.2.1 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: application/javascript
content-length: 11061
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 45059
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "bbb7-5e8376d2a198e-gzip"
last-modified: Fri, 09 Sep 2022 05:00:35 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/complianz-gdpr/cookiebanner/js/migrate.min.js?ver=6.3.2.1 | 192.124.249.115 | 200 OK | 882 B |
URL HTTP/2whatthefhappened.net/wp-content/plugins/complianz-gdpr/cookiebanner/js/migrate.min.js?ver=6.3.2.1 IP192.124.249.115:0
File typeASCII text, with very long lines (4011), with no line terminators Hash34790e83e24865fdca976e62f983d475 70e12cfe33f15f556e9b00965d39430c8961c52e 2f18a518601170d59518bd0a30f5dc5806d95feff177d71bc2f1afa33dcbfd6a
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/complianz-gdpr/cookiebanner/js/migrate.min.js?ver=6.3.2.1 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: application/javascript
content-length: 882
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 45062
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "fab-5e8376d29f903-gzip"
last-modified: Fri, 09 Sep 2022 05:00:35 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css | 192.0.77.37 | 200 OK | 2.9 kB |
URL HTTP/2c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css IP192.0.77.37:0
File typeASCII text, with very long lines (11256), with no line terminators Hash41dc7c7e9ec0e493e190188eb1227868 f4aae70b5a6329f3695517b91535f6b5bb11bf02 5c51469ee85182d7541f1e577286c282c2d619c32d2053ead9b8a4de143b8007
GET /c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Tue, 19 Sep 2023 02:01:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hasheaa8b4aa123f9dd7237c5c51d2f848d9 1082f5f6ef7229ec76f94f3d236f273b26294563 d1ad33dae2fcab5c7d66875f0e7a01cc30e0b3a031606917fa5448c54f84e20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| whatthefhappened.net/wp-content/plugins/coblocks/dist/js/coblocks-animation.js?ver=2.24.4 | 192.124.249.115 | 200 OK | 245 B |
URL HTTP/2whatthefhappened.net/wp-content/plugins/coblocks/dist/js/coblocks-animation.js?ver=2.24.4 IP192.124.249.115:0
File typeASCII text, with very long lines (412), with no line terminators Hash3ad6349721be488dfc84046965e69e58 7925e320eb014155389d22c396d2b4c832689a89 6e6406b5ba3b9c86e33776f425e989ace6feb60abbc176e70946fc2649303fac
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/coblocks/dist/js/coblocks-animation.js?ver=2.24.4 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: application/javascript
content-length: 245
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
accept-ranges: bytes
age: 182216
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
last-modified: Fri, 16 Sep 2022 22:41:07 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
|
|
| c0.wp.com/p/jetpack/11.3.1/css/jetpack.css | 192.0.77.37 | 200 OK | 16 kB |
URL HTTP/2c0.wp.com/p/jetpack/11.3.1/css/jetpack.css IP192.0.77.37:0
File typeUnicode text, UTF-8 text, with very long lines (65533), with no line terminators Hash43c8e5df7efc432f6abeefac84b27324 525ffc5703e2159acd894a31ef8a712b03e68a81 130d86005b06397983c5a0b24d0f638e6f65f4bc13f726bc14cea5ef47902c86
GET /p/jetpack/11.3.1/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 19 Jul 2022 17:25:16 GMT
content-encoding: br
expires: Tue, 19 Sep 2023 02:01:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.0.2/wp-includes/css/dist/components/style.min.css | 192.0.77.37 | 200 OK | 15 kB |
URL HTTP/2c0.wp.com/c/6.0.2/wp-includes/css/dist/components/style.min.css IP192.0.77.37:0
File typeUnicode text, UTF-8 text, with very long lines (41679) Hash0bddd180c40b9bfc6bcc85e6d0662a4e c91c2dd5b959601eaa1af53399ad03e62538fe68 518442c0430d94abae838c18413cb404c82d5dc2061a40538aa36ee76678c902
GET /c/6.0.2/wp-includes/css/dist/components/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 19 Apr 2022 15:11:17 GMT
content-encoding: br
expires: Tue, 19 Sep 2023 02:01:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.0.2/wp-includes/css/dashicons.min.css | 192.0.77.37 | 200 OK | 36 kB |
URL HTTP/2c0.wp.com/c/6.0.2/wp-includes/css/dashicons.min.css IP192.0.77.37:0
File typeASCII text, with very long lines (58981) Hash157bb06af119a575fcf1fcf140fadd96 cb5581274a7921f833f3d312b7fe0d0d6ae3b438 a50ad282ddd656e82e10184281052e953761e9462351020082e3ea1f5833af16
GET /c/6.0.2/wp-includes/css/dashicons.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
content-encoding: br
expires: Tue, 19 Sep 2023 02:01:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash85aa2dcaf76d25900c78356e5e1c254f 46cd66c9921a162c9e67cfa7d85bc82e5967d531 741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5350
Expires: Mon, 19 Sep 2022 03:30:15 GMT
