firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 20:15:31 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LLfwtcHC8diulskIDyHNl9_4EzIqF-HAUdGfdPQyU0NZcEdBSvLt6g==
Age: 3457
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7525
Expires: Tue, 27 Sep 2022 23:18:33 GMT
Date: Tue, 27 Sep 2022 21:13:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1017811d25642601e984edc1676d118d
c177c4f7a897584bf91347fa4990c83d6bfd0321
f35bb3a8c877dd8d3c5920f3c917722f12b157aff398e2ec30fab51fa6caa2ef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F35BB3A8C877DD8D3C5920F3C917722F12B157AFF398E2EC30FAB51FA6CAA2EF"
Last-Modified: Mon, 26 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3528
Expires: Tue, 27 Sep 2022 22:11:56 GMT
Date: Tue, 27 Sep 2022 21:13:08 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ke8TmOSKZw7PympIlbmSWM1hXCLrMSyDQDpkG8SnnrgK4E8mfo8K++hTbTAMCqm3rRYinilswEQ=
x-amz-request-id: 0Q6V6SS95WV5AH21
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 27 Sep 2022 20:49:37 GMT
age: 1411
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 21:13:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 21:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 21:11:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: b36285HBwsDf9yEzbQ3PP3kmUHts7-kIVmMaNhEWRsXF5jPoT9d40Q==
Age: 142
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5669
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:08 GMT
Last-Modified: Tue, 27 Sep 2022 19:38:39 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.35.74.102101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.74.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gKXxlj+jz0nH8RYeFYd2Qw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FUH3j5dzT9EV0Me+ZcUlH57tBCY=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3386
Expires: Tue, 27 Sep 2022 22:09:36 GMT
Date: Tue, 27 Sep 2022 21:13:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3386
Expires: Tue, 27 Sep 2022 22:09:36 GMT
Date: Tue, 27 Sep 2022 21:13:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a90590f26bae9ad9e95ffdfbfb7dd21d
cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3
33fe3394213e01d11c3e005cb5a678ba74511704d4132fc2bd9f7ad4e1b7dbfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc9985e6-5fe2-4d64-8060-3ea9e7ea528d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10318
x-amzn-requestid: 6a205445-8a9e-4f25-b144-ba6e6934d383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZCSlhFNAIAMFmBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6330caef-61ecbf9154cd56131b940ac0;Sampled=0
x-amzn-remapped-date: Sun, 25 Sep 2022 21:41:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qP5-TglQAoTGc78-rIK27mKRTS_WthN0OpiiMqSF-y2rmWxVOyfNVw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 19:30:15 GMT
age: 6175
etag: "cde7845f38c4c077f1f1cfda1d1e3b00065d3ac3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5274e770cb5a704916c8965659709f4a
1a26007f761e439db575fb80fb403031260aecf4
e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IWzfDNFlgYdqYnbQ9uWfOvqb5zl3I3mgTZrT5pU5P3EvetMRDN5P7w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:06:47 GMT
age: 72383
etag: "1a26007f761e439db575fb80fb403031260aecf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: fe9ec409-2757-4910-8443-5b4d3be7efd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlATEp8oAMFd9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b9b-3230e97a4fe34413285eb578;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kRSg9NTTAgeAJgIZ_C9_rRodCX4bzGduJEvNPNHUya0Moa2vsmWSoQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:38:57 GMT
age: 84853
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 46e31aa06b8e86a9a5f9ba1cc3feca08
75df3341e30281fcbf78c7074980356fdf0be8e2
d1fd4f81b7e0f43de960f0ee024d9e87bcb395f032a4ab0360e3829d1ec8a42b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5319
x-amzn-requestid: 74191b02-ebea-48bd-8522-f05bf8080f31
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlOKFtsIAMFyGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bf4-1f2daa9d7906bf9812e10953;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Y0gjPs-l9_JD9F-LSH_i1uL2Nz0UcWCG-9PmDmRH8cN_cNAeSchJTA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:00 GMT
etag: "75df3341e30281fcbf78c7074980356fdf0be8e2"
content-type: image/jpeg
age: 84850
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14218a43c5e5bbce546735a780c8ccce
61676358cdbb2373bc644e66f8a84fbc8cc5daf6
905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JXEBo_L_xKuKdeoOXEJ6FO7ZVsZVQzUmQFe7fYcxaHRQNEq1HWp6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:37:50 GMT
age: 70520
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bs6HOUmHOoYKDuzBoVHhcr8d4HP4bBmwUF3EtOmwKXo7ozhfaIYEvw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:07 GMT
