awaremeapp.com/wp-content/uploads/2022/visceromotor/tropaeolaceous_undilution.html?so=dzid
3.228.132.41301 Moved Permanently 178 B URL HTTP/1.1 awaremeapp.com/wp-content/uploads/2022/visceromotor/tropaeolaceous_undilution.html?so=dzid
IP 3.228.132.41:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash bd2695f4b079c71dbddde3436286fb9c
733c05da132193d6cf1d8e242d12e2525c03bab4
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b
GET /wp-content/uploads/2022/visceromotor/tropaeolaceous_undilution.html?so=dzid HTTP/1.1
Host: awaremeapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 02 Dec 2022 05:52:55 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://awaremeapp.com/wp-content/uploads/2022/visceromotor/tropaeolaceous_undilution.html?so=dzid
r3.o.lencr.org/
184.51.252.197200 OK 503 B IP 184.51.252.197:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9300
Expires: Fri, 02 Dec 2022 08:27:55 GMT
Date: Fri, 02 Dec 2022 05:52:55 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 58
Cache-Control: max-age=103155
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 05:52:55 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 10:32:10 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
184.51.252.197200 OK 503 B IP 184.51.252.197:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6331
Expires: Fri, 02 Dec 2022 07:38:26 GMT
Date: Fri, 02 Dec 2022 05:52:55 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2ueBz1+LerjhxvggbYrke4VYQdgJ5CH8dzI7pUp6fSbR5O9DGuAsySLYpajDwG3qoKPy9yXNDHY=
x-amz-request-id: K2Q1KA16ZMNEZW0K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 05:46:35 GMT
age: 380
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 05:19:51 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1984
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 05:52:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
184.51.252.197200 OK 503 B IP 184.51.252.197:0
ASN #20940 Akamai International B.V.
Hash 1b31251d64a7d4c7964ce3421ee3140c
15413511a254c2449974df679360b1c7d5b8d4a5
370d3be4f603bd9fc7c6ba3ce13f4d5b955c6d119ce6365fa7c1958cc8199ec9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370D3BE4F603BD9FC7C6BA3CE13F4D5B955C6D119CE6365FA7C1958CC8199EC9"
Last-Modified: Thu, 01 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21542
Expires: Fri, 02 Dec 2022 11:51:57 GMT
Date: Fri, 02 Dec 2022 05:52:55 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 05:08:57 GMT
cache-control: public,max-age=3600
age: 2638
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
awaremeapp.com/wp-content/uploads/2022/visceromotor/tropaeolaceous_undilution.html?so=dzid
3.228.132.41200 OK 112 B URL HTTP/1.1 awaremeapp.com/wp-content/uploads/2022/visceromotor/tropaeolaceous_undilution.html?so=dzid
IP 3.228.132.41:0
File type HTML document, ASCII text
Hash 62b609562c64ed58053a2bf4f44e7c7a
4201270176a0bd9e1d3931913b55156a9d9479ab
81bd5566ecf1227256b0c03bc75fd076eb5d175367e641fd2b311890d31ac259
GET /wp-content/uploads/2022/visceromotor/tropaeolaceous_undilution.html?so=dzid HTTP/1.1
Host: awaremeapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 02 Dec 2022 05:52:55 GMT
Content-Type: text/html
Content-Length: 112
Last-Modified: Fri, 22 Apr 2022 08:58:58 GMT
Connection: keep-alive
ETag: "62626e52-70"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 53
Cache-Control: max-age=98087
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 05:52:55 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:07:42 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
matchandate.com/match2/index.html
46.161.40.116200 OK 114 B URL HTTP/1.1 matchandate.com/match2/index.html
IP 46.161.40.116:0
ASN #209272 Alviva Holding Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash a8bcb92cad83595aea92d5cce3846750
39b701b14d8214a7580e35ab600160ea75dfb663
ad38224be64f82bbf803ff6bb43db294414e9a67b3a13ff3587a286f7de6fd6f
Analyzer Verdict Alert fortinet Phishing
GET /match2/index.html HTTP/1.1
Host: matchandate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 05:52:56 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 26 May 2021 18:12:52 GMT
ETag: "7c-5c33f97483100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 114
Keep-Alive: timeout=2, max=100
Content-Type: text/html
matchandate.com/match2/obfuscated_redirect.js
46.161.40.116200 OK 634 B URL HTTP/1.1 matchandate.com/match2/obfuscated_redirect.js