Date: Mon, 19 Sep 2022 02:01:05 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a5d9ce-7d6b-4006-832c-dda7f7999129.jpeg | 34.120.237.76 | 200 OK | 9.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a5d9ce-7d6b-4006-832c-dda7f7999129.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashf99c08fdd1a74ec569e02207b9919df8 3f24ca8e9c96f3c9ca2e95946f1f67d242c7e5df 7b5f48166db186dcf19987f5f91cb03cbd069ec74de8ea42059626019b00fc14
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96a5d9ce-7d6b-4006-832c-dda7f7999129.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9371
x-amzn-requestid: dd94b1a0-f6a1-4e41-8b97-9c9904b6f6b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRFF6rIAMFY2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf39-289c5acb4e5bcb715b689f55;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Ru8zmqf8FBNIJatpnkFCgjq49arUFR2o8pqE50dzLOXsgsyaf5oMKg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 14:26:40 GMT
age: 41665
etag: "3f24ca8e9c96f3c9ca2e95946f1f67d242c7e5df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0051cf-bacd-445a-a6c3-6e5be807c94d.jpeg | 34.120.237.76 | 200 OK | 9.8 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0051cf-bacd-445a-a6c3-6e5be807c94d.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hasha29b48f8601db6bee0408f77ef7e1810 35417f27e4529b172aff7581d25ef8de26158a6c 37f2b7accb42719f1f2c25d371691aaed05160bbb40d4941da2650adc12be316
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0051cf-bacd-445a-a6c3-6e5be807c94d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9773
x-amzn-requestid: a66002a7-8621-4e8c-ba24-ca935485c6ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeBrlH7vIAMFz8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322497d-05c3244840ad5aba14217936;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 21:37:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Pb3pzSP2mQJVW2ff5ErXKB-jzLuYDSjENRCbzId9adJXEKIrRRihpw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:53:29 GMT
age: 14856
etag: "35417f27e4529b172aff7581d25ef8de26158a6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad78a6f9-e73d-465c-b7fd-7c8b261e5825.jpeg | 34.120.237.76 | 200 OK | 4.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad78a6f9-e73d-465c-b7fd-7c8b261e5825.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash672ffe8377dcaf5bad2d7e4534441984 e1b634652b4112c30f80745059523cbfce09365a a4b6bcfb246be2d02b5d04b49f9d8c13fef8661abc7d9f146d5cc9c766fc96f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad78a6f9-e73d-465c-b7fd-7c8b261e5825.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4878
x-amzn-requestid: 2d39705a-e054-428a-a3c8-fc0b12e70724
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeH-EGvAoAMFZSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322538d-6ca748d854879c6b0d6194cd;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:19:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Qh4tZrSUApljhjyz5vgrbKiBdVSHyy8xjR4zBj4w_m283Fk2DtW57A==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 08:42:57 GMT
age: 62288
etag: "e1b634652b4112c30f80745059523cbfce09365a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg | 34.120.237.76 | 200 OK | 5.9 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash1105b56cf779b6df1cbd081bbd0cda50 58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c 10c1f0433baf51e06565ff905688075aaba8fec0a8b3f9cef34168e297f94c2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5866
x-amzn-requestid: 3a7db39d-cd4f-486f-954b-39fc7464706c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrNeAE67IAMFSoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63278f8c-66a419ac7fbd977f5f41061b;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: TdVz72qdwMdsuW1WsOq1qEZk2vmbXJlbppLTTsZ9PlrmN7GEph0dyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:51:43 GMT
age: 14962
etag: "58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg | 34.120.237.76 | 200 OK | 6.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash893f3495f1f575e946a57c8e8411b2a5 480182fd29c7edd369339847b85e4e2580cef0f6 097d868881231eae089ac8b97d5dc290583477f63dc35b7458ed4898e0db3e0c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24f3f8eb-09f7-4c60-864d-3ff96da7c86a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6428
x-amzn-requestid: 7dd3072b-403a-4bb4-b8c4-58a6d7c254f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YRmgCGJVIAMFk5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d5133-0756be8c75da02a857e36a2f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 03:08:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UPvPiYucU7q4x4t0X4tGF7XPXUy0D4F0gcXtWVx-MS-MOunPEWcVUA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:53:43 GMT
age: 14842