age: 84843
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hegodev.com/tds/aietqu
184.168.97.137301 Moved Permanently 1 B IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /tds/aietqu HTTP/1.1
Host: hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
x-powered-by: PHP/7.4.30
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-litespeed-tag: 6ff_HTTP.404,6ff_HTTP.301
x-redirect-by: WordPress
set-cookie: slicevisitor=1; expires=Tue, 27-Sep-2022 21:15:11 GMT; Max-Age=120; path=/
location: https://www.hegodev.com/tds/aietqu
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 21:13:08 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-154422125-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-154422125-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (2039)
Hash 55bbf689243b2cc861d2feb96e4a508a
59e0772349e14cd30df2081911ed659cd1c121b6
d79e780e56026bcfebd0c063df70d129e7570f1de143da6a018ed020382b645e
GET /gtag/js?id=UA-154422125-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 27 Sep 2022 21:13:13 GMT
expires: Tue, 27 Sep 2022 21:13:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42378
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 11b1f146fa6fa4a88b1efc65b548fb73
f3f12e14f8f66a2e7c43015c394af199e4a94e06
74441efb7e39672af50ce0b6190b20d20bc3ae744b415a17f8b96a0f89aa0491
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hegodev.com/tds/aietqu
184.168.97.137404 Not Found 15 kB URL HTTP/2 www.hegodev.com/tds/aietqu
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39232), with CRLF, LF line terminators
Hash 86e6a04ce55e5949925e53992ddde519
02f37f3b7393e5faa1170e68974f181c738e0db5
a60111b564c45d6ce0918fdd40b40f6f798263f74f557900f6bdffdc69c547ea
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /tds/aietqu HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
x-powered-by: PHP/7.4.30
x-litespeed-tag: 6ff_HTTP.404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.hegodev.com/wp-json/>; rel="https://api.w.org/"
set-cookie: slicevisitor=1; expires=Tue, 27-Sep-2022 21:15:13 GMT; Max-Age=120; path=/
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 14914
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 21:13:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2
184.168.97.137200 OK 493 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 34c447fc8b7747ca0cbb40fec67c28cb
5ef14f89ead8d0d496271cc4a0e482419fe4f667
bdb8e3868d4d8efd5135931edd978ed4f16111f110994ff161e44bd7c3d44467
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2862-767-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 493
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2
184.168.97.137200 OK 774 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 6e67560034ebfe1a21ca7838a79b3602
98c217a0786d8196f58ac0046e5572f765f50050
447874e04268e1cd9e1269a6df0d7e1a78fdde489d27c7f247052e59aed4c5b1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2861-d15-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 774
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2
184.168.97.137200 OK 691 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (2414), with CRLF line terminators
Hash 70e97a82cb2bd23c0544142f7ec5e48f
99ce9a22208dc751c6dab5b3bfbe99a73a0ce01a
807b94feb5ee85ba59311b80b2e6a15dbcf06336949e10c5a28eae5d22bfbe9f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281f-9cd-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 691
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2
184.168.97.137200 OK 1.4 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1023), with CRLF line terminators
Hash 73ee631a66b856896702d8f5992129ad
e2a34ecd904e4ae9de4583a545c2717334c385f7
e5f555322926d2339db8f05008e17b35b453350b8ac8c173542845a9b58f571d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa-business/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 15 Apr 2022 11:47:32 GMT
etag: "e3f67-df4-5dcaff9d452af-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1361
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2
184.168.97.137200 OK 2.0 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9062), with no line terminators
Hash 5c569f4b806cef7bae156536de7a6bbe
e333c2951afcd43c3f67af65eec7798142f3b693
87dfa898fa648e03706e8fa4153e5cada9e2c6dc8954607b419d1aa21f3c55f7
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281c-2366-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1955
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
184.168.97.137200 OK 6.6 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (30429)
Hash de7a7b0a7cefd6f77d360ab9819ce7c5
73ab1b9dbc0f89e39140965f7f6cc4edb723ff77
f085f338dd26cfc96e4b338ffe0a6b2fe8e4eb7477bfa14883646c08f6b49634
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:25 GMT
etag: "e4836-777f-5ac8557aaea40-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 6581