IP 46.161.40.116:0
ASN #209272 Alviva Holding Limited
File type ASCII text, with very long lines (1233), with no line terminators
Hash d4c212f797a8d43198a44df9aa2612cc
9a2ededa4fcc8814fc7ecd729289da8fe3c56e9e
3e04597967910e115bd3a610a0a81f38c6631682a2858100455f91f77fa7e63c
Analyzer Verdict Alert fortinet Phishing
GET /match2/obfuscated_redirect.js HTTP/1.1
Host: matchandate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://matchandate.com/match2/index.html
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 05:52:56 GMT
Server: Apache/2
Last-Modified: Wed, 13 Jul 2022 19:54:56 GMT
ETag: "4d1-5e3b528c2e400-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 634
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: application/javascript
matchandate.com/favicon.ico
46.161.40.116404 Not Found 198 B URL HTTP/1.1 matchandate.com/favicon.ico
IP 46.161.40.116:0
ASN #209272 Alviva Holding Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 29af052e034ee6199b36229f171a464e
1d1698c502a1c37a1f1ac46177fb0f235c05f86b
b2f916b833ae14b9c54d21b857466edd6a64c7087efeacf095b730b83828f4b1
GET /favicon.ico HTTP/1.1
Host: matchandate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://matchandate.com/match2/index.html
HTTP/1.1 404 Not Found
Date: Fri, 02 Dec 2022 05:52:56 GMT
Server: Apache/2
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 198
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: text/html
push.services.mozilla.com/
34.216.88.5101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.88.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uS9Jd2tS6jdjljc2evIhBg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CUodY5N+fwbdW2lXOkVozEbijQ8=
r3.o.lencr.org/
184.51.252.197200 OK 503 B IP 184.51.252.197:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8167
Expires: Fri, 02 Dec 2022 08:09:04 GMT
Date: Fri, 02 Dec 2022 05:52:57 GMT
Connection: keep-alive
r3.o.lencr.org/
184.51.252.197200 OK 503 B IP 184.51.252.197:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8167
Expires: Fri, 02 Dec 2022 08:09:04 GMT
Date: Fri, 02 Dec 2022 05:52:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60ccdde4ce64b4a3fe6fc2a059b3bde1
5ce119089f4a4cd139b523889b6cd84cd79191f4
2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 29046
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
184.51.252.197200 OK 503 B IP 184.51.252.197:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8167
Expires: Fri, 02 Dec 2022 08:09:04 GMT
Date: Fri, 02 Dec 2022 05:52:57 GMT
Connection: keep-alive
r3.o.lencr.org/
184.51.252.197200 OK 503 B IP 184.51.252.197:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8167
Expires: Fri, 02 Dec 2022 08:09:04 GMT
Date: Fri, 02 Dec 2022 05:52:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
age: 28884
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
184.51.252.197200 OK 503 B IP 184.51.252.197:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8167
Expires: Fri, 02 Dec 2022 08:09:04 GMT
Date: Fri, 02 Dec 2022 05:52:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:15:42 GMT
age: 81435
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd8ad22c2eb1eb91c76970fa449f1bc4
0de97f3a4964038222bd751e043e413113e6db9d
668f805815aede3bc04f8564bd6aefd56029362bb0aa8a794673eb78ab2d4643
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4834
x-amzn-requestid: 63a0b8b5-5cb3-4a1f-aa46-47c84abe726f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQrjEeAIAMF3sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7e3-0032799009f893ba79f314db;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:02:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bBj-TXtavCuORZ9qBoZeVj-GXeRljAeW-98HY7lTk5_VRSKF4_07VQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 04:22:38 GMT
age: 5419
etag: "0de97f3a4964038222bd751e043e413113e6db9d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 29890
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58a28fc1cbcacdb07b3ca175281982b5
9bc47ee49fc070d0997e49a719bd9758685ad583
d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mwGAEu-gPXY5Opwd972VbBA6l33dNk7bPFSyZmciaplQKj2ZuTkQSg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:47:56 GMT
age: 29101
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
184.51.252.197200 OK 503 B IP 184.51.252.197:0
ASN #20940 Akamai International B.V.