etag: "480182fd29c7edd369339847b85e4e2580cef0f6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51d0e81a-9a24-4b9d-8b77-02caa029aba6.jpeg | 34.120.237.76 | 200 OK | 7.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51d0e81a-9a24-4b9d-8b77-02caa029aba6.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash87e0d8be3547c9a4e09c496a8e43bfeb 86e5b19c0c395b8cdac33f0e07d1689d00940fac 268a7135b2d273730a258d6af8317436f87e79b652207432a33fce98a9a9121b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51d0e81a-9a24-4b9d-8b77-02caa029aba6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7637
x-amzn-requestid: d3f7a8f4-c5e8-474e-8b62-0677931aae37
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCrNFO5IAMFygA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e47-7cc884381e0ae1144d212b7c;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:59 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lwuuov3xBZDoHGBumvYqgDtQbV0J8lpCyKzmkw_XiNhFeA7DsdPYQw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:56:06 GMT
age: 14699
etag: "86e5b19c0c395b8cdac33f0e07d1689d00940fac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/css/default-block.css?ver=1.0.11 | 192.124.249.115 | 200 OK | 1.8 kB |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/css/default-block.css?ver=1.0.11 IP192.124.249.115:0
File typeASCII text, with CRLF line terminators Hash9688a60e7cc8b2905640bf8e9adbb715 27921760af028a32084eb92d2c028b32cab3f7f3 e856257c4b0d775cd297504deaa701ff698eaef11268df9a9e79fcf986b528bf
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/themes/padma/assets/css/default-block.css?ver=1.0.11 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: text/css
content-length: 1805
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 179456
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
last-modified: Tue, 06 Sep 2022 21:26:08 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: EXPIRED
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/simple-social-buttons/assets/js/frontend-blocks.js?ver=4.0.2 | 192.124.249.115 | 200 OK | 0 B |
URL HTTP/2whatthefhappened.net/wp-content/plugins/simple-social-buttons/assets/js/frontend-blocks.js?ver=4.0.2 IP192.124.249.115:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/simple-social-buttons/assets/js/frontend-blocks.js?ver=4.0.2 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: application/javascript
content-length: 0
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 47003
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "0-5e85e59441739"
last-modified: Sun, 11 Sep 2022 03:26:45 GMT
strict-transport-security: max-age=300
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/cf7-conditional-fields/style.css?ver=2.2.6 | 192.124.249.115 | 200 OK | 544 B |
URL HTTP/2whatthefhappened.net/wp-content/plugins/cf7-conditional-fields/style.css?ver=2.2.6 IP192.124.249.115:0
Hash0fdccc3031d6f88f149a8885572d9b6b 20c56b6425805053c45570c5cee63ecdf5362bb7 c99081dcff7bd4b8dbb80a163e17c4e1e6b59b6653dcaf24368a6beaf7962802
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/cf7-conditional-fields/style.css?ver=2.2.6 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: text/css
content-length: 544
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 29296
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "654-5e85e4defe58b-gzip"
last-modified: Sun, 11 Sep 2022 03:23:35 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/plugins/simple-social-buttons/assets/js/front.js?ver=4.0.2 | 192.124.249.115 | 200 OK | 2.1 kB |
URL HTTP/2whatthefhappened.net/wp-content/plugins/simple-social-buttons/assets/js/front.js?ver=4.0.2 IP192.124.249.115:0
File typeASCII text, with very long lines (360) Hashf8e9d246d4eb640a37526541cfa7f11b ed990c514a4324fc18d09eacbdde5325e581f558 cbe17dbefb8300e6869592b97aa21877036fc192bcdb01fb362c4b690c748657
GET /wp-content/plugins/simple-social-buttons/assets/js/front.js?ver=4.0.2 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: application/javascript
content-length: 2086
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 46993
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "1d3b-5e85e5944414d-gzip"
last-modified: Sun, 11 Sep 2022 03:26:45 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 | 192.124.249.115 | 200 OK | 77 kB |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 IP192.124.249.115:0
File typeWeb Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data Hashaf7ae505a9eed503f8b8e6982036873e d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/themes/padma/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://whatthefhappened.net/wp-content/themes/padma/assets/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: font/woff2
content-length: 77160
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
age: 44534
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "12d68-5e808d83276bc"
last-modified: Tue, 06 Sep 2022 21:26:08 GMT
strict-transport-security: max-age=300
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hasha9323cf0781cad0d5ac23f0c81c105b1 772d0218be53da9f875bb96a287c904976c296da 5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP142.250.74.163:0