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
184.168.97.137200 OK 12 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (59158), with CRLF line terminators
Hash 37a0cc3233ba8513c0996bf4220250fd
e15ddd5aab9ee220054be8d22178b37ce7862a0e
0c23d7e2429213ce557799efab8f3d55d175b6b40ebc650bd01f70bbf6d1c162
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2808-e7d4-5e4d4065d283a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 12405
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
184.168.97.137200 OK 11 kB URL HTTP/2 www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (43771)
Hash 069a79d16ded6a02071f286cd2025c44
dd5970e01b8a10dadcf074f72a1c8095f25e947a
78261bccee805c6913bf7e23e2e25314f05f690300a77a40ca36e1e516b20203
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 04 Jul 2022 12:10:37 GMT
etag: "125f63-15b64-5e2f99fa9e940-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10912
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2
142.250.74.10200 OK 1.9 kB URL HTTP/2 fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2
IP 142.250.74.10:0
Hash 6823962b9cde08e8923e7d1665c9d9b2
5803860d45e0fa9e767c89920b204cf29c6b964b
d746e3ff5e800bc6eba8431a6965a8beee56f989bc0368b6596eefdf733b4cd1
GET /css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 21:13:13 GMT
date: Tue, 27 Sep 2022 21:13:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8
184.168.97.137200 OK 338 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 295d8e7be879e4b8f375f36a9ac45e07
616274653f472969eaa37880ce42db18be993aae
ace732d52491f3fafa3b95770ce6e10b0ef7ce9c87ea178cb8f75927b2379417
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2876-2cc-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 338
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2
184.168.97.137200 OK 1.7 kB URL HTTP/2 www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (5477)
Hash b1ead9e078b8c6a5044a583ef6fbbd5e
577658f92d2657f1131a97b6f128dfdb50d21d1a
b337360f9345d0763a9394d9a2b032459e0fe6199bee2a4b76f2b8ca24d8b867
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/imagesloaded.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126622-15fd-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1733
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8
184.168.97.137200 OK 993 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 0880979edd9517f9a7b7307495d2e853
9680cf285e27e869e1b90baaea045cc375e0a2c1
a25525fac97c4a6cb0c565349aeeae0f79b5bdedc77c88f7521e946bb7567924
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/navigation.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287a-17ab-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 993
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
184.168.97.137200 OK 628 B URL HTTP/2 www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1626)
Hash 5b31f9f2f4e068d0932e615b4c1430d7
a84aad0dae77532f66a7777d67facca9a2e6ab6f
af3fdfe4f024a9ae6bad6e550e63a4636396208b9554a2eb5aa4f8a4de716d0e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 18 Aug 2016 18:55:30 GMT
etag: "164a9e-71b-53a5d2030ec80-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 628
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0
184.168.97.137200 OK 3.0 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1577)
Hash c42db5fc087004f61b1fd52f2fa6589a
d315714e57e1b83e3851a3261bcb6f3a8f8aedbd
47bec89c01cd4cc1e52ab92fcd1d1f50d73342d368064fd693a619e8072d4f93
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:38 GMT
etag: "105ac6-2e7a-5e4d403037d5f-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 3018
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
184.168.97.137200 OK 19 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65319), with CRLF line terminators
Hash a08b37e95872eb5945c89f729fe74d26
a4e542358e28aacc01fb2ca977feaf1567a35bc9
1210d07107cc6e06709991d7e78d50039183e90962f7e8a92744134a40a37878
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2811-2268e-5e4d4065d2c22-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 18894
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
184.168.97.137200 OK 4.6 kB URL HTTP/2 www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (11126)
Hash 55050b24c45c4eb4288d37c787febc62
0e2e51876c68c377021c7ca922b671df43f40667
6f37b7fe435d863f1b2e3671ae9ccdab95189f4bfba860383e48cf2d1306467a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 12:05:35 GMT
etag: "164a9d-3602-5e942e0f8e243-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4641
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8
184.168.97.137200 OK 1.6 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (5370), with CRLF line terminators
Hash e74167fd14ae4f773d3afd5138ad81f2
9062953647b497a403cec22ad1ca2d31f76d96b2
b3539412526d3a6c6f18e32b9bcacb4274e51b44e876fb6ad9a02f8449c61c52