Hash 867575c35c78a10980c277b47971ecf0
1b41f54329c7ff36b14a7856d8919d742cdd7dde
73fec1b1ab9cb8e04e69447792483e057bd32b52839693cd8a336c672e75f8e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73FEC1B1AB9CB8E04E69447792483E057BD32B52839693CD8A336C672E75F8E4"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 02 Dec 2022 11:52:59 GMT
Date: Fri, 02 Dec 2022 05:52:59 GMT
Connection: keep-alive
befjajh.hornydats.com/s/62cf1c2230951
178.162.199.80200 OK 1.8 kB URL HTTP/1.1 befjajh.hornydats.com/s/62cf1c2230951
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 3bf7ccbc01e5a6f3182de879d88d1b50
aada013002dc9a09fae1b3fbc864a468101e4d2e
5d6bcf87d229acd7124eb271054ce4dce87f19e362ee39559cbff3a941ac0ec0
Analyzer Verdict Alert fortinet Phishing
GET /s/62cf1c2230951 HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://matchandate.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:52:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D; expires=Sat, 03-Dec-2022 05:52:59 GMT; Max-Age=86400; path=/; domain=hornydats.com
SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=hornydats.com
ESID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=hornydats.com
Content-Encoding: gzip
cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css
104.17.25.14200 OK 3.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (52592)
Hash 9266f9107ebcfd5961b230047eb0bb94
082cca30d08963a57887613907e9c397889d3c10
d134df9ecd44a8aa61a0c0f309bc44664472f0555bdb7948021f2ed3b329368c
GET /ajax/libs/animate.css/3.5.2/animate.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 05:52:59 GMT
content-type: text/css; charset=utf-8
content-length: 3279
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d2a-ce35"
last-modified: Mon, 04 May 2020 16:04:58 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 44006
expires: Wed, 22 Nov 2023 05:52:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5sd9EtwkQgg72ZpPC8UIUIGtxRi0WCkHnd%2BTC67pgyefUsKWbWm1zsHwFtcpUbqiFWEO%2B1LliJlMGWAvg0C3bSJDGd5YA8U1DGE9NfWl%2Bu7XdlqSJzheKijnKTDOQ%2FcziTxF6dpK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7731ccb68a93b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
code.jquery.com/jquery-2.2.4.min.js
69.16.175.10200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.2.4.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32065)
Hash 82885772205f23cd59e25a221521b059
96ed36f45544295f28df1ab251e7e38faceeff0e
8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215
GET /jquery-2.2.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://befjajh.hornydats.com
Connection: keep-alive
Referer: https://befjajh.hornydats.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 05:52:59 GMT
content-encoding: gzip
content-length: 29811
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1669960379.dop213.sk1.t,1669960379.cds240.sk1.hn,1669960379.cds214.sk1.c
X-Firefox-Spdy: h2
befjajh.hornydats.com/js/click.js?8
178.162.199.80200 OK 5.3 kB URL HTTP/1.1 befjajh.hornydats.com/js/click.js?8
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
Hash 8207d083c909c6386927c5197eff584c
a5f1148a0e9923191d3f8ed4c1750240374af2a9
f71ae9723255b00dcc8e3631fe419cbbb56a80b3034f184ca5292127d7b3eea9
Analyzer Verdict Alert fortinet Phishing
GET /js/click.js?8 HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:52:59 GMT
Content-Type: application/javascript
Content-Length: 5260
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 12:43:05 GMT
Vary: Accept-Encoding
ETag: "6363b759-148c"
Accept-Ranges: bytes
befjajh.hornydats.com/bundle/275/assets/js/functions.js
178.162.199.80200 OK 389 B URL HTTP/1.1 befjajh.hornydats.com/bundle/275/assets/js/functions.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (381), with CRLF line terminators
