165.22.20.44/
165.22.20.44200 OK 478 kB IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (871)
Size 478 kB (477721 bytes)
Hash dbb6ed48d448d3971a3156f5b3761423
a7e263da6e1e09f155725d8f34c17fe7d10e4eed
6c054e1438a5977a1b9b833238cc0928185ff3973368876918e5233f368f12b4
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET / HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 19 Jan 2023 08:04:33 GMT
Server: Apache/2.4.37 (centos)
X-Powered-By: PHP/7.3.33
Cache-Control: must-revalidate, no-cache, private
X-Drupal-Dynamic-Cache: MISS
X-UA-Compatible: IE=edge
Content-language: ar
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Sun, 19 Nov 1978 05:00:00 GMT
X-Generator: Drupal 8 (https://www.drupal.org)
X-Drupal-Cache: HIT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4142
Expires: Thu, 09 Feb 2023 12:05:43 GMT
Date: Thu, 09 Feb 2023 10:56:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10628
Expires: Thu, 09 Feb 2023 13:53:49 GMT
Date: Thu, 09 Feb 2023 10:56:41 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 10:34:15 GMT
content-type: application/json
age: 1346
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5761
Expires: Thu, 09 Feb 2023 12:32:42 GMT
Date: Thu, 09 Feb 2023 10:56:41 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: S6P6IRMwFACgm6r2TVgqEK6BiUcDrmT+fKgrTmhYGT/o1iQtFuRNcR4hoqhJ+T7lm0GCNVc9bfY=
x-amz-request-id: CGD0J38DM8PZ5J5W
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 10:46:22 GMT
age: 619
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 10:56:41 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
165.22.20.44/libraries/slick/slick/slick.css?rlhtdj
165.22.20.44200 OK 1.8 kB URL HTTP/1.1 165.22.20.44/libraries/slick/slick/slick.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash f38b2db10e01b1572732a3191d538707
a94a059b3178b4adec09e3281ace2819a30095a4
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
Analyzer Verdict Alert quad9 Sinkholed
GET /libraries/slick/slick/slick.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "6f0-5d6f22f57326f"
Accept-Ranges: bytes
Content-Length: 1776
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/align.module.css?rlhtdj
165.22.20.44200 OK 484 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/align.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text
Hash 8628052440e532f890cfc00d4a682fa6
e52c3af92e150eacda721a2343791ba41535781f
97fe5992208187911c3daff7fe8556ee254ca0a340ab9af0e3ba04ce7e40e2e3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/align.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "1e4-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 484
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/autocomplete-loading.module.css?rlhtdj
165.22.20.44200 OK 603 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/autocomplete-loading.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type troff or preprocessor input, ASCII text
Hash 1d6573a9dc1b8013e2cd9c0a82ee3072
554b9a325b4ae7f1b1b7922a0514209996645d14
376c5f84633bc49a8a825b7de7b5f182e26f7db1b01ed01ce89a09600287765b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/autocomplete-loading.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "25b-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 603
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/fieldgroup.module.css?rlhtdj
165.22.20.44200 OK 95 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/fieldgroup.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 0b9cb6dc1250d392805b4e6797327401
311744f30b9293df13cea1afc41456cea5fc449f
c799ec87fb8a6e52bd93a883abdc71eef0dec77d2365ce4c2f46178a3e0909fd
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/fieldgroup.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "5f-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 95
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/system-status-report-general-info.css?rlhtdj
165.22.20.44200 OK 255 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/system-status-report-general-info.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 3f385ed519713c40ed2b0a54d46fa41f
f6cb306ad8abac4c5118c3f6156027c48c20a53a
d106f9ce97021e6ce9a05e593a70ec7e4956667eab83726c9eb1b473b709fb8e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/system-status-report-general-info.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "ff-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 255
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/clearfix.module.css?rlhtdj
165.22.20.44200 OK 306 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/clearfix.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash d4013a34d3c8ca1bc905e2333703db0a
5ac08f4138393f9f87cc4ae99168fc2c51112f29
a0645960ade152760a6cefc0b03736a9565c09a46c94b2dd39e54da585bde30d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/clearfix.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "132-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 306
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/container-inline.module.css?rlhtdj
165.22.20.44200 OK 228 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/container-inline.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 018b84b545f1b1c2d79f7133f25b94d5
6c2c618c611d7d7f44cc3c6da65c3528895df0ed
c2529163c61006009fa7188d9593ac6f89fca1ca723628479b53c2c5a27bd9a4
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/container-inline.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "e4-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 228
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/hidden.module.css?rlhtdj
165.22.20.44200 OK 1.4 kB URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/hidden.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash a40f4b74bed5fc5d74df3da6fdcaee26
2b8f20e668877c8bb4203ce1506753570523734c
144c2b996574a2f16003848858de86dc5ad3486fb4fe14a5d5a79d134086e763
Analyzer Verdict Alert quad9 Sinkholed
GET /core/modules/system/css/components/hidden.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "54f-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 1359
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/details.module.css?rlhtdj
165.22.20.44200 OK 127 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/details.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type troff or preprocessor input, ASCII text
Hash a3d07af30e7dc57b0647e417e27ac938
2eeb4a7e1dc2e86a6a0664bd6fc2fe7ba3009baa
f31746cbb75773acc9358471805e24d2f80184a9686f2e4dfbf57530c3a583c0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/details.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "7f-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 127
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/js.module.css?rlhtdj
165.22.20.44200 OK 402 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/js.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type troff or preprocessor input, ASCII text
Hash ac3a25c1a721ff659377d3b401a42f7d
0e8a6aff9eeced7b68eeee301a1594294e24f337
132298c08776faea963092e83b7c30712bde095c62530bd3a613322987c4663e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/js.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "192-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 402
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/item-list.module.css?rlhtdj
165.22.20.44200 OK 285 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/item-list.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 8c9b6bec7c9ebfb5351d874b356a38d1
87b4a1a6db3220cf73f29f80da1896605b396d74
5251ec9a6d7f9cc54b205363d70eb38bf67517f8e02b3ae04e85c9cf5f908228
Analyzer Verdict Alert quad9 Sinkholed
GET /core/modules/system/css/components/item-list.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "11d-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 285
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/position-container.module.css?rlhtdj
165.22.20.44200 OK 95 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/position-container.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash a203bfb5819742d466b5e99af480009a
cc0323b65fd726ef89264b2a7a6d3d7c4999a5e2
92931ceb6a0ad1c9b3e8fc6f335b9dfd6f0c7c8ee36f089bb10241c142a78faa
Analyzer Verdict Alert quad9 Sinkholed
GET /core/modules/system/css/components/position-container.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "5f-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 95
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/nowrap.module.css?rlhtdj
165.22.20.44200 OK 96 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/nowrap.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 02de344715c6ec9a3745ff2186d32b9d
f2f39b2ca9e9397b53ab76a7b3938edc138a24cf
4a4fa2a793d87c88f1509f370dbc40b6deec2188b6a918f92365f873b7bc566d
Analyzer Verdict Alert quad9 Sinkholed
GET /core/modules/system/css/components/nowrap.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "60-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 96
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
stackpath.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css
188.114.98.234200 OK 26 kB URL HTTP/1.1 stackpath.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css
IP 188.114.98.234:0
File type ASCII text, with very long lines (65324)
Hash 1b164e557d2a87100dda721e33f3c2c7
ef0c3f706f63b72ada17c432e412c3e25dbce56a
0d27dad22b7f01be04a6dbb9bd28c94c968f51174fa38531dccce7950c66ea32
GET /bootstrap/4.1.1/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: SE
CDN-EdgeStorageId: 601, 617, 617
Last-Modified: Mon, 25 Jan 2021 22:04:05 GMT
CDN-CachedAt: 2021-04-23 06:17:21
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 200
Cache-Control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
CDN-RequestId: b062ad621243163f0d1788aed042f15e
Content-Encoding: gzip
CDN-Cache: HIT
CF-Cache-Status: HIT
Age: 24049947
Server: cloudflare
CF-RAY: 796c1473e95eb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
165.22.20.44/core/modules/system/css/components/progress.module.css?rlhtdj
165.22.20.44200 OK 825 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/progress.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash e382578eb43cf75a084cec3d99e569b4
a1eacfb0a0970fa49c3b160cbcc922748b9a6ddf
a5803ddaa8803d2ebad80b4242dea531e65882423af375267e474ffb8048ca60
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/progress.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "339-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 825
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
stackpath.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js
188.114.98.234200 OK 16 kB URL HTTP/1.1 stackpath.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js
IP 188.114.98.234:0
File type ASCII text, with very long lines (50450)
Hash 5d8e5f25ae2342b8766b950b65090f74
1a8664ff9a9859741475337eb5a81bb495fcfb45
f3a265b488042b66640c6e7d4a7b22836e8d6517271b1b463551050e432eda5c
GET /bootstrap/4.1.1/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
CDN-PullZone: 252412
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
CDN-RequestCountryCode: SE
CDN-EdgeStorageId: 601, 617, 617
Last-Modified: Mon, 25 Jan 2021 22:04:05 GMT
CDN-CachedAt: 2021-04-23 06:36:22
CDN-RequestPullSuccess: True
CDN-RequestPullCode: 200
Cache-Control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
CDN-RequestId: c805688c7121f54399fe1e6551ec57ae
Content-Encoding: gzip
CDN-Cache: HIT
CF-Cache-Status: HIT
Age: 24050294
Server: cloudflare
CF-RAY: 796c14740989b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
165.22.20.44/core/modules/system/css/components/reset-appearance.module.css?rlhtdj
165.22.20.44200 OK 274 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/reset-appearance.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 5318929554d3bce84406b2a5418eacae
0e6db18a3d7fbbdb6fc3827d3da529a778aed732
0ac01ab832b811cdc2dfddaf28ba2f1ee3ef3bb6486cbaeb424226fde71ee625
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/reset-appearance.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "112-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 274