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2875-1537-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1636
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/custom.min.js?ver=0.8
184.168.97.137200 OK 1.8 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/custom.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (6739), with no line terminators
Hash d017982c61fb389ec9447caded8bcdb3
d64a66d1c7d065125cfca16ec1bce1660c93801e
43e24d01d8881eb5a8a29f86efa559139c07808d09da43ab688761dbfb34e09f
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/custom.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2880-1a53-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1829
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2
184.168.97.137200 OK 23 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1137)
Hash 951d728eb6833d22f9c81d65f0b86125
2eb36f396caa9da773c34cade2459e2b39d7153f
61703f377447272f82b6f36cbaaee9a0f31a037c64a6f4e9b803aafae34b6efc
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "12338a-2948d-5e4d4065d0ce2-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 22726
content-type: text/css
date: Tue, 27 Sep 2022 21:13:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8
184.168.97.137200 OK 2.5 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (8320), with CRLF line terminators
Hash f4d1dc17a8b538c2c3ea8ff13ea6d10b
a0bac998d0ac28f0e5b6a2993190daa435861724
2e2949f1f3b9db6036a9c9d97b431623572ce674e9944e44d2f2807061fcfe64
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287e-20e6-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 2504
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
184.168.97.137200 OK 31 kB URL HTTP/2 www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (62845)
Hash 7e34be448eebf21b9ab8cfcd8fde9504
a4e968811822f988b09ad62e4701286a6fad2e75
7893733ef7a787b4d182abf64a9fc6cbc40c9cced8b203dca707d4d09bc8bd6f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 13:07:21 GMT
etag: "164aa5-167db-5e943bde0430c-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 30937
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670
184.168.97.137200 OK 4.7 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (12498), with no line terminators
Hash 178e76046eb0e7272c90d4c8f5c6a582
0f6b3d54c1630ac1fe511a9de4dc6963c0f66c0c
4c78ef5db663c8ceb5185f1ed58195e871afd4f036eb89a83776f8851ad79c2b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:33 GMT
etag: "1059d1-30d2-5e4d402ba7d82-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4706
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
184.168.97.137200 OK 4.6 kB URL HTTP/2 www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (15660)
Hash a0083d25b89ea80ecd2393db9f865d62
24eaf2df7c722fb13f2b5bf77ada5ee446720c25
f7533cb93f2efbb9e3bccfa9ff4036a2cafa7dd1bd4d66bea4833306b321e957
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
etag: "126637-48b9-5dc6eb878efc0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4614
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2
184.168.97.137200 OK 7.1 kB URL HTTP/2 www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (23966)
Hash b15709b26cbed268be463aeb7221d12d
8ece754f196cdbace087ee39d77784626f1bac9a
381c481a826838b8eadc28c8290f1928bea7edb660da92dfc08dd6bdf2d37122
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126636-5e4a-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 7130
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8
184.168.97.137200 OK 10 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (42862), with CRLF line terminators
Hash 73b81ca4bccda384885bffd32b65d8e8
f66055b3dbf1ede1f0c2fa56a888981c3961bfe6
668d4731db28264dbce69d3dd601d722b0dcb1c785e8b2e8a58d81f1cfba00d6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e286a-a770-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10104
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2
142.250.74.163200 OK 11 kB URL HTTP/2 fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10840, version 1.0\012- data
Hash 1dfdc31ff2064daaaf92877a90bed3b8
a538ee943a4cc54748827e91b91fb5932d3fde50
f5346003928ce35756d754b207e777261fc6b226caf252f5c07e302a3ed2accd
GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 10:55:24 GMT
expires: Thu, 21 Sep 2023 10:55:24 GMT
cache-control: public, max-age=31536000
age: 555471
last-modified: Tue, 19 Apr 2022 18:13:26 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8
184.168.97.137200 OK 14 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (50758), with CRLF line terminators
Hash 0ee8c174de1686d6078ac63eda46404e
cc0de71ae4dde2bf22a32776e517d80777f204ad
53c30939a24897a873222ecebb9228316342f1b96bdd5849f9bcf847b707fa45
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2815-c765-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 13455