Hash 7be0a389385d045c27842522fed8530e
930956308fe93dee12fc7689a8684c82a137745c
f179811dfa8ab006893bb729eb43c956e86f5f86047a093325aa31f8e8632f51
Analyzer Verdict Alert fortinet Phishing
GET /bundle/275/assets/js/functions.js HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:52:59 GMT
Content-Type: application/javascript
Content-Length: 389
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
Vary: Accept-Encoding
ETag: "5e78a7f4-185"
Accept-Ranges: bytes
befjajh.hornydats.com/bundle/275/assets/css/style.css
178.162.199.80200 OK 16 kB URL HTTP/1.1 befjajh.hornydats.com/bundle/275/assets/css/style.css
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with CRLF line terminators
Hash dbc14074261efe7a301b4ec0554cd210
9ba275b540b9929b7e04dc55f3342971cd00f1fc
ed416a64ba763bf65cc02caf79a7163306667720a4b1e039e13ad3a97692ca99
GET /bundle/275/assets/css/style.css HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:53:00 GMT
Content-Type: text/css
Content-Length: 15642
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
Vary: Accept-Encoding
ETag: "5e78a7f4-3d1a"
Accept-Ranges: bytes
befjajh.hornydats.com/bundle/275/assets/img/no.png
178.162.199.80200 OK 3.1 kB URL HTTP/1.1 befjajh.hornydats.com/bundle/275/assets/img/no.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash e51438397f6333f22081857d4236efca
4508bc8a99ce403e595f5b31c9e74efeade3b684
fedd7527d1cceee3052bf4bb62e76d56e8200a115d8a2affae23a125578b7ad1
GET /bundle/275/assets/img/no.png HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:53:00 GMT
Content-Type: image/png
Content-Length: 3134
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-c3e"
Accept-Ranges: bytes
befjajh.hornydats.com/bundle/275/assets/img/yes.png
178.162.199.80200 OK 3.5 kB URL HTTP/1.1 befjajh.hornydats.com/bundle/275/assets/img/yes.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3d0dab8337c085af1541ee5b7d63b53b
b8bc0b819b1f4259f179049edb58ed16cc8caf0e
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
GET /bundle/275/assets/img/yes.png HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:53:00 GMT
Content-Type: image/png
Content-Length: 3480
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-d98"
Accept-Ranges: bytes
befjajh.hornydats.com/bundle/275/assets/img/pattern.png
178.162.199.80200 OK 2.8 kB URL HTTP/1.1 befjajh.hornydats.com/bundle/275/assets/img/pattern.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced\012- data
Hash f06b5903c3ed5ef39db9b98b60deba70
f2d93c7d32069d157fa3047b550ef406bea1aa05
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
GET /bundle/275/assets/img/pattern.png HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:53:00 GMT
Content-Type: image/png
Content-Length: 2801
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-af1"
Accept-Ranges: bytes
befjajh.hornydats.com/bundle/275/assets/img/1.jpg
178.162.199.80200 OK 90 kB URL HTTP/1.1 befjajh.hornydats.com/bundle/275/assets/img/1.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1040x660, components 3\012- data
Hash 9a350f9b30c1f5f5635f896bf2487345
82fcc5cbc8e1ba0ab697d27017ab9fe8c6dc5f19
15d4127cd56e1b50b5d57340161ff54d22713da009df6904925833779ab125d0
GET /bundle/275/assets/img/1.jpg HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:53:00 GMT
Content-Type: image/jpeg
Content-Length: 90519
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-16197"
Accept-Ranges: bytes
befjajh.hornydats.com/bundle/275/assets/fonts/Lato-Regular.ttf
178.162.199.80200 OK 120 kB URL HTTP/1.1 befjajh.hornydats.com/bundle/275/assets/fonts/Lato-Regular.ttf
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 30 names, Macintosh, Copyright (c) 2010-2011 by tyPoland Lukasz Dziedzic with Reserved Font Name "Lato". Licensed und\012- data