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://whatthefhappened.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 368817
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hasha9323cf0781cad0d5ac23f0c81c105b1 772d0218be53da9f875bb96a287c904976c296da 5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hasha9323cf0781cad0d5ac23f0c81c105b1 772d0218be53da9f875bb96a287c904976c296da 5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| whatthefhappened.net/wp-content/plugins/cf7-conditional-fields/js/scripts.js?ver=2.2.6 | 192.124.249.115 | 200 OK | 32 kB |
URL HTTP/2whatthefhappened.net/wp-content/plugins/cf7-conditional-fields/js/scripts.js?ver=2.2.6 IP192.124.249.115:0
File typeUnicode text, UTF-8 text, with very long lines (595) Hashb795fe5b0e1427bc63947383933efc35 d904b2b68687b3b2b2a571b0c76eabc982cd927b d9b1bf981f623e31df8f2030204467161f7628033f3a3ee8a1816b9176592c25
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/cf7-conditional-fields/js/scripts.js?ver=2.2.6 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: application/javascript
content-length: 32273
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 29287
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "220fa-5e85e4de76d0a-gzip"
last-modified: Sun, 11 Sep 2022 03:23:35 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-content/themes/padma/assets/js/padma-script.js?ver=1.0.11 | 192.124.249.115 | 200 OK | 404 B |
URL HTTP/2whatthefhappened.net/wp-content/themes/padma/assets/js/padma-script.js?ver=1.0.11 IP192.124.249.115:0
File typeASCII text, with CRLF line terminators Hash5d307cbbe2b21a397ef5ca4ca8ee0188 190e1dbf5490d64df45b2c5d6454e09b8b3dc8d2 84d7efefe6f454ac3e95c1093e378a89ea1984ad15a8107749d088b6ea4e528b
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/themes/padma/assets/js/padma-script.js?ver=1.0.11 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: application/javascript
content-length: 404
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 107877
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "390-5e808d82e6238-gzip"
last-modified: Tue, 06 Sep 2022 21:26:07 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: REVALIDATED
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP142.250.74.163:0
File typeWeb Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data Hash3a44e06eb954b96aa043227f3534189d 23cef6993ddb2b2979e8e7647fc3763694e2ba7d b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://whatthefhappened.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 02:02:22 GMT
expires: Sun, 17 Sep 2023 02:02:22 GMT
cache-control: public, max-age=31536000
age: 172723
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 142.250.74.163 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP142.250.74.163:0
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://whatthefhappened.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 368817
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| openclipart.org/image/2400px/svg_to_png/183537/NEW%20Improved%20Download%20Downloads%20Clipart%20now.png | 45.79.168.40 | 200 OK | 64 kB |
URL HTTP/2openclipart.org/image/2400px/svg_to_png/183537/NEW%20Improved%20Download%20Downloads%20Clipart%20now.png IP45.79.168.40:0
File typePNG image data, 2400 x 654, 8-bit/color RGBA, non-interlaced\012- data Hasha0a8b9e9ec4c04addc8c10f286b9ac1f da664801c272b816b51d3c083f03df23eb735b09 bf289a75bbf14e9d3a117b915f655864b3a07995c36777d8e3e397d318d283f8
GET /image/2400px/svg_to_png/183537/NEW%20Improved%20Download%20Downloads%20Clipart%20now.png HTTP/1.1
Host: openclipart.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: image/png
content-length: 63732
x-powered-by: PHP/7.4.5
etag: 1526577897
access-control-allow-origin: *
cache-control: public, max-age=604800
strict-transport-security: max-age=63072000
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hasha9323cf0781cad0d5ac23f0c81c105b1 772d0218be53da9f875bb96a287c904976c296da 5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| whatthefhappened.net/wp-content/uploads/complianz/css/banner-1-optout.css?v=21 | 192.124.249.115 | 200 OK | 3.2 kB |
URL HTTP/2whatthefhappened.net/wp-content/uploads/complianz/css/banner-1-optout.css?v=21 IP192.124.249.115:0
File typeASCII text, with very long lines (16643), with no line terminators Hashec560b4211073540697ff2a32a89e5c3 a449ab0d812c649eff801dea034ee7b53670aa3c e4bb79af4caeedca64f941698eff3027989c6aecef0899b7b351e3ced1adce78
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/uploads/complianz/css/banner-1-optout.css?v=21 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: text/css
content-length: 3160
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 482079
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