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/resize.module.css?rlhtdj
165.22.20.44200 OK 270 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/resize.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 26ac1f67997c5ae18ff630469d2c7d41
041bef3a4df746f4130ee5d825fb067a5b791764
299064cf3027c5efab4ab6df345de1302dfa562db83eca51965371938480f56c
Analyzer Verdict Alert quad9 Sinkholed
GET /core/modules/system/css/components/resize.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "10e-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 270
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js
104.17.25.14200 OK 7.2 kB URL HTTP/1.1 cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (20164)
Hash d586e7a5fb3f8de51f0fb0089393d26b
59a05f3330804a8698e5750d14a3778235f422dc
77a5f69e3a51b6c8a8c3a2cbf16837e39b71843aa8dd425f72e84f68946606db
GET /ajax/libs/popper.js/1.14.3/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 7231
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=30672000
Content-Encoding: gzip
ETag: "5eb03fa9-4f71"
Last-Modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 7263537
Expires: Tue, 30 Jan 2024 10:56:41 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=chHsH4DV0seS0elSR86fUu7RaPTJ6wk%2FRkjezbipJEHUKSISSTsrvkDmJxQTUHK4mZi4Y%2FeMou6sQ7FtD9IZpabetWKMvVIwz4sVqxjOH7FJNjj9w6RQ6JiWBVWJWbhMCaQhvW60"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 796c14740f0eb515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
165.22.20.44/core/modules/system/css/components/sticky-header.module.css?rlhtdj
165.22.20.44200 OK 163 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/sticky-header.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 47dd1a9ab77932b92b6c8e68b9b41e77
ee55f889a03fdcf021fa916b6b7cfed8db417249
0b61e01fa0fa02eba3c6a074427ddf2a6cf98c01727b2796309b2b5b005fac70
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/sticky-header.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "a3-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 163
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/system-status-counter.css?rlhtdj
165.22.20.44200 OK 761 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/system-status-counter.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 2740efa00159d9cf4feb50baa851b2da
a3694bbf306979eaf30e8730105c0b21b15a02d2
4a7faa6dfcd1854a535efc4d1c1969ef3478f9a0e67bf974a5a78ef7e8ba7b9b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/system-status-counter.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "2f9-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 761
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/modules/contrib/slick/css/layout/slick.module.css?rlhtdj
165.22.20.44200 OK 3.0 kB URL HTTP/1.1 165.22.20.44/modules/contrib/slick/css/layout/slick.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash ce1161e568325b6973337c95b660c900
f90a415b8d0f448c549de2de7acbe95f6a7ab5cb
d2582ae3fe57114b23321d69dd8836b901877023941a4750a0587327dfb9af9b
Analyzer Verdict Alert quad9 Sinkholed
GET /modules/contrib/slick/css/layout/slick.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sat, 19 Feb 2022 11:50:57 GMT
ETag: "bb1-5d85d9cc0ea40"
Accept-Ranges: bytes
Content-Length: 2993
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/ajax-progress.module.css?rlhtdj
165.22.20.44200 OK 1.0 kB URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/ajax-progress.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 91054b678d4dae7fbd9928883430ab0f
8a2babd79cb88fb4244bc0fb0ec60cd9c64420ec
be41984c50b4f90bf773b48e59e31dca59f6cb6467810ffe2362057adb785904
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/ajax-progress.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "403-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 1027
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/system-status-report-counters.css?rlhtdj
165.22.20.44200 OK 557 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/system-status-report-counters.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash f9c2d6eed3c4ed85c9b6d0af5a61ff8a
67f7744d5eb28bab1debcec6f8beb10262c8a816
da6360a75aac69be7076b4a5a4a2d0bfbd3bc4a674bba2e7a9cb698035719159
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/system-status-report-counters.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "22d-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 557
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/tabledrag.module.css?rlhtdj
165.22.20.44200 OK 1.8 kB URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/tabledrag.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash fb8ef51e1980b8764d087ae5cf841e59
88df2b9c646117e249da7f8f714a2e6216df9080
9ce0a8ccf71a4162136c54067533bacba710fc49a1fa028b61f5c686f1f510de
Analyzer Verdict Alert quad9 Sinkholed
GET /core/modules/system/css/components/tabledrag.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "728-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 1832
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/tablesort.module.css?rlhtdj
165.22.20.44200 OK 365 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/tablesort.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash df1483e284c1cbe660c5d2f02d762616
9380e523291adf0a9527a3dd3b37278d0371f9f0
2298e6d2bafbe82af2f8c1a4f963d9df7f04ecd5092a08bb06011f01ea9655c1
Analyzer Verdict Alert quad9 Sinkholed
GET /core/modules/system/css/components/tablesort.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "16d-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 365
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/system/css/components/tree-child.module.css?rlhtdj
165.22.20.44200 OK 466 B URL HTTP/1.1 165.22.20.44/core/modules/system/css/components/tree-child.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash a8ba435cb986caa05b13a666348af3cd
f51401413012b143656f3716846a0169f8518890
3df1425dd2f62d5691f438779fe77fb918f267fa1c0f514de90a910a8b421031
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/system/css/components/tree-child.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "1d2-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 466
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/modules/contrib/blazy/css/blazy.css?rlhtdj
165.22.20.44200 OK 2.5 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/css/blazy.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash b977acf234237d73fede8ba602a2a845
0bc6301618c62393a108d462b72f276d32668fa4
599b8976bffd8c3c06baf411ecdbd8fcb049e48a09f4261334fd4f4b39202494
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/css/blazy.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "9b1-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 2481
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/modules/contrib/blazy/css/components/blazy.loading.css?rlhtdj
165.22.20.44200 OK 1.6 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/css/components/blazy.loading.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 523f6a45cb300742ef97f15452032304
54fd09649db2e802b23c0f2b448cfd90b99e85a6
1714ab209ab8b78a0c2bf3f545d454a5a9fa6a0d74fd6e873e717c0b6d9137e9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/css/components/blazy.loading.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "625-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 1573
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/core/modules/views/css/views.module.css?rlhtdj
165.22.20.44200 OK 434 B URL HTTP/1.1 165.22.20.44/core/modules/views/css/views.module.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 77119203ca0ddec77dd080884ac45ff6
f48551ce0e38feac8bd07c795adf00b0ce969b4d
34169af71b02b45feb08dbe27772638c0b3bed26fe26d9f015b019be64e4389b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/modules/views/css/views.module.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "1b2-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 434
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/libraries/slick/slick/slick-theme.css?rlhtdj
165.22.20.44200 OK 3.1 kB URL HTTP/1.1 165.22.20.44/libraries/slick/slick/slick-theme.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash f9faba678c4d6dcfdde69e5b11b37a2e
81a434f94f2b1124f3232bb86f2944f82fb23ac0
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
Analyzer Verdict Alert quad9 Sinkholed
GET /libraries/slick/slick/slick-theme.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "c49-5d6f22f57326f"
Accept-Ranges: bytes
Content-Length: 3145
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/modules/contrib/paragraphs/css/paragraphs.unpublished.css?rlhtdj
165.22.20.44200 OK 57 B URL HTTP/1.1 165.22.20.44/modules/contrib/paragraphs/css/paragraphs.unpublished.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 6bf7857dc423eada40ddf4aec0506587
9de57d9ef96077986effbab3521672bd15736488
f1eea94c1d7f9c6747515e1d7af60618498e8197905f290bc3851da41fbd5588
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/paragraphs/css/paragraphs.unpublished.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Dec 2021 10:32:43 GMT
ETag: "39-5d32cd37168c0"
Accept-Ranges: bytes
Content-Length: 57
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/modules/contrib/slick/css/theme/slick.theme.css?rlhtdj
165.22.20.44200 OK 4.7 kB URL HTTP/1.1 165.22.20.44/modules/contrib/slick/css/theme/slick.theme.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 0c51f4bfb5c88b72e6048113c566549b
6cb1becbbfd7c534fd23f78bedbd718410e26dee
2471118dcde235dd6c98b674a7ccca152919064835dcdf4c29fa0c6ae3085425
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/slick/css/theme/slick.theme.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sat, 19 Feb 2022 11:50:57 GMT
ETag: "1256-5d85d9cc0ea40"
Accept-Ranges: bytes
Content-Length: 4694
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/modules/contrib/slick/css/theme/slick.theme--classic.css?rlhtdj
165.22.20.44200 OK 3.7 kB URL HTTP/1.1 165.22.20.44/modules/contrib/slick/css/theme/slick.theme--classic.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 01d205e0ef91a5f232c846e362838b00
d6c5321b6f8b0dcae7174f7cab8a7ee39187fd7e
2f9ec08be28650713722d57c40ebd3352f10a55fee15555e763c0be651dc293b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/slick/css/theme/slick.theme--classic.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sat, 19 Feb 2022 11:50:57 GMT
ETag: "e99-5d85d9cc0ea40"
Accept-Ranges: bytes
Content-Length: 3737
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/user.css?rlhtdj
165.22.20.44200 OK 1.5 kB URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/user.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 1d4f538d025c066dc7cf09c1d7e66dc2
c7ed51b2a39cd7cb7f2ec1fe79d71af441d97bdd
b9b7a4fd8a34fb827301f34a057ea5436497ac4e8af32e65bd4a8cd699407130
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/user.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "5d4-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 1492
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/progress.css?rlhtdj
165.22.20.44200 OK 43 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/progress.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 6021de32560bdd22f6234d5d5f053fea
d5c4b3c42eb0c9a7137095a2f4dce75864bac1a1
feb83bde4aec237e50c2a44671a186ba94686b224dab087c936f9b02170ada4d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/progress.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "2b-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 43
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/alerts.css?rlhtdj
165.22.20.44200 OK 2.9 kB URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/alerts.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (740)
Hash 7b27ee45aaca05f659fb9e5e1b4aeb26
dbb1e4725b591a164fed733cce1fead09b4b2726
b905527afcb24f20465118592e70e593b8a4a1aabdb86835940fd7847a37b6ee
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/alerts.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "b4f-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 2895