content-type: application/javascript
date: Tue, 27 Sep 2022 21:13:14 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2
142.250.74.163200 OK 11 kB URL HTTP/2 fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10808, version 1.0\012- data
Hash 813e62d2193672e925a80aa9c4a85696
248768195074f87fd8bee6b45e87ab265d4ce7f1
2a257de7d16cbc56379bbeba00afc1533e9aee044331ef5d618ec6db47ba103c
GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10808
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 07:12:59 GMT
expires: Fri, 22 Sep 2023 07:12:59 GMT
cache-control: public, max-age=31536000
age: 482416
last-modified: Tue, 19 Apr 2022 18:08:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 270710
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 21:13:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg
184.168.97.137200 OK 30 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 360x203, components 3\012- data
Hash 624934584c27faf93df0f15f1ab5f7c3
ecd3df25050330a2ce11d4e1f7e8e22b2229eb95
29d4c1b20b4ed7a5c8e399e46879567e0f31f7b75205dd6355cc455382b14aa1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/images/bosa-360-200.jpg HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e282f-739a-5e4d4065d33f2"
accept-ranges: bytes
content-length: 29594
content-type: image/jpeg
date: Tue, 27 Sep 2022 21:13:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2
184.168.97.137200 OK 80 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 80252, version 331.-31327\012- data
Hash 9ae050d1876ac1763eb6afe4264e6d5a
72344eab2e7431eec313caa21f266cbfda7caf60
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
Cookie: slicevisitor=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e27f7-1397c-5e4d4065d206a"
accept-ranges: bytes
content-length: 80252
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Tue, 27 Sep 2022 21:13:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/images/preloader1.gif
184.168.97.137200 OK 63 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/images/preloader1.gif
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type GIF image data, version 89a, 200 x 200\012- data
Hash 8dcded3fdd091aa5b246b71d2530bfe1
2ee3df6e0a4fe97be6b130073f1ff9ebd8c59776
a6b39aa2e4c386e851a3a62c5c2a146bdf011130b7fbf760b9fdd93cbc8354ba
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/images/preloader1.gif HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2849-f740-5e4d4065d3bc2"
accept-ranges: bytes
content-length: 63296
content-type: image/gif
date: Tue, 27 Sep 2022 21:13:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0
184.168.97.137200 OK 98 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Web Open Font Format, TrueType, length 98024, version 4.7\012- data
Hash fee66e712a8a08eef5805a46892932ad
28b782240b3e76db824e12c02754a9731a167527
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
Cookie: slicevisitor=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:28 GMT
etag: "e483e-17ee8-5ac8557d8b100"
accept-ranges: bytes
content-length: 98024
vary: Accept-Encoding,User-Agent
content-type: font/woff
date: Tue, 27 Sep 2022 21:13:15 GMT
server: Apache
X-Firefox-Spdy: h2
cdn.weatherplllatform.com/events.js?v=2.141
91.211.91.114200 OK 2.7 kB URL HTTP/2 cdn.weatherplllatform.com/events.js?v=2.141
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
File type ASCII text, with very long lines (8524), with no line terminators
Hash c8fd37c19677f784b013e38a17048b95
421fcdd53b57af426b6149da34e7e9533b3d988d
0eb582cd5096ff2c78b33d598a43002182286121d468b95e6eafc4ef6805c87b
GET /events.js?v=2.141 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 21:13:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:49:44 GMT
vary: Accept-Encoding
etag: W/"6331bc08-920"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2
IP 142.250.74.10:0
GET /css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 21:13:13 GMT
date: Tue, 27 Sep 2022 21:13:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
184.168.97.137200 OK 0 B URL HTTP/2 www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
Cookie: slicevisitor=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:25 GMT
etag: "e483f-12d68-5ac8557aaea40"
accept-ranges: bytes
content-length: 77160
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Tue, 27 Sep 2022 21:13:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/uploads/2020/09/cropped-image-1.png
184.168.97.137200 OK 0 B URL HTTP/2 www.hegodev.com/wp-content/uploads/2020/09/cropped-image-1.png
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2020/09/cropped-image-1.png HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 14 May 2021 09:07:54 GMT
etag: "105cc7-19ee-5c24694418095"
accept-ranges: bytes
content-length: 6638
content-type: image/png
date: Tue, 27 Sep 2022 21:13:15 GMT
server: Apache
X-Firefox-Spdy: h2