last-modified: Tue, 22 Mar 2022 19:20:23 GMT
strict-transport-security: max-age=300
vary: Accept-Encoding
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash45f95aa258ab932ac2f8a33ff7944ffe 8f52b66e897dab7cb160d481886805ea216f407f de4fd2aaa566b601e82c38806ec8ea84110b1d63f15efe48186f5bcf70847488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| whatthefhappened.net/wp-content/plugins/simple-social-buttons/assets/fonts/ssb-icon.ttf?eahqa2 | 192.124.249.115 | 200 OK | 6.1 kB |
URL HTTP/2whatthefhappened.net/wp-content/plugins/simple-social-buttons/assets/fonts/ssb-icon.ttf?eahqa2 IP192.124.249.115:0
File typeTrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, ssb-icon \012- data Hashf1b1d862a569bbf26afef363472464ea 5649aa27d2572f5597ef594d11eddd9bd8c2164f 65effed019c96df30638340081f21c1fe64e87f1230ddb0d48e2e8b763dbd131
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /wp-content/plugins/simple-social-buttons/assets/fonts/ssb-icon.ttf?eahqa2 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/wp-content/plugins/simple-social-buttons/assets/css/front.css?ver=4.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: font/ttf
content-length: 6136
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
accept-ranges: bytes
access-control-allow-origin: *
age: 61560
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "17f8-5e85e594ca2c2"
last-modified: Sun, 11 Sep 2022 03:26:46 GMT
strict-transport-security: max-age=300
vary: User-Agent
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES:Forced
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
|
|
| pixel.wp.com/g.gif?v=ext&j=1%3A11.3.1&blog=56067052&post=4280&tz=-4&srv=whatthefhappened.net&host=whatthefhappened.net&ref=&fcp=2825&rand=0.45748589030259346 | 192.0.76.3 | 200 OK | 50 B |
URL HTTP/2pixel.wp.com/g.gif?v=ext&j=1%3A11.3.1&blog=56067052&post=4280&tz=-4&srv=whatthefhappened.net&host=whatthefhappened.net&ref=&fcp=2825&rand=0.45748589030259346 IP192.0.76.3:0
File typeGIF image data, version 89a, 6 x 5\012- data Hashe4d673a55c5656f19ef81563fb10884c 1f2d8ed221d39329251ad3a6ff1edb20b7219443 f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&j=1%3A11.3.1&blog=56067052&post=4280&tz=-4&srv=whatthefhappened.net&host=whatthefhappened.net&ref=&fcp=2825&rand=0.45748589030259346 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=UA-32698033-1 | 142.250.74.40 | 200 OK | 42 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=UA-32698033-1 IP142.250.74.40:0
File typeASCII text, with very long lines (1720) Hash0b738629eba6c33eb678fc66cd06ff39 6f0da6192e2e34c658d32ac3a4733f0efb3885e5 7624911cc0484c9a7424ee0dbd89982baa0205327883d5aa70a9257af74f5e43
GET /gtag/js?id=UA-32698033-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 Sep 2022 02:01:05 GMT
expires: Mon, 19 Sep 2022 02:01:05 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42393
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash45f95aa258ab932ac2f8a33ff7944ffe 8f52b66e897dab7cb160d481886805ea216f407f de4fd2aaa566b601e82c38806ec8ea84110b1d63f15efe48186f5bcf70847488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| whatthefhappened.net/favicon.ico | 192.124.249.115 | 200 OK | 0 B |
URL HTTP/2whatthefhappened.net/favicon.ico IP192.124.249.115:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: image/x-icon
content-length: 0
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
age: 48924
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
etag: "0-5737d315036c0"
last-modified: Wed, 15 Aug 2018 18:06:59 GMT
strict-transport-security: max-age=300
x-backend: local
x-cache: cached
x-cache-hit: HIT
x-cacheable: YES
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.google-analytics.com/analytics.js | 142.250.74.174 | 200 OK | 20 kB |
URL HTTP/2www.google-analytics.com/analytics.js IP142.250.74.174:0
File typeASCII text, with very long lines (1325) Hash56f5d7f608e25d64207135f045f988cb 901eb59372ae330ae85e1384da93479b21ae1082 1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Mon, 19 Sep 2022 00:41:12 GMT
expires: Mon, 19 Sep 2022 02:41:12 GMT
cache-control: public, max-age=7200
age: 4794
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| google-analytics.com/analytics.js | 216.58.211.4 | 200 OK | 20 kB |
URL HTTP/2google-analytics.com/analytics.js IP216.58.211.4:0
File typeASCII text, with very long lines (1325) Hash56f5d7f608e25d64207135f045f988cb 901eb59372ae330ae85e1384da93479b21ae1082 1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Mon, 19 Sep 2022 01:16:56 GMT
expires: Mon, 19 Sep 2022 03:16:56 GMT
cache-control: public, max-age=7200
age: 2650
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash6f0747f732f05e110f9fe9938de620d3 d4e9a55014187d0d2af174e5c27d03cc10c6cb05 32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash6f0747f732f05e110f9fe9938de620d3 d4e9a55014187d0d2af174e5c27d03cc10c6cb05 32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=660515782&gjid=1102591982&_gid=844314566.1663552847&_u=IEBAAEAAAAAAAC~&z=891207453 | 142.251.1.155 | 200 OK | 4 B |