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/affix.css?rlhtdj
165.22.20.44200 OK 146 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/affix.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 59a3ec228b437cc8a839b984ecedb21b
f4f0e76b641783aaf42d21ada407739ece350972
630f318b69f3ce68c42231c6af849ff45066173008ebc156e04666f0eb56622a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/affix.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "92-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 146
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/book.css?rlhtdj
165.22.20.44200 OK 251 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/book.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 4aec3371c9432094e0faccb0eaa74b3b
d19efc54fa1ee22c389e1a13f080ed76d9a0e840
291b1ea4320f8bac6de97420bfa43f4892f9b7f550d2cf711b733fa7d29302c2
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/book.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "fb-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 251
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/comments.css?rlhtdj
165.22.20.44200 OK 3.1 kB URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/comments.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 3a41586ff73cdfe0f1f3f7a3b1e57296
6f97f1399fa7dda7ff5421249cfb538801f53320
b726c6e6f354e1e417b89dd6d068f92e064683a8815f859c78341f87eacdb0a8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/comments.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "c38-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 3128
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/contextual.css?rlhtdj
165.22.20.44200 OK 136 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/contextual.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 441f40db2edd7455a5df2eb13d86cdf6
5c3b88ad990a395bae3d72b1cbe0978e51920f11
8cf701495b6431cf6c6b0b1a5002e8c0d2b50acb4160c66cb66090ef66f606ce
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/contextual.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "88-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 136
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/feed-icon.css?rlhtdj
165.22.20.44200 OK 146 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/feed-icon.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash d98df1aecc4cae12bcbadfa5bd3e8b94
a8f9cce366d8217eed3785d55b633ff1e8cf0bd7
aa3b59d192075886813d598c3c45359925ca32d7049a99979ccd729c30d938dc
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/feed-icon.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "92-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 146
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/field.css?rlhtdj
165.22.20.44200 OK 1.9 kB URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/field.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 0cb8148aeda331602c24d9671d22dca8
17982afcdd3fa8cca8560faf0fa9d88582517620
a62fd8f1c1c84ceb291b1142d89ed8825157f690aa18a21e17baf653768761fe
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/field.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "79c-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 1948
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/header.css?rlhtdj
165.22.20.44200 OK 799 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/header.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash ae40e4dae2311d7f98abaea85d8cade5
d70368c9eb0804bdfb3c949f8392a7490c2f7c06
36ba7c6320a83aaf93ee96674aaa54dc29fa13f24aae09418e025a17dbfa1e1d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/header.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "31f-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 799
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/help.css?rlhtdj
165.22.20.44200 OK 136 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/help.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash cdfc2c67a343fe155f1113f0b7b2b483
ba7d799179a9907cf7c0307f53206ca507801cb4
43671e5d906b5391ecc8ea35a1bfebc4069d75e947b3467fe5d7c2e9c660d60f
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/help.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "88-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 136
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/node-preview.css?rlhtdj
165.22.20.44200 OK 2.8 kB URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/node-preview.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 8ecfa1ea7146553816334ca83f901af5
cc957edb670b8bc688583263371208dc9e902389
f72341ed1504a60451c07c56dd22f588cd7dc70a175ba1a09569cd2e49725540
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/node-preview.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "adf-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 2783
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/item-list.css?rlhtdj
165.22.20.44200 OK 668 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/item-list.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 8bbc15bed1afe077b1ac808009c23223
e91ffd852d1c5dfe5110088d29b36787690d7a2c
51804949ca66e6152064fe4a30749aacc5a71cce39ed57d88842565489bdf5c4
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/item-list.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "29c-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 668
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/image-button.css?rlhtdj
165.22.20.44200 OK 258 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/image-button.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 03a60b80cc2707390b548f2d9c116a8c
e0f0ab6a56ea806c5deb7e7794dd4367a69e12ae
a1a86bdd58c1df27f97799b61ea30102597e2354df6d2ab3501db04b2043f483
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/image-button.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "102-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 258
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/list-group.css?rlhtdj
165.22.20.44200 OK 192 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/list-group.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash cc208886f749941e215950bea135805f
1ca99e8158c308cca6ab077e1619e9ffaf41ff30
d702f8a12752a67eb6a29b87823f94de63809cb133f5448e7de7cacf20dcbb16
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/list-group.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "c0-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 192
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/icons.css?rlhtdj
165.22.20.44200 OK 776 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/icons.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash b961f3f01ea332ceea392c0952d4d84e
3170a0dfb4a1aa755f1111f6367ecf58e0311784
a827b96b14dcf1939bade4d224b3b1a51a9cc95ee7443b1258f48e25b9c3e8b4
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/icons.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "308-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 776
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/sidebar.css?rlhtdj
165.22.20.44200 OK 567 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/sidebar.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 76187da59040809a177bb41a384209dc
b6178a7f48fa274fae1caf104d2236791cfaa01a
7792b0067f001d8f5adbc2b8d515532fec0bba974919f5cbe002ab869daada29
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/sidebar.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "237-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 567
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/shortcut.css?rlhtdj
165.22.20.44200 OK 580 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/shortcut.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 72512ebdec05a6680a035b87ebe6a11b
1214f56ccf32a7904b86b6b2b802794aeabc043d
1cfab18dfedbb383d0edfac692fcc0234c6c1c4a3bb11d27376b5b85f79c8ea9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/shortcut.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "244-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 580
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/search-form.css?rlhtdj
165.22.20.44200 OK 245 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/search-form.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash f0087581e0465ac13e227b765eb0e5a5
74ededee16050c03242c5e688c623ad194ce4035
a328ee7b0fc57dd16775fc64bf2f55b9f7b9ca5eda5f3b89cf3524684225b70e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/search-form.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "f5-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 245
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/skip-link.css?rlhtdj
165.22.20.44200 OK 484 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/skip-link.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 3643fd4405b2925036833c8be47ca420
17b8406dd8625d32e3baf79a0dc576f93a0740f6
5e4ae8b49b1bdc84ad586dd5c9c1b4f13702694af444cd9df24287191fd259e0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/skip-link.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "1e4-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 484
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/page.css?rlhtdj
165.22.20.44200 OK 54 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/page.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 03b28c7ed790ecc86de14b2ebb0f268f
ded020701a0178976efb8637dff5917f0d656cd7
0d35493e58de021d0784d135964270f33ad8d7b4f06f857b094e5e1cf95d6557
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/page.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "36-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 54
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/site-footer.css?rlhtdj
165.22.20.44200 OK 5.2 kB URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/site-footer.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 5cb1dcbaa8a2a474c525af1f66703eb1
5554fd43bf57dd85982f61bf7f8917e5d249238e
e79b4de0c274231cba44513bb889157fc6d5bc8b77bcf448ccdee3d6c49f7094
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/site-footer.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "1435-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 5173
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/table.css?rlhtdj
165.22.20.44200 OK 1.2 kB URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/table.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 619fe4dba489a9e3ea551b8bc5971cd5
e452c5c964e48bec2f81f0ccce10314e0cb262a4
4972b7ecdcd8b06b8ddcfc3efdaeebe6df88f6788ef425906e20e164031e159d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/table.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "47e-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 1150
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/tableselect.css?rlhtdj
165.22.20.44200 OK 302 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/tableselect.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 8e966ac85a0cc60f470717410640c8fe
ba551ec2e2f4f1380524736379d6ba095124e9bc
5b159e6ef41dbba1dffa56e2a922733a81656a00324bcf82b9b0e48cd6af325a
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/tableselect.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "12e-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 302
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/tabledrag.css?rlhtdj
165.22.20.44200 OK 202 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/tabledrag.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 98d24ff864c7699dfa6da9190c5e70df
9a9039a3d467a594dbb90f18926dccc87264be47
a08a772c49fef577fd5e0a37663d6d010473be40763496bedb29cf77176bc7b8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/tabledrag.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "ca-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 202
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/tabs.css?rlhtdj
165.22.20.44200 OK 81 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/tabs.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash faa0a2f0684b8bedb82f37d0c0962fa0