Size 120 kB (120196 bytes)
Hash 7f690e503a254e0b8349aec0177e07aa
127f241871a9fe42cd8d073a0835410f3824d57c
7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7
Analyzer Verdict Alert fortinet Phishing
GET /bundle/275/assets/fonts/Lato-Regular.ttf HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/bundle/275/assets/css/style.css
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:53:00 GMT
Content-Type: application/octet-stream
Content-Length: 120196
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-1d584"
Accept-Ranges: bytes
befjajh.hornydats.com/js/fp2.min.js
178.162.199.80200 OK 31 kB URL HTTP/1.1 befjajh.hornydats.com/js/fp2.min.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (30507)
Hash e7d6b85edb141824af8951e19333337c
76600b2cb1978ca24d9fe39b1412f052da855ddb
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e
Analyzer Verdict Alert fortinet Phishing
GET /js/fp2.min.js HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D; CF=6WexXoZf5Zx3G83Col6XQQ__
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:53:00 GMT
Content-Type: application/javascript
Content-Length: 30685
Connection: keep-alive
Last-Modified: Thu, 17 Nov 2022 12:43:08 GMT
Vary: Accept-Encoding
ETag: "63762c5c-77dd"
Accept-Ranges: bytes
befjajh.hornydats.com/bundle/275/assets/img/favicon.png
178.162.199.80200 OK 796 B URL HTTP/1.1 befjajh.hornydats.com/bundle/275/assets/img/favicon.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash a6ad4df9ec78d77e3ba0b6cd82fe297a
1314387b8238a472e68db26bcc1cf29948cc1730
6c0f700fed24177a4ba0d9032fc78f9d34254bb9dfae532fd28d28ec4e105b28
GET /bundle/275/assets/img/favicon.png HTTP/1.1
Host: befjajh.hornydats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://befjajh.hornydats.com/s/62cf1c2230951
Cookie: s=vVe5qYdKzaKpA3%2FFX1WELNTyhGO%2Bv9Z5oWD741WlDomHNEifynmTAv1V1hoyzjUQIsquWYqSfK%2BPVrZ%2BuT7I1CB%2BNvgRH6NV%2FTdQXiJj4feWGJiB7uoFvI6xB8%2FeNmplD%2BExpIS2hP6svIsz45D0QY6l3jQGSYEzwUo8f0CLQZsDxB1V%2FkgtiudR6BZ3TIm8R6oC9%2FlXN3%2BaoiqwYZUZYiFi3Wl2s5aanUCWyRLTsCTnbUo6aKWzmJwnbW2W1E5OyMWmer5quCYeTbA3DCVs7fYPBvMVjpensmlkf02MFySjkCOiaXTEJ0GWeK4oF5SHEvoccBQ2D3B59adYlKUu2Svly6a7Gpy6xVFphWRm6WYPWMbvEbGmfgRg6usgVztGKpVFXkk5%2FQEX%2Be%2B9ur0XlQ7GUZOqXNfnpLqoFeDdDpjpSPIR3ALrvz2xJPeLQGvluWWCJFltS7tnTsjVjHKD9%2Fgy3HJdOOCFao%2BK%2BwVFNg5DTVraqkK6tNxL52nG8sSc2lyFoQ9p6uqSzhaDl%2FGltbxX89Jrwn0ILVZXQqeDfFwquyaWwguCyI4I3crDBc06253%2BPXafpTkTZ1blqKFMKyhABlgJOmCe1VrqXbON9K0y0dugJwmyA%2F%2BBX7pKh1LruPWw5RB9N15D7r4ilijgkFh0O7OpSQ%2BQQrIK%2FeRJ1tltxViUbilZDKWXLepSXD1mUn5dnRknXPUIqjGpXDtDDRoCboYsQVehGNUCMdcYQjTyeHxQl%2BrqLmv3cFe573K3UMZ2f1W%2BQ7SuI20Dzc2SBUmn%2FLY2qjrQItytX4JV3do8QjwAPUPX6T%2BAjyeJXS2kmc5p%2FgV5XmTdwRgQpGGtmRjj%2Ft5CYUkLbFxlVYscrK99hzz1o5nUW08Z6P%2BvlaMJl9HTK%2B%2Fk4Lnv3902OWbNg3Y9aarSjWrDC17n98RJ5W65nKwhDZNu6XAmzBQDOFPuNWoZFr4YWIWjxYBAa57THtX%2BbWVtcXZzb%2FoeIDk81ndTTn9heewwSd%2FDFTjOE1NQzK8Ory2Yoo5LHmNZFgUa0Rkllkvwp1NvyxqhkFr%2B8zgF6TyMDs%2FuNdU7kvaIA0eCQBeoiv%2FyWB2aRF48tBU%2FmYcK25dkVwUt5W8rKzSHBpZOsa6bZGxo6m6o2c7B%2FmtqmUjaVMNhouIASoAr%2BaSxT0l3ALPtlkOojlEYzQznzhKNMFPxbAWz2lcSCTFUIEkWRBZP1hwRkyuFtTzai%2FnoCpjKA2zsE9C33nlOgB3SGy6HZAkryWHABv%2F%2FJ9d0rcqgHCsNlACIMquzOb10qu1xc36GJcunCHmn5Vh4sDxv6U3Z%2FE3p51uOeTEJ8dIYYR5PTJSxyH4GluALOlu10TZ8UBwZ4tWUpBaLU%2FRfF00vN3MlCZjXjwqHd0UAblRLyOFGF3mmhw9BYpLorPo8zdUAvVem89mlnWdEpmiGeUMwGQE5UovT8ibfrma08GqkfJVsSdZOfmiRApN%2Blm%2BJPJtgfChC8AFTuKRzmydHMlJfpE1pkIOIwusOpVr1vS5SZnmmXeGOr3IMpeATdqc8ZIX%2FDAK6uCs2BpiZP4EhyOJgyZxg%2Fopu7%2B4a3raqsK1Is7%2BO4n7tu15FCLA6RBT7HczuRUQaGdQ9ZGUJVrM%3D; CF=6WexXoZf5Zx3G83Col6XQQ__
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Fri, 02 Dec 2022 05:53:00 GMT
Content-Type: image/png
Content-Length: 796
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-31c"
Accept-Ranges: bytes