URL HTTP/2stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=660515782&gjid=1102591982&_gid=844314566.1663552847&_u=IEBAAEAAAAAAAC~&z=891207453 IP142.251.1.155:0
File typeASCII text, with no line terminators Hash48c0473b7821185d937e685216e2168b 3743e47f8a429a5e87b86cb582d78940733d9d2e 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=660515782&gjid=1102591982&_gid=844314566.1663552847&_u=IEBAAEAAAAAAAC~&z=891207453 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://whatthefhappened.net
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://whatthefhappened.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 19 Sep 2022 02:01:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=1196866950&gjid=119858432&_gid=844314566.1663552847&_u=YEDAAUABAAAAAC~&z=2073198788 | 142.251.1.155 | 200 OK | 4 B |
URL HTTP/2stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=1196866950&gjid=119858432&_gid=844314566.1663552847&_u=YEDAAUABAAAAAC~&z=2073198788 IP142.251.1.155:0
File typeASCII text, with no line terminators Hash48c0473b7821185d937e685216e2168b 3743e47f8a429a5e87b86cb582d78940733d9d2e 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=1196866950&gjid=119858432&_gid=844314566.1663552847&_u=YEDAAUABAAAAAC~&z=2073198788 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://whatthefhappened.net
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://whatthefhappened.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 19 Sep 2022 02:01:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.sca1b.amazontrust.com/ | 143.204.42.158 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP143.204.42.158:0
Hash6d04af09bded95f6bcfeb7bde22db86d 3bd8a89c23a3fa28f1469f853292310714f785bd ea5dbc2d0bcbe2949b0a11775a62b804e14158fb0a837c91cc725518288a54ab
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 02:01:06 GMT
Last-Modified: Mon, 19 Sep 2022 01:29:18 GMT
Server: ECS (nyb/1D24)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: u5v-AzekRi5CvaIcKbkw1UAe4nMlh9hLmw3MMUMrDZUQd-Fm_v-EGA==
Age: 1908
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash6f0747f732f05e110f9fe9938de620d3 d4e9a55014187d0d2af174e5c27d03cc10c6cb05 32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| l.sharethis.com/pview?event=pview&hostname=whatthefhappened.net&location=%2F&product=ga&url=https%3A%2F%2Fwhatthefhappened.net%2F%3Fp%3D4280&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=AutoCAD%202019%2023.0%20Crack%20Codigo%20de%20licencia%20y%20Keygen%20%5BUltimo%202022%5D%20%E2%93%B5%20-%20What%20the%20F%20Happened%3F&cms=unknown&publisher=60503e544d1bac0012adefa8&sop=true&version=st_sop.js&lang=en&description=Table%20of%20Contents1%20AutoCAD%202019%2023.0%20Gratis2%20AutoCAD%202019%2023.0%20Crack%20%2B%20con%20clave%20de%20licencia%20Gratis%20%5B32%7C64bit%5D3%20AutoCAD%202019%2023.04%20%3FQue%20hay%20de%20nuevo%20en%20el%3F5%20Requisitos%20del%20sistema%3A%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20AutoCAD%202019%2023.0%20Gratis%20%C2%BFPor%20qu%C3%A9%20usar%20AutoCAD%3F%20Hay%20muchas%20razones%20para%20usar%20AutoCAD.%20La%20m%C3%A1s%20com%C3%BAn%20es%20la%20%5B%E2%80%A6%5D |  3.127.1.244 | 204 No Content | 0 B |
URL HTTP/1.1l.sharethis.com/pview?event=pview&hostname=whatthefhappened.net&location=%2F&product=ga&url=https%3A%2F%2Fwhatthefhappened.net%2F%3Fp%3D4280&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=AutoCAD%202019%2023.0%20Crack%20Codigo%20de%20licencia%20y%20Keygen%20%5BUltimo%202022%5D%20%E2%93%B5%20-%20What%20the%20F%20Happened%3F&cms=unknown&publisher=60503e544d1bac0012adefa8&sop=true&version=st_sop.js&lang=en&description=Table%20of%20Contents1%20AutoCAD%202019%2023.0%20Gratis2%20AutoCAD%202019%2023.0%20Crack%20%2B%20con%20clave%20de%20licencia%20Gratis%20%5B32%7C64bit%5D3%20AutoCAD%202019%2023.04%20%3FQue%20hay%20de%20nuevo%20en%20el%3F5%20Requisitos%20del%20sistema%3A%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20AutoCAD%202019%2023.0%20Gratis%20%C2%BFPor%20qu%C3%A9%20usar%20AutoCAD%3F%20Hay%20muchas%20razones%20para%20usar%20AutoCAD.%20La%20m%C3%A1s%20com%C3%BAn%20es%20la%20%5B%E2%80%A6%5D IP3.127.1.244:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pview?event=pview&hostname=whatthefhappened.net&location=%2F&product=ga&url=https%3A%2F%2Fwhatthefhappened.net%2F%3Fp%3D4280&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=AutoCAD%202019%2023.0%20Crack%20Codigo%20de%20licencia%20y%20Keygen%20%5BUltimo%202022%5D%20%E2%93%B5%20-%20What%20the%20F%20Happened%3F&cms=unknown&publisher=60503e544d1bac0012adefa8&sop=true&version=st_sop.js&lang=en&description=Table%20of%20Contents1%20AutoCAD%202019%2023.0%20Gratis2%20AutoCAD%202019%2023.0%20Crack%20%2B%20con%20clave%20de%20licencia%20Gratis%20%5B32%7C64bit%5D3%20AutoCAD%202019%2023.04%20%3FQue%20hay%20de%20nuevo%20en%20el%3F5%20Requisitos%20del%20sistema%3A%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20%C2%A0%20AutoCAD%202019%2023.0%20Gratis%20%C2%BFPor%20qu%C3%A9%20usar%20AutoCAD%3F%20Hay%20muchas%20razones%20para%20usar%20AutoCAD.%20La%20m%C3%A1s%20com%C3%BAn%20es%20la%20%5B%E2%80%A6%5D HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://whatthefhappened.net