ee90379ac61dae60f4223fa2cb8b800a416c369b
699e1910526898bab5e42bd1711ace396939a04460577ddbb9dde7d6631f3b7a
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/tabs.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "51-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 81
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/tablesort-indicator.css?rlhtdj
165.22.20.44200 OK 316 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/tablesort-indicator.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 541d13961b4fe4968179661a3a482311
241ee0cb663ca805cf58f026acdbfabe95a11d92
e98838900fbec9601a8763d664d76ed6ff60a72fec551956c22d48875b05a3d0
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/tablesort-indicator.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "13c-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 316
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/ui.widget.css?rlhtdj
165.22.20.44200 OK 153 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/ui.widget.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 2eda67069d6f42ceb8e85d1ca9fcf322
928b186a97e91dd0fe2a80e2d5862664b9777050
8dc10479b529d19b377dfd1849db06f89ded111405951a32fccce53187491ab0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/ui.widget.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "99-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 153
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/vertical-tabs.css?rlhtdj
165.22.20.44200 OK 1.6 kB URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/vertical-tabs.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash f55de3bcdc0f5307423669c0fe05b051
d40ee6edcfacbcc4580b6a6e7ba1151a08646c3e
93eef0606995f1236e0b60d7dcf7bb37505301078f488f292be70f7ff081d74d
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/vertical-tabs.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "62b-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 1579
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/views.css?rlhtdj
165.22.20.44200 OK 798 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/views.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 9515b266e98b0fc38bea712c94b81c3d
e3eb62c8d1dd2b3055088fdc6f629f9fc72ac4b1
bb1a00f266e34ac5b368cb0782ddb348a1e0f9c9c6688ed4ac035299622b037e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/views.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "31e-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 798
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/contrib/bootstrap_barrio/css/components/ui-dialog.css?rlhtdj
165.22.20.44200 OK 748 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/components/ui-dialog.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash ea2a7902d08d12c59961a026a3bcfe88
da60b81fbfce244d0966a776e7df4885a15fc433
1d42e4ef2abefd0550ae0b9810b104b06c5e370bcdcdf290416c4fcce083b864
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/components/ui-dialog.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "2ec-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 748
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/lightgallery/lightgallery.min.css?rlhtdj
165.22.20.44200 OK 14 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/lightgallery/lightgallery.min.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (13216)
Hash f22fd6bc0768b46b2f6e4e7520d29661
780e551cdc963632a3494a2c3f4b72c506b28901
3119d6f38af79e0f06f8e6937ba26adf0805d31a00c015069245ebb61ca2ecb0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/lightgallery/lightgallery.min.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "34f8-5eb3a5f649b97"
Accept-Ranges: bytes
Content-Length: 13560
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/sites/default/files/color/saudi_games-3c1d706f/colors.css?rlhtdj
165.22.20.44200 OK 1.7 kB URL HTTP/1.1 165.22.20.44/sites/default/files/color/saudi_games-3c1d706f/colors.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash c6ca328357c53cac059c675b7be638e1
e3283a41e0eb2d092e1bb1f9aa9b26f1545aedf9
3aab52826c47c0ee669ddb74b4b606bbe83e5e950f21b082a1630d457ceae393
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sites/default/files/color/saudi_games-3c1d706f/colors.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 28 Sep 2022 19:10:43 GMT
ETag: "688-5e9c1846932c0"
Accept-Ranges: bytes
Content-Length: 1672
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/lightgallery/lg-transitions.min.css?rlhtdj
165.22.20.44200 OK 34 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/lightgallery/lg-transitions.min.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (34193), with no line terminators
Hash 6952e338995d320612cce13393a13eaf
b5fe8320b06b444edab6a604cc7013a0f57812c5
9a26fb0b65669c082d4b147538a469de2ac6a353c1502c54d8dba77c5b4ed4c9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/lightgallery/lg-transitions.min.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "8591-5eb3a5f6497af"
Accept-Ranges: bytes
Content-Length: 34193
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/game-location.css?rlhtdj
165.22.20.44200 OK 3.1 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/game-location.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 04dbb29683665f138bfe17faa29b4a2b
359f2594334d61d8f5f3382251fa1840083a8164
f54f6e667615937411d69c5531f740f3d9e7340f671f1235645e0c8001f3558f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/game-location.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "c13-5d6f22f5876aa"
Accept-Ranges: bytes
Content-Length: 3091
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/lightgallery/lightgallery-bundle.min.css?rlhtdj
165.22.20.44200 OK 31 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/lightgallery/lightgallery-bundle.min.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (30599), with no line terminators
Hash 7e80d25d294e8842d39022810b958552
10419fc679023bc4ca65895f1f1daf664fdf4aff
120f067ebd6f322339e2ccccd7e87e334d7c7ea5b2bd553f325f2ae3c3ae6fe8
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/css/lightgallery/lightgallery-bundle.min.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "7787-5eb3a5f649b97"
Accept-Ranges: bytes
Content-Length: 30599
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/news.css?rlhtdj
165.22.20.44200 OK 17 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/news.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 1e599409e76eccad92617239b4fae239
c7f3df59cfa5e4fadc5eac14a7c936647eb96754
941049dbbb221adf29c8ee7fc1e3b9ebdae74be964132cf4bd0173e7a765f379
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/news.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "4138-5eb3a5f649b97"
Accept-Ranges: bytes
Content-Length: 16696
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/style.css?rlhtdj
165.22.20.44200 OK 56 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/style.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash a0ebdc0e2467f99bb9e12150794cc84a
163572aba0edea32849038e719a8ccbb3d304cb1
bf078de2bb9a944bad1da4dbced726f2a9113a0b103f24fe54ffa593df9637ab
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/style.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 24 Oct 2022 13:03:55 GMT
ETag: "db6a-5ebc76c88909e"
Accept-Ranges: bytes
Content-Length: 56170
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/register.css?rlhtdj
165.22.20.44200 OK 7.1 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/register.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 20b9249b57d51ca067205bb7b31c1793
a82ca8dbd762d1af380d191d783cd48a033218fa
ec1aa0fa89802279cff3746930d13aee19ff1eaa18f3fcafc9974a31ed41b6b8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/register.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Sep 2022 09:14:06 GMT
ETag: "1bc0-5e97cd53a2e6e"
Accept-Ranges: bytes
Content-Length: 7104
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/sports.css?rlhtdj
165.22.20.44200 OK 21 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/sports.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash a319eb864be2917abf3049e534611880
8588e2fed66135d7f7c726d72e9d18442a6883d5
280420b3849d0babc71eba4dda19633c4c0e697052e5cbb2c91e9a9daf0e0724
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/css/sports.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 19 Oct 2022 13:33:36 GMT
ETag: "52b1-5eb63417a9d8d"
Accept-Ranges: bytes
Content-Length: 21169
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/performance-trials.css?rlhtdj
165.22.20.44200 OK 15 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/performance-trials.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash ed55a6101bc42e02ea2a76d1f0c1cfdd
7d3cc2d19d31d2c3815df04c803d20781eae0737
b98a9077bde875bf10a3c0474bf4cb5910c684a710e93145f89e0b97b8de4bb2
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/css/performance-trials.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 28 Aug 2022 13:19:49 GMT
ETag: "3b14-5e74d006e6a30"
Accept-Ranges: bytes
Content-Length: 15124
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/competition-schedule.css?rlhtdj
165.22.20.44200 OK 3.7 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/competition-schedule.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 5928175a56d94fd8e99874307a659a56
0598b457ec646e7410c835e7f6e4eab56122be29
c92ddecd242f41e521a595dd6ba856ca04a48bc68b3888a8625cff5914090fc8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/competition-schedule.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "e51-5d6f22f5876aa"
Accept-Ranges: bytes
Content-Length: 3665
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/results.css?rlhtdj
165.22.20.44200 OK 344 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/results.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 462d4022935b62ab6ab778150c2b26fd
9d1ba8db4a793ee80e61a2210491cf50e044d318
bccc78944bd9f46707ae3ab3a59864e20c5879cf33bdb528ceaf68ba5e37c9c6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/results.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "158-5d6f22f587a92"
Accept-Ranges: bytes
Content-Length: 344
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/about-tournament.css?rlhtdj
165.22.20.44200 OK 4.5 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/about-tournament.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash cea4046481d88ce676707231d9c2f5b2
4f44ab23979c7e415e55b30a0de77c8851b9a259
94e007014938994273a1b42aabbc65f6ec60aae6712eb81cfa0096c5f5dedd86
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/about-tournament.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "116b-5d6f22f5872c2"
Accept-Ranges: bytes
Content-Length: 4459
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/vision.css?rlhtdj
165.22.20.44200 OK 3.5 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/vision.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 6a865465f4c9906f7b20e26470e2eb33
0c6df435267a85ca87a50ee66284b939c3e0fa62
fd0e7a62848aa838e35ad0f65f4e97c89fda7df46a99ceb8d065c353e8197db4
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/css/vision.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 13:03:05 GMT
ETag: "db2-5e943ae9c634c"
Accept-Ranges: bytes
Content-Length: 3506
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/headers.css?rlhtdj
165.22.20.44200 OK 557 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/headers.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash a5faad578a47cfa6d5d2844cd5ca1af6
08902e59e43019138aaff77fb5acad7a7ca391c0
4e159809659a69433730caa9e58a69f10ebd26e6be607f0fdfc267fded81bed5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/headers.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "22d-5d6f22f5876aa"
Accept-Ranges: bytes
Content-Length: 557
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/search.css?rlhtdj
165.22.20.44200 OK 8.3 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/search.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 9332f7c61b4cd7c3093c4e3029c0f3dd
cfef78875bb3b452b85aa33d1124b1950f11f578
41db0dd309a96895356e1da8b2ea57c6c1076282cbdf3be1eafaa1e5bd4a7e61
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/css/search.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "2067-5d6f22f587a92"
Accept-Ranges: bytes
Content-Length: 8295
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/header_menu.css?rlhtdj
165.22.20.44200 OK 30 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/header_menu.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash a4205d185777573a576111ee9c9fce46
9ed370a3eb4ae6d172dbd0400eae1a2c51d4750d
cea1ce27b7996c02bb2a485d5d2d42cc78e32c60d25b6cead896388760bbc42f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/header_menu.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 17 Nov 2022 12:31:37 GMT
ETag: "7721-5eda9c53aa4a7"
Accept-Ranges: bytes
Content-Length: 30497
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/partner.css?rlhtdj
165.22.20.44200 OK 925 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/partner.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 8ab13dbb2ed280be4ba8a76951a8a886
100731df5c6d6f4531ef9e9f872eff43cbc159b0
502aa8651984d6d7ddecc55f7107b210cf7c0cb25785e7652d93c24d7a7dcd57
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/partner.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "39d-5eb3a5f649b97"
Accept-Ranges: bytes
Content-Length: 925
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/quick-links.css?rlhtdj
165.22.20.44200 OK 1.9 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/quick-links.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 6fa5fe277161b6d5bec73c20a608f83d
31e8bc6ae9ed0abd9d447d605f9afb8f6187a7c8
74922f6db2c1958df0c13c3b237a8a8553830c469c71bdb743a6d714c92eaba8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/quick-links.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:41 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "799-5e94371cd707a"
Accept-Ranges: bytes
Content-Length: 1945
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:41 GMT
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/webform-newsletter.css?rlhtdj
165.22.20.44200 OK 1.3 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/webform-newsletter.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 5254a7262defe9edac968a70c60582bb
6534176bf7359138a205efae7828c05a4caf3be7
f7ce0e87a43110b0476110cb737b0adcd69a187c29dd1be00006a24aa2865092
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/css/webform-newsletter.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 13:03:05 GMT
ETag: "530-5e943ae9c6734"
Accept-Ranges: bytes
Content-Length: 1328
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/footer.css?rlhtdj
165.22.20.44200 OK 4.7 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/footer.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 130c78151d1a37a0b16e66086817112f
49f5b9223cff56b3b8d3547527345a2f9a949307
186951ed480d0893dd17ed36b7286e156ecc6f5e075376e6f2e8d4cefec7860a
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/css/footer.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 17 Nov 2022 12:31:37 GMT
ETag: "1289-5eda9c53aa0bf"
Accept-Ranges: bytes
Content-Length: 4745
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/fan-zone.css?rlhtdj
165.22.20.44200 OK 18 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/fan-zone.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash d67053f85e210a10110728251aa65e4a
963af3445d20696d6fa569e14970b51e2b32c9d6
90afe8b6e125bea8970533d31c100ff2aa29fb74217da0ced74be0bd36fc523d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/fan-zone.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 26 Oct 2022 07:10:11 GMT
ETag: "46e0-5ebeab7292ad9"
Accept-Ranges: bytes
Content-Length: 18144
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/breadcrumbs.css?rlhtdj
165.22.20.44200 OK 170 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/breadcrumbs.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 407e1eb494fb795350185e8e67bada55
7a62faebc2d4b7ebfafde357b00387b026a10726
28f7276a920a9c758b2ed88a0dc015dc4ca61f9a71c74226a660a83c5c973cd6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/breadcrumbs.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "aa-5e94371cd5522"
Accept-Ranges: bytes
Content-Length: 170
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/torch.css?rlhtdj
165.22.20.44200 OK 416 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/torch.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash ab4d97519fbc2f972c3a0f960183d6f5
353588ac756f3d7eb8a7cd7157fd61288d2ba206
9540b80570c5f67c35b3ab33f866b1dcac12c2ccd88f7aeb0f7fa849a409ab11
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/torch.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "1a0-5e94371cd7462"
Accept-Ranges: bytes
Content-Length: 416
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/main.css?rlhtdj
165.22.20.44200 OK 21 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/main.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type assembler source, ASCII text
Hash f1584d52b40a83cd7cb352dca9cc1c9b
abe52978b4aa25d5cbf8bdc8e3e6fd1e4c318681
6c853134d929ab2b00ff33c3ee16938d6636b631349b0ba02b3a962289ef6e28
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/main.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 23 Oct 2022 12:01:46 GMT
ETag: "534e-5ebb2706cd50d"
Accept-Ranges: bytes
Content-Length: 21326
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/internal-page.css?rlhtdj
165.22.20.44200 OK 15 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/internal-page.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash c81313baa453349fccfd0d057ffb868c
5c6252f54a95308f0fed3b02b4987604ca34ef41
c2c83189d625be5e48e8455c98569e7b78dd047c3b9b5268c184147af9ccbd07
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/internal-page.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 17 Nov 2022 12:31:37 GMT
ETag: "3b7b-5eda9c53aa890"
Accept-Ranges: bytes
Content-Length: 15227
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/fanzone.css?rlhtdj
165.22.20.44200 OK 14 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/fanzone.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 968253be2a62d4d66ade6ec4e21dfe8a
368a43dc4c575de7a9fb09a773114baacbd0ab6c
150d688e7dbf9db1a905c8df91818006bdbc57753a4d27be4244114b894c63a6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/fanzone.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "356d-5eb3a5f64880f"
Accept-Ranges: bytes
Content-Length: 13677
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/photo-gallery.css?rlhtdj
165.22.20.44200 OK 3.2 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/photo-gallery.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash b75ceb2b0c78f63e67963493000027a1
a5e89d4df14c46f32fdebe439f226348371656d7
c7a4ba2f7a9046b8341c2bb6e92ba902e1c63b0563022501a52c96c292eee156
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/photo-gallery.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 24 Oct 2022 11:08:27 GMT
ETag: "c6d-5ebc5cf98bb6d"
Accept-Ranges: bytes
Content-Length: 3181
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/themes/custom/saudi_games/css/transportation-accommodation.css?rlhtdj
165.22.20.44200 OK 1.6 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/css/transportation-accommodation.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash a42cc0f7bbcda4b16df6fb5f000a7d40
58d044e3854a9d09d272b3ab676abe743cb94f42
48d5acc4ece83970cd9469a1af52d001e25ad139a33badd3f7ed441a86c46ce5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/css/transportation-accommodation.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "628-5eb3a5f64a367"
Accept-Ranges: bytes
Content-Length: 1576
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/css
165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.polyfill.min.js?rlhtdj
165.22.20.44200 OK 1.2 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.polyfill.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (1150)
Hash 59e8eb4b7f8636c57ae8fe748e31165b
65606789acbf500ec85d6ca8f4f85614e71c16f0
31921d7e1f82b8eb023a391b43853343fa62139b930c7fa06e8f8336dfb539ad
Analyzer Verdict Alert quad9 Sinkholed
GET /modules/contrib/blazy/js/polyfill/blazy.polyfill.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "47f-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 1151
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.classlist.min.js?rlhtdj
165.22.20.44200 OK 2.4 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.classlist.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (2313)
Hash 82057283f3bf934bbb43b7f86c757c6b
770c0555b0b472ef275f661fb1e1e1a8e2b0bb16
fffec9ff9bc5b5f403e463b77ac4d92248b469e084e5837d6f19a1a2bd5e0f16
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/polyfill/blazy.classlist.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "95d-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 2397
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.promise.min.js?rlhtdj
165.22.20.44200 OK 4.0 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.promise.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (3908)
Hash 87efd475adedb1cc26cb9b20ee6c8204
b33dd90c91dce3d0cb3931b50012323053041ef8
368b8fda746570a5cc6f521fedb68a6bea45cdeb105bd0d94c5c33f846f65d34
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/polyfill/blazy.promise.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "fc8-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 4040
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.raf.min.js?rlhtdj
165.22.20.44200 OK 700 B URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.raf.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 text, with very long lines (515)
Hash b47c67ffc6958358a1e79239c3d75081
90e17b3c3567acbb4386040ad9cb046b7a2b671c
145023798a68c4d18c80942ee0ad708a6107e26101cf3a2d7e413e5148dc7145
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/polyfill/blazy.raf.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "2bc-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 700
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/core/assets/vendor/jquery-once/jquery.once.min.js?v=2.2.3
165.22.20.44200 OK 908 B URL HTTP/1.1 165.22.20.44/core/assets/vendor/jquery-once/jquery.once.min.js?v=2.2.3
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (684)
Hash 48540c4b174900eee9e0894ebbd23fd7
3d7ecb0a1fef4aeeacf3f9b82099027de44c652a
1da79754ccda7c241f56d5a82ed377c3384b58db3c718d9c1fd38843c47d8df3
Analyzer Verdict Alert quad9 Sinkholed
GET /core/assets/vendor/jquery-once/jquery.once.min.js?v=2.2.3 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "38c-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 908
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/core/misc/drupalSettingsLoader.js?v=8.9.20
165.22.20.44200 OK 519 B URL HTTP/1.1 165.22.20.44/core/misc/drupalSettingsLoader.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 49dbe4bac61e9ca48a5951bcbe0d03e9
020efebbf1f6e97d39ddcddc5262f34c1db7807f
5f8f69ec521f7998af455985a8ede6d8dcf3527b43795fe3d26f1f1b57a5a554
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/misc/drupalSettingsLoader.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "207-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 519
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/core/misc/drupal.js?v=8.9.20
165.22.20.44200 OK 6.3 kB URL HTTP/1.1 165.22.20.44/core/misc/drupal.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 2d083e808846c9d9780adb0b098027d9
d5b5d83f9c911bd862a4977de0f41d1be9bfbad7
990fda61c1303a87f6317b47fef824552d611209f0537bd4faaa9648d3de1363
Analyzer Verdict Alert quad9 Sinkholed
GET /core/misc/drupal.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "18a8-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 6312
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/sites/default/files/languages/ar_55VSfwT3XBVVhDVItisl69-1oDkFU36O4Yr7lszM8bs.js?rlhtdj