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: https://whatthefhappened.net
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 19 Sep 2022 02:01:06 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashfd6f5d48a8eb6a76f7c699a235f6ed95 6dfe5af37fa0c7a6ed073d73d8be6e23ec4e1cc4 a7239c791a93ecf634d1afef2a09feae30f46decdbfa039403bd10394e444d56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashfd6f5d48a8eb6a76f7c699a235f6ed95 6dfe5af37fa0c7a6ed073d73d8be6e23ec4e1cc4 a7239c791a93ecf634d1afef2a09feae30f46decdbfa039403bd10394e444d56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash4ee5c6443c11da4a5cf7ea801cd0c62f e742a7ee1cbedf1a23a82361f3873dbc165f927c e3682e49ed03efcf590a500154380807b54433f8344923e9017994bdf0d46924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hash4ee5c6443c11da4a5cf7ea801cd0c62f e742a7ee1cbedf1a23a82361f3873dbc165f927c e3682e49ed03efcf590a500154380807b54433f8344923e9017994bdf0d46924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=660515782&_u=IEBAAEAAAAAAAC~&z=1809570022 | 142.250.74.3 | 200 OK | 42 B |
URL HTTP/2www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=660515782&_u=IEBAAEAAAAAAAC~&z=1809570022 IP142.250.74.3:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=660515782&_u=IEBAAEAAAAAAAC~&z=1809570022 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 02:01:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=1196866950&_u=YEDAAUABAAAAAC~&z=1963670254 | 142.250.74.3 | 200 OK | 42 B |
URL HTTP/2www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=1196866950&_u=YEDAAUABAAAAAC~&z=1963670254 IP142.250.74.3:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=1196866950&_u=YEDAAUABAAAAAC~&z=1963670254 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 02:01:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=1196866950&_u=YEDAAUABAAAAAC~&z=1963670254 | 142.250.74.132 | 200 OK | 42 B |
URL HTTP/2www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=1196866950&_u=YEDAAUABAAAAAC~&z=1963670254 IP142.250.74.132:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=1196866950&_u=YEDAAUABAAAAAC~&z=1963670254 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 02:01:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 471 B |
IP142.250.74.3:0
Hashfd6f5d48a8eb6a76f7c699a235f6ed95 6dfe5af37fa0c7a6ed073d73d8be6e23ec4e1cc4 a7239c791a93ecf634d1afef2a09feae30f46decdbfa039403bd10394e444d56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=660515782&_u=IEBAAEAAAAAAAC~&z=1809570022 | 142.250.74.132 | 200 OK | 42 B |
URL HTTP/2www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=660515782&_u=IEBAAEAAAAAAAC~&z=1809570022 IP142.250.74.132:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-32698033-1&cid=428618768.1663552847&jid=660515782&_u=IEBAAEAAAAAAAC~&z=1809570022 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 02:01:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.3 | 200 OK | 472 B |
IP142.250.74.3:0
Hash56433b6932f28a949ac82fec1caa9e99 017c5a1ccc0f6e68fd60a9d0658c0526b81b4156 a6fe9208db3d30b3a81378a59aa588480ab2080c33f1d0921752c2dfdc76d1fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 02:01:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| buttons-config.sharethis.com/js/60503e544d1bac0012adefa8.js | 54.230.111.117 | 200 OK | 30 B |
URL HTTP/2buttons-config.sharethis.com/js/60503e544d1bac0012adefa8.js IP54.230.111.117:0
File typeASCII text, with no line terminators Hashe6e1643313740711175f51662a65b42f c3fc7a03fea3138a1497dab12d5b4e40fd4aeaef 2c29defe29114d0e8b948e78d50ebb281035df53a9167089deb1e77e801bbd2f
GET /js/60503e544d1bac0012adefa8.js HTTP/1.1
Host: buttons-config.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 30
last-modified: Tue, 16 Mar 2021 05:12:53 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 02:01:07 GMT
cache-control: max-age=60,public
etag: "e6e1643313740711175f51662a65b42f"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: RefreshHit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fYaGsVJfLGFbBzefkRbWUbjSDLCrgO1TtWfBC5xNwBhkcL2VZIV4WA==
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/wp-admin/admin-ajax.php | 192.124.249.115 | 200 OK | 66 B |
URL HTTP/2whatthefhappened.net/wp-admin/admin-ajax.php IP192.124.249.115:0