165.22.20.44200 OK 8.3 kB URL HTTP/1.1 165.22.20.44/sites/default/files/languages/ar_55VSfwT3XBVVhDVItisl69-1oDkFU36O4Yr7lszM8bs.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (8323), with no line terminators
Hash 486487b46589bad0a5b16248d14f5683
302cf0e942818096e3fca97b15cabc83bd26ecda
e795527f04f75c1555843548b62b25ebdfb5a03905537e8ee18afb96ccccf1bb
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/languages/ar_55VSfwT3XBVVhDVItisl69-1oDkFU36O4Yr7lszM8bs.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 17 Nov 2022 12:52:04 GMT
ETag: "2083-5edaa0e52d3fa"
Accept-Ranges: bytes
Content-Length: 8323
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/core/misc/debounce.js?v=8.9.20
165.22.20.44200 OK 761 B URL HTTP/1.1 165.22.20.44/core/misc/debounce.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 58c926a9a2b52b46ff8bf2fe5b474eb8
85f918ba06e8d1439e6de829b17f8e9299ab11f6
f542c438a5a90be6246a782f872f4efa94a1f26b21f20203b2ca82bb96b318f5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/misc/debounce.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "2f9-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 761
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/core/misc/drupal.init.js?v=8.9.20
165.22.20.44200 OK 727 B URL HTTP/1.1 165.22.20.44/core/misc/drupal.init.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 561d5e5f6f76f15fd1375a9a1c2a18f1
7f5514d8bdff39269c12134505b9722484ed6ce7
41683e0bdfed00e74de14d86441e289271ca70b2a94c721653b9a49dc32fb24e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/misc/drupal.init.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "2d7-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 727
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: application/javascript
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 10:51:21 GMT
age: 321
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
165.22.20.44/core/assets/vendor/jquery/jquery.min.js?v=3.5.1
165.22.20.44200 OK 471 B URL HTTP/1.1 165.22.20.44/core/assets/vendor/jquery/jquery.min.js?v=3.5.1
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /core/assets/vendor/jquery/jquery.min.js?v=3.5.1 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Nov 2021 21:24:28 GMT
ETag: "15d84-5d102aab9db00"
Accept-Ranges: bytes
Content-Length: 89476
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/plugin/blazy.dataset.min.js?rlhtdj
165.22.20.44200 OK 614 B URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/plugin/blazy.dataset.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (613)
Hash 794d5716f9cf8ee35be08c1e5c988f3c
596e3994ffef376a36bf88cf66865710b141c981
3192f22aa09550f42ba416808cd77e9cda631aea24baa9d11d9efd597cb4265c
Analyzer Verdict Alert quad9 Sinkholed
GET /modules/contrib/blazy/js/plugin/blazy.dataset.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "266-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 614
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/dblazy.min.js?rlhtdj
165.22.20.44200 OK 10 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/dblazy.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (9993)
Hash e8965507cfe0c46578c78e3fcb89e736
396b17075714ee6d81537c8473c32e5c6ca22cbc
41dbc176e1f9157259a44aeddd679a72d6a6d964e1cd45e3d0b04877c10091c8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/dblazy.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "270a-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 9994
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/plugin/blazy.dom.min.js?rlhtdj
165.22.20.44200 OK 3.2 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/plugin/blazy.dom.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (3244)
Hash f7e131229da9dc6327308f226c1761a4
fad0c8e08c649ca03484110f897c4bc0c81e3b12
33113fc37149a0982e9fb129507fe5cef67ac2a5df2dccf7abba9ce5f80a3ef0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/plugin/blazy.dom.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "cad-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 3245
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/plugin/blazy.xlazy.min.js?rlhtdj
165.22.20.44200 OK 1.9 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/plugin/blazy.xlazy.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (1864)
Hash 1ef2a0afab1b35b0ada0878d5e82dd1b
11a9a0ca2e92e5adc6e080bdf848b8ce00dddd2c
c4edc015d7e24a12b56779fde7eca4680a190050cff419d3c47642c52374c8f2
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/plugin/blazy.xlazy.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "749-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 1865
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/plugin/blazy.viewport.min.js?rlhtdj
165.22.20.44200 OK 893 B URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/plugin/blazy.viewport.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (892)
Hash 391802ccc5bd8120afc640b79e06d17e
c1fd6bd4c5b3789590485303ed3098fc0b372403
2a10e91500965c9d9523c4fccee91c478e54d8ae7c549e14c96fc6055b6d89b0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/plugin/blazy.viewport.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "37d-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 893
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/plugin/blazy.observer.min.js?rlhtdj
165.22.20.44200 OK 943 B URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/plugin/blazy.observer.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (942)
Hash 3b17cba4c6ac15261efa19c14e5a0574
5e1ec71868e410fbaf97d8639b58277c06169a12
7ed5f9fab6b3a89a1212b196fe49b2ede3f39f2a2477416da77add63fc78fbac
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/plugin/blazy.observer.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "3af-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 943
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/plugin/blazy.loading.min.js?rlhtdj
165.22.20.44200 OK 331 B URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/plugin/blazy.loading.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (330)
Hash a1f4fea57529782ed00e96634b8efccd
8760c2922c381daa3bbd05178abb3d9c959a74c1
c51774b35ef50099e7b4172dccd324e393637a04d8eda2f029201f3b9660182e
Analyzer Verdict Alert quad9 Sinkholed
GET /modules/contrib/blazy/js/plugin/blazy.loading.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "14b-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 331
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/base/blazy.base.min.js?rlhtdj
165.22.20.44200 OK 254 B URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/base/blazy.base.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 90625f29677a54f62c15f6aae26ddc58
1bf5d5aba8bce7a2c4263dffca01d8aa91db3e42
9552409020b576f1b8a5cedb499a84382e183659830827bdf79d5485b02ee538
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/base/blazy.base.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "fe-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 254
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/base/blazy.min.js?rlhtdj
165.22.20.44200 OK 3.2 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/base/blazy.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (3236)
Hash b20ed5b15a3a5fb1aa80c764cac58369
3eb360835a15fee87f42adbb48608864ddef7b16
420851a945b0b1122f98e054758ac4515bac1cf774e05a140363ca01b2d92e21
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/base/blazy.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "ca5-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 3237
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.webp.min.js?rlhtdj
165.22.20.44200 OK 1.0 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/polyfill/blazy.webp.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (1034)
Hash 1d74fa1602bf460438671f9cb561ff87
fb46c26e9da0a755ebeb7c852927b6af845b1052
53ce26d3de416753372d87d9a8c192ab34973f2978cc6102ff28093e03df285d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/polyfill/blazy.webp.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "40b-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 1035
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/base/io/bio.media.min.js?rlhtdj
165.22.20.44200 OK 1.9 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/base/io/bio.media.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (1884)
Hash 2bab6a933564f515098d7c818f10b7df
f28e0b1e85da9acb7e5a3d030f5c35282b3b83b9
56ba77276854379a60ba8e4fcbdd5129c4afd3dcd4d23cf3078305b75b6d11c3
Analyzer Verdict Alert quad9 Sinkholed
GET /modules/contrib/blazy/js/base/io/bio.media.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "75d-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 1885
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/base/io/bio.min.js?rlhtdj
165.22.20.44200 OK 2.7 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/base/io/bio.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (2711)
Hash 7e1a152047541dab6b1f68550c7fdc68
4f94436da8e773f0a820cd7584b9ad38e978f6f4
4e34426e47673123e0e512f9a7e74772147313f27ddf4bd4d90c09fdc76c9b19
Analyzer Verdict Alert quad9 Sinkholed
GET /modules/contrib/blazy/js/base/io/bio.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "a98-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 2712
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/libraries/slick/slick/slick.min.js?v=1.x
165.22.20.44200 OK 43 kB URL HTTP/1.1 165.22.20.44/libraries/slick/slick/slick.min.js?v=1.x
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (42862)
Hash d5a61c749e44e47159af8a6579dda121
3b41b3bc956685015a347a2238e71db29dfa0dbb
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Analyzer Verdict Alert quad9 Sinkholed
GET /libraries/slick/slick/slick.min.js?v=1.x HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "a76f-5d6f22f573a3f"
Accept-Ranges: bytes
Content-Length: 42863
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/base/blazy.drupal.min.js?rlhtdj
165.22.20.44200 OK 2.4 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/base/blazy.drupal.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (2400)
Hash 92617537c6ab7255576d1da0998d886e
c1fb6c8d2a2ff3c041dcc551229c5091b3de0782
38b7101e581754987ba96d28a7ce9ce7090211f06e46fe12ca774659283c8f3d
Analyzer Verdict Alert quad9 Sinkholed
GET /modules/contrib/blazy/js/base/blazy.drupal.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "961-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 2401
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/themes/contrib/bootstrap_barrio/js/global.js?v=8.9.20
165.22.20.44200 OK 762 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/js/global.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 6ece312cc2007b77135d68c5572460b2
4a3c54098af2cbf0d4da4582106b5292feb5960e
d7d352a062e20f25442a337c59b45e0c53752ecae4343240979bb937badd964f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/js/global.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "2fa-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 762
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/blazy/js/blazy.load.min.js?rlhtdj
165.22.20.44200 OK 1.7 kB URL HTTP/1.1 165.22.20.44/modules/contrib/blazy/js/blazy.load.min.js?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (1659)
Hash dcc821401674423e5db8da249d4ac5ad
7af35198971a6b44fc2b5865c44c5b78cc8a8934
ada4ab8e874c229e834ebb3a443e6ab6ed63719387f8edef792bd9cda23aa76f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/blazy/js/blazy.load.min.js?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 31 May 2022 08:17:10 GMT
ETag: "67c-5e04a662d4d80"
Accept-Ranges: bytes
Content-Length: 1660
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/slick/js/slick.load.min.js?v=8.9.20
165.22.20.44200 OK 3.3 kB URL HTTP/1.1 165.22.20.44/modules/contrib/slick/js/slick.load.min.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (3285)
Hash 94e62fabcd90592289a680ade46490d6
4162c5d26f6c1e51c968759001bc9b16dac07aaf
9c04a9624facd5ecfcf3696cd37b572e9d7efb7935a39c2a67c0d379a45ebfe8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /modules/contrib/slick/js/slick.load.min.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sat, 19 Feb 2022 11:50:57 GMT