File typeJSON data\012- , ASCII text, with no line terminators Hashaddd1e1f713c152991674230c603ebe7 63985c6af231237f2713ee30dd10be23fe95e47a 5fb81c42aca5ddbc6ffd3799bb02fd3ad874f13ef7c157ff5cccb544e76a3006
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://whatthefhappened.net
Connection: keep-alive
Referer: https://whatthefhappened.net/?p=4280
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:07 GMT
content-type: text/html; charset=UTF-8
content-length: 66
x-sucuri-id: 19015
accept-ranges: none
access-control-allow-credentials: true
access-control-allow-origin: https://whatthefhappened.net
cache-control: no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
expires: Wed, 11 Jan 1984 05:00:00 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=300
vary: Accept-Encoding
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff, nosniff
x-fawn-proc-count: 1,2,24
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-php-version: 7.4
x-robots-tag: noindex
x-xss-protection: 1; mode=block, 1; mode=block
X-Firefox-Spdy: h2
|
|
| stats.wp.com/e-202238.js | 192.0.76.3 | 200 OK | 0 B |
IP192.0.76.3:0
GET /e-202238.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 11 Sep 2023 07:31:45 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery.min.js | 192.0.77.37 | 200 OK | 0 B |
URL HTTP/2c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery.min.js IP192.0.77.37:0
GET /c/6.0.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
content-encoding: br
expires: Tue, 19 Sep 2023 02:01:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css | 192.0.77.37 | 200 OK | 0 B |
URL HTTP/2c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css IP192.0.77.37:0
GET /c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Tue, 19 Sep 2023 02:01:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| whatthefhappened.net/?p=4280 | 192.124.249.115 | 200 OK | 0 B |
URL HTTP/2whatthefhappened.net/?p=4280 IP192.124.249.115:0
| Analyzer | Verdict | Alert |
|---|
| fortinet | Phishing | |
GET /?p=4280 HTTP/1.1
Host: whatthefhappened.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:04 GMT
content-type: text/html; charset=UTF-8
x-sucuri-id: 19015
x-frame-options: SAMEORIGIN
accept-ranges: bytes
age: 0
content-encoding: gzip
content-security-policy: upgrade-insecure-requests;, upgrade-insecure-requests
strict-transport-security: max-age=300
vary: Accept-Encoding, User-Agent
x-backend: local
x-cache: uncached
x-cache-hit: MISS
x-cacheable: YES:Forced
x-cacheproxy-retries: 0/2
x-content-type-options: nosniff, nosniff
x-fawn-proc-count: 1,2,24
x-php-version: 7.4
x-xss-protection: 1; mode=block, 1; mode=block
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
|
|
| platform-api.sharethis.com/js/sharethis.js | 143.204.55.67 | 200 OK | 0 B |
URL HTTP/2platform-api.sharethis.com/js/sharethis.js IP143.204.55.67:0
GET /js/sharethis.js HTTP/1.1
Host: platform-api.sharethis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-encoding: gzip
edge-control: cache-maxage=60m,downstream-ttl=60m
x-frame-options: SAMEORIGIN
cache-control: max-age=600, public
date: Mon, 19 Sep 2022 01:57:25 GMT
etag: W/"2f749-jZtDoLQECLv0cAmOiJJ6B61Kdic"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PTnwVdfHTsxDQBxxBAdiIQgFgRktBB9_ZVS4IqmbJGhg05HHCr0vMQ==
age: 221
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js | 192.0.77.37 | 200 OK | 0 B |
URL HTTP/2c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js IP192.0.77.37:0
GET /c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Tue, 19 Sep 2023 02:01:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto%3A300%2C300i%2C400%2C400i%2C500%2C700&subset=latin%2Clatin-ext | 216.58.211.10 | 200 OK | 0 B |
URL HTTP/2fonts.googleapis.com/css?family=Roboto%3A300%2C300i%2C400%2C400i%2C500%2C700&subset=latin%2Clatin-ext IP216.58.211.10:0
GET /css?family=Roboto%3A300%2C300i%2C400%2C400i%2C500%2C700&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 19 Sep 2022 02:01:05 GMT
date: Mon, 19 Sep 2022 02:01:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.0.2/wp-includes/js/comment-reply.min.js | 192.0.77.37 | 200 OK | 0 B |
URL HTTP/2c0.wp.com/c/6.0.2/wp-includes/js/comment-reply.min.js IP192.0.77.37:0
GET /c/6.0.2/wp-includes/js/comment-reply.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-encoding: br
expires: Tue, 19 Sep 2023 02:01:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| c0.wp.com/c/6.0.2/wp-includes/css/dist/block-library/style.min.css | 192.0.77.37 | 200 OK | 0 B |
URL HTTP/2c0.wp.com/c/6.0.2/wp-includes/css/dist/block-library/style.min.css IP192.0.77.37:0
GET /c/6.0.2/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whatthefhappened.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 02:01:05 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 04 Jul 2022 12:10:37 GMT
content-encoding: br
expires: Tue, 19 Sep 2023 02:01:05 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
0.0.0.0