ETag: "cd6-5d85d9cc0ea40"
Accept-Ranges: bytes
Content-Length: 3286
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/modules/contrib/google_analytics/js/google_analytics.js?v=8.9.20
165.22.20.44200 OK 6.5 kB URL HTTP/1.1 165.22.20.44/modules/contrib/google_analytics/js/google_analytics.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 74f6bf839ad7ea33081bcf66aa1bdf08
6d890f999e8c11eb07016fd7222fb33fe992d082
b4a529afcbccc5869735182270b8f59e43de6f9f53bc79557929214ff3669008
Analyzer Verdict Alert quad9 Sinkholed
GET /modules/contrib/google_analytics/js/google_analytics.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 04 Jun 2020 18:56:41 GMT
ETag: "1952-5a746b47a0c40"
Accept-Ranges: bytes
Content-Length: 6482
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/themes/contrib/bootstrap_barrio/js/affix.js?v=8.9.20
165.22.20.44200 OK 1.0 kB URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/js/affix.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash ebb4f4c2921b0ed5d802f59e6a437964
ad3078d290245fb59b9f877dcb6c364b67c9b1e9
919d85e8e1ed4523535898cf35e18f976df480923585221ad7c6142bf251a262
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/js/affix.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "3f1-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 1009
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/themes/custom/saudi_games/js/lightgallery/lightgallery-1.js?v=8.9.20
165.22.20.44200 OK 64 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/js/lightgallery/lightgallery-1.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (872)
Hash 39c106cb975571c21d4296415ea22012
f8d4920d22a0dad69cf94a78385d8e1ab83d3fa4
f4d6768af6f3ded32e87fed73465ca608999b3680154d80396f5407086dd7fed
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/js/lightgallery/lightgallery-1.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "fbfe-5eb3a5f64f189"
Accept-Ranges: bytes
Content-Length: 64510
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/themes/custom/saudi_games/js/lightgallery/lg-thumbnail-1.min.js?v=8.9.20
165.22.20.44200 OK 20 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/js/lightgallery/lg-thumbnail-1.min.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (871)
Hash 2e222afee3a082ad7cfab04b7488cbe9
c4463638bcc586692e915518de3d40e7383ea05b
f499ac69b6c245148509f15351bdeb74b14f1f49e43e400beb3a4f93e7f016e6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/js/lightgallery/lg-thumbnail-1.min.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "4e99-5eb3a5f64eda1"
Accept-Ranges: bytes
Content-Length: 20121
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
165.22.20.44/themes/custom/saudi_games/js/lightgallery/lg-video-1.min.js?v=8.9.20
165.22.20.44200 OK 15 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/js/lightgallery/lg-video-1.min.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (867)
Hash b23d693b77fe15146c923185f2e83932
07e499c2ae66c7d098f2cdb3cebfc5cb70500ceb
a3c3ce491bca2992f51dc7f43f56784718c7d2be4a50d2d9cf0708b8b8d626d7
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/js/lightgallery/lg-video-1.min.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "39ab-5eb3a5f64eda1"
Accept-Ranges: bytes
Content-Length: 14763
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: application/javascript
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5563
Expires: Thu, 09 Feb 2023 12:29:25 GMT
Date: Thu, 09 Feb 2023 10:56:42 GMT
Connection: keep-alive
165.22.20.44/themes/contrib/bootstrap_barrio/css/print.css?rlhtdj
165.22.20.44200 OK 663 B URL HTTP/1.1 165.22.20.44/themes/contrib/bootstrap_barrio/css/print.css?rlhtdj
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash 0d82b00697d6d3647badd8197426c3c6
1a6d05311e7c1254e969406c8e5624e8360b183a
f7dc928e6b3356611813b432ce1e33d6be47f6641f7133f051c8e059ebe1d882
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/contrib/bootstrap_barrio/css/print.css?rlhtdj HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 25 Oct 2020 17:41:07 GMT
ETag: "297-5b282518952c0"
Accept-Ranges: bytes
Content-Length: 663
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
165.22.20.44/themes/custom/saudi_games/images/sg-logo.svg
165.22.20.44200 OK 103 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/sg-logo.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2271)
Size 103 kB (102913 bytes)
Hash 520a3cbfd2c67905724587da453a4d3c
18863c5488cc3f5cf09686ee24a76757225d2b51
470222d60dfa31bd13a65111aee11aa683cf370b6edf3481a1047ecb22cea1d4
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/sg-logo.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:05 GMT
ETag: "19201-5e94371d14cd8"
Accept-Ranges: bytes
Content-Length: 102913
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/themes/custom/saudi_games/js/global-24.js?v=8.9.20
165.22.20.44200 OK 30 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/js/global-24.js?v=8.9.20
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Hash f967ab88e356dbfdcc1bf9d83f27b1bd
86aa9d7fe8b2329216b34856e1fdb4b4263c64e7
9a1f811ca5e8456bb86568b0fb5d0043ffaaff09c8bb922b8d8773d8c1859e09
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/js/global-24.js?v=8.9.20 HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 17 Nov 2022 12:31:37 GMT
ETag: "75e2-5eda9c53aa890"
Accept-Ranges: bytes
Content-Length: 30178
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: application/javascript
165.22.20.44/sites/default/files/2022-09/SAUDIA-LOGO-%282%29.png
165.22.20.44200 OK 54 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/SAUDIA-LOGO-%282%29.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 350 x 104, 8-bit/color RGBA, non-interlaced\012- data
Hash 4ff7ed6f776474e25936b399793a16de
fa933e20ac00c51a38a323b062bb367a3eed5771
7dd3d774e04e28bd2bd987f287777e05af635d46d429e8ccd63469c4701d592f
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/SAUDIA-LOGO-%282%29.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Sep 2022 14:57:22 GMT
ETag: "d0cd-5e91d0ba15880"
Accept-Ranges: bytes
Content-Length: 53453
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-219812020-1
142.250.74.40200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-219812020-1
IP 142.250.74.40:0
File type ASCII text, with very long lines (1759)
Hash 20c070cd31f48cfbab0fd93cdbd40413
355652edc129345ed5a99c5bf6e57b7b5c337353
e72b61fd74cd7569ba8ea78fa57bdada928a1e1680b3e287dea7ae04c928cee7
GET /gtag/js?id=UA-219812020-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 10:56:42 GMT
expires: Thu, 09 Feb 2023 10:56:42 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44090
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
165.22.20.44/themes/custom/saudi_games/images/ticket.png
165.22.20.44200 OK 7.2 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/ticket.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 100 x 68, 8-bit/color RGBA, non-interlaced\012- data
Hash 536654907c1beecf5c34b98c292566e6
ce82c7612508b02571ebc525ba933708022e7649
27e306ed85f43bece0a01600f512ef334cfcc0bc0504cd14dc02694fe1bf5338
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/images/ticket.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "1c51-5eb3a5f64e1e9"
Accept-Ranges: bytes
Content-Length: 7249
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/themes/custom/saudi_games/images/mute_icon.svg
165.22.20.44200 OK 1.3 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/mute_icon.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 06875dc38ad177f6705a9d0634e4bc16
7c19b1692cc17de14a5fb27903c4dea3816de607
dd02d44c6699c41961fc06d683a157c267c0b3e18bf86f011d016f5a7a96f4be
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/mute_icon.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Sun, 23 Oct 2022 12:01:46 GMT
ETag: "518-5ebb2706cdcdd"
Accept-Ranges: bytes
Content-Length: 1304
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: image/svg+xml
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
165.22.20.44/themes/custom/saudi_games/images/colored-logo-text-white.png
165.22.20.44200 OK 22 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/colored-logo-text-white.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 277 x 521, 8-bit/color RGBA, non-interlaced\012- data
Hash b2e73f7f42dc255714ef0522c908121a
8c6d0b889ca0c0fb1321d10b52d3afd10dd2b993
0554f687bc326c002a14091be873088ad24f46ca78af1462da85e779e0427a42
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/images/colored-logo-text-white.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "55fe-5e94371cd87eb"
Accept-Ranges: bytes
Content-Length: 22014
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/themes/custom/saudi_games/images/news-open.svg
165.22.20.44200 OK 619 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/news-open.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (431)
Hash 0d77ab4742d45d008085d66d1812f2b6
cc81e9cdbe93b846f09dd8c794c551ecf15c1995
9369173930d6d104d64701832f3202e11fa7408fc9e5a96010b9b9ee9a6772c5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/news-open.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "26b-5e94371cdbe9c"
Accept-Ranges: bytes
Content-Length: 619
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: image/svg+xml
sc-static.net/scevent.min.js
54.230.82.240200 OK 13 kB URL HTTP/2 sc-static.net/scevent.min.js
IP 54.230.82.240:0
File type ASCII text, with very long lines (31034), with no line terminators
Hash aebfe79a43ab3b40d473082cb240bfe7
e176237cc68803a9dfc6ac7f5db919a6c8f4c5c3
a562e759047435340c5e9816df15a44f08f49c04482365e139a1591f1d1507ac
GET /scevent.min.js HTTP/1.1
Host: sc-static.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 13295
server: CloudFront
date: Thu, 09 Feb 2023 10:56:42 GMT
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Content-Type
cache-control: private, s-maxage=0, max-age=600
set-cookie: X-AB=0d6e407936704bd380072f5891d28b0e;max-age=86400;expires=Fri, 10 Feb 2023 09:02:23 GMT;Path=/scevent.min.js; Secure; SameSite=None
x-cache: GeneratedResponse from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZWNeErIjijPZl5n72oe4cKAc_U3CTriqHYfJuI4LSAe_qjuVoLy3vg==
X-Firefox-Spdy: h2
165.22.20.44/themes/custom/saudi_games/images/top-logos.png
165.22.20.44200 OK 82 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/top-logos.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1925 x 202, 8-bit/color RGBA, non-interlaced\012- data
Hash a97b9885c30ba3f76b736c55768e9b77
4899bdf56f1a287cff8dc8307e16fa47448746d0
4a4251ff47e52270904ecf09d6bd08152ae765297088327fcfce288743d2c823
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/images/top-logos.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "14203-5eb3a5f64e1e9"
Accept-Ranges: bytes
Content-Length: 82435
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: image/png
www.googletagmanager.com/gtag/js?id=AW-10977461905
142.250.74.40200 OK 67 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10977461905
IP 142.250.74.40:0
File type ASCII text, with very long lines (3558)
Hash 799988b4d3dabb20d92740912cb4b00b
dce7ba8b6ca85fd0de980bdc14e36c138e7d3216
cd79406b4f84ab943acecaa39df1242484bf6d3b5ff2ed899c91f25c7ca4de0e
GET /gtag/js?id=AW-10977461905 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 10:56:42 GMT
expires: Thu, 09 Feb 2023 10:56:42 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66636
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
165.22.20.44/sites/default/files/2022-09/Safe%281%29-1.png
165.22.20.44200 OK 33 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/Safe%281%29-1.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 350 x 209, 8-bit/color RGBA, non-interlaced\012- data
Hash 094ce1436689aa0ae4843c462b940510
b287b5da64396fd8d88aa18e975a5fb8049f7a46
2a9014aa65750c8468bbe8c07219b15308069263cb271055af870fd742513d75
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/Safe%281%29-1.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Sep 2022 14:56:35 GMT
ETag: "8112-5e91d08d42ec0"
Accept-Ranges: bytes
Content-Length: 33042
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/themes/custom/saudi_games/images/colored-logo.png
165.22.20.44200 OK 22 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/colored-logo.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 277 x 521, 8-bit/color RGBA, non-interlaced\012- data
Hash ff1b8dabe7be2c482fede27b155bc747
7881019518869892841e09b8ad0c6cd65f5ca713
47aa30124edaa94ca133bec41599c7605faa30029b13ac0176ab2d7e64102dd8
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/images/colored-logo.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "5795-5d6f22f58b143"
Accept-Ranges: bytes
Content-Length: 22421
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: image/png
fonts.googleapis.com/css2?family=Cairo:wght@200;300;400;500;600;700;800;900&display=swap
142.250.74.74200 OK 64 kB URL HTTP/2 fonts.googleapis.com/css2?family=Cairo:wght@200;300;400;500;600;700;800;900&display=swap
IP 142.250.74.74:0
Hash c92df0f8e7666ef077d954f94ad6ab20
cfca38ba2feb70f26d85e0cf3f05c5bd02d4cb99
c4233b78060cc9a309d91d52ed806c847f92248a250a69a3b40607512aabbabe
GET /css2?family=Cairo:wght@200;300;400;500;600;700;800;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 Feb 2023 10:56:42 GMT
date: Thu, 09 Feb 2023 10:56:42 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
165.22.20.44/themes/custom/saudi_games/images/chevron-left.svg
165.22.20.44200 OK 289 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/chevron-left.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash bdde5e6db9814164753d330b24685242
8aa3389f898bd3e977f0eb9e3bcf90384034ba4f
b9d9ab099d36f398109b99b1d5ad3c304224f5307a5f2d0f16a895be44ec1103
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/chevron-left.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "121-5e94371cd8403"
Accept-Ranges: bytes
Content-Length: 289
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/themes/custom/saudi_games/images/location-tag.svg
165.22.20.44200 OK 231 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/location-tag.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 2cd06b872006e97b86907cb9e3af894b
d21aa6f87f1c7d288c95123a133b49698266df8f
5eb0e8ee83118b5fc60ef192c28c06f9211deebdbebec1321afb55132f8cd829
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/location-tag.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "e7-5eb3a5f64b6f0"
Accept-Ranges: bytes
Content-Length: 231
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/themes/custom/saudi_games/images/arrow-left-circle-fill-green.svg
165.22.20.44200 OK 680 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/arrow-left-circle-fill-green.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e3b219af8e4dbb504840e671b4800880
0edab64705fb4936f7300705eb7631c89c3a4a71
b2fab023b3e8675b4dd1dc8620266ea186bc129b25f513809c309d585fa38b10
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/arrow-left-circle-fill-green.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "2a8-5eb3a5f64a367"
Accept-Ranges: bytes
Content-Length: 680
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/themes/custom/saudi_games/images/event-marker.svg
165.22.20.44200 OK 207 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/event-marker.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 1177a860eb2af81227b123c381811dde
81502e0501862096eb77089de5a0810e6e3e408b
72f8cdfce20f5ac8191747168ad3296253be141a6ec7e105ff05c6e62c2dc49e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/event-marker.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "cf-5e94371cd87eb"
Accept-Ranges: bytes
Content-Length: 207
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/themes/custom/saudi_games/fonts/ArbFONTS-TheSans-Bold.otf
165.22.20.44200 OK 60 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/fonts/ArbFONTS-TheSans-Bold.otf
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type OpenType font data\012- data
Hash bd6615022773196bcb7f341d2cc6da39
238d38cfb9e7ad431a848af719e958ca49b6d326
707d47e8f794caef2636919f7e4a1ee998ee9280fa0798af057c605a5894d569
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/fonts/ArbFONTS-TheSans-Bold.otf HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/themes/custom/saudi_games/css/style.css?rlhtdj
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "e910-5d6f22f587e7a"
Accept-Ranges: bytes
Content-Length: 59664
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: font/otf
analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC72UVRC77U3FDT2VBI0&lib=ttq
23.36.79.17200 OK 1.3 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC72UVRC77U3FDT2VBI0&lib=ttq
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2725)
Hash ee5c7739d36c3e36241b6754c70bb656
21263cbcaf258bb523889624f28461e569325e54
cf87813982f7c5e8042d7a93c3ac01d1525a10b54cde30efcad64a51a326775b
GET /i18n/pixel/events.js?sdkid=CC72UVRC77U3FDT2VBI0&lib=ttq HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 202302091056423A48C739C3D373B8A733
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60b294eb1ae32bfdb0da8bf1819280156ad18631f468821e327d55864a121c9fb79421ab2b61d3b1d378abac6f2b7ba23d8918186703c92b787e29a09fb62cdefb223c0d59621136edbd00cc3a6b7b44af
content-encoding: gzip
expires: Thu, 09 Feb 2023 10:56:42 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 09 Feb 2023 10:56:42 GMT
content-length: 1335
x-cache: TCP_MISS from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
vary: Accept-Encoding
set-cookie: _ttp=2LUyxVSdpGWQtSQdUM5sfbbV1Q3; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=1, origin; dur=98
x-origin-response-time: 98,23.36.79.13
x-akamai-request-id: 126f576d
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscQyyS4J0.woff2
142.250.74.163200 OK 29 kB URL HTTP/2 fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscQyyS4J0.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 28952, version 1.0\012- data
Hash d60bcd5d38f577e0890271e12e304396
a34daf52fa7f291630483054e9d3ff1cd92d3107
1770878bf38528dd8db7b74147b6d5e7a5e17192bf1169b6f4cb9ab7f28bd694
GET /s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscQyyS4J0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://165.22.20.44
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 Feb 2023 22:40:03 GMT
expires: Sun, 04 Feb 2024 22:40:03 GMT
cache-control: public, max-age=31536000
age: 389799
last-modified: Tue, 08 Nov 2022 19:57:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
165.22.20.44/sites/default/files/2022-09/Frame%20%281%29.png
165.22.20.44200 OK 250 B URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/Frame%20%281%29.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 12 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 1fba6a3001176a65d05b790333c76c11
a4fec26d63a2c1f7dd2fb6efe982bbee3b32966d
0993c0e134bd8a39a6825417d66ad4efba8b6421899b92e0bd60d347fb06ab29
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/Frame%20%281%29.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 21 Sep 2022 03:45:58 GMT
ETag: "fa-5e927c85ba980"
Accept-Ranges: bytes
Content-Length: 250
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: image/png
fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2
142.250.74.163200 OK 33 kB URL HTTP/2 fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 32960, version 1.0\012- data
Hash 1a5a13ca74a330792699c3d73f0e7f48
4b966cf8054c187937ba7f3ff8214d0082b264c2
114150d4f5a9a671657e7abcb6fea8aea5ba175eff62f04cbaedff3caaabf450
GET /s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://165.22.20.44
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 32960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 18:05:54 GMT
expires: Fri, 02 Feb 2024 18:05:54 GMT
cache-control: public, max-age=31536000
age: 579048
last-modified: Tue, 08 Nov 2022 19:56:51 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
165.22.20.44/themes/custom/saudi_games/images/white-logo.svg
165.22.20.44200 OK 121 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/white-logo.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3151)
Size 121 kB (120957 bytes)
Hash de093b767bb870419dd53a9382f7f198
b20329711c1a57e0b199354dfe165a90625eedcf
b389026a52543e0942bbdb6a2b5e0b203bc0e98db267513a42f989f3dae140e0
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/white-logo.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:05 GMT
ETag: "1d87d-5e94371d9ff98"
Accept-Ranges: bytes
Content-Length: 120957
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/themes/custom/saudi_games/images/bg-lines.png
165.22.20.44200 OK 376 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/bg-lines.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1728 x 5625, 8-bit/color RGBA, non-interlaced\012- data
Size 376 kB (376405 bytes)
Hash fab42f060d96039f46f27da1d1cc77c3
b771555da10356d9335deff17de18971489ccae8
0ad76ffa217b2f10f4946e732c3c1eca60138aff6e59a1702ecf1e373e6e00df
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/images/bg-lines.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/themes/custom/saudi_games/css/style.css?rlhtdj
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "5be55-5e94371cd8403"
Accept-Ranges: bytes
Content-Length: 376405
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: image/png
analytics.tiktok.com/i18n/pixel/static/main.MWNiNWY1N2YyMQ.js
23.36.79.17200 OK 69 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/static/main.MWNiNWY1N2YyMQ.js
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (21891)
Hash 22a52083f28e807e7f9497a755c3d12f
cd02a9e091be6add5d7b9ae0e26bba6da98f1967
363dcb5bf9b354a63bc3bec31ac1e9f6576576175e9e0d4b6151087f944e9c56
GET /i18n/pixel/static/main.MWNiNWY1N2YyMQ.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Cookie: _ttp=2LUyxVSdpGWQtSQdUM5sfbbV1Q3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-logid: 2023020721083176983CE0D211F4A13354
x-tt-trace-host: 01aeae1f087e3f5c7e571ba61f1d24e83929ff0b0ab6cd318d87cd9f0f1b827aab107a9e0767a584ad0416ffcb6f10e40842451da4ceb7c88a45e9c92b4ddf2de9322ac5387cd3a7c0d80b76904af5e88d2c903a25d79949ca20429a73a4bb9f49
content-encoding: gzip
content-length: 68908
date: Thu, 09 Feb 2023 10:56:42 GMT
x-cache: TCP_MEM_HIT from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
vary: Accept-Encoding
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
x-akamai-request-id: 126f5a5a
X-Firefox-Spdy: h2
165.22.20.44/themes/custom/saudi_games/images/menu-toggle.svg
165.22.20.44200 OK 408 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/menu-toggle.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 64e76f28b0a581109d7f1ae8dd3df895
9c9ad21af68f4a1b99f4b30b59f85550a619359a
e3a486a24278bd0cce2793480e07e7df7f9a629578ac5688adf5fe6843533ffd
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/menu-toggle.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/themes/custom/saudi_games/css/header_menu.css?rlhtdj
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "198-5e94371cd87eb"
Accept-Ranges: bytes
Content-Length: 408
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/themes/custom/saudi_games/images/arrow-down.svg
165.22.20.44200 OK 543 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/arrow-down.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (439)
Hash c3ec51ab7e1ca5c5a5e9273a6f549784
36938ea531b3f8d745450f996273898f7f5966e1
81ba0e94a7d7ae7791739b59cd636f1263149b3372207c621c79e51d0885f61e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/arrow-down.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/themes/custom/saudi_games/css/header_menu.css?rlhtdj
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "21f-5e94371cd7462"
Accept-Ranges: bytes
Content-Length: 543
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/svg+xml
push.services.mozilla.com/
35.155.47.30101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.47.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NsRfXeciWMC0KPMf8I8dPg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bhvUfhyfjQcN/PNWi70qqH3CeG8=
165.22.20.44/themes/custom/saudi_games/images/vision-bg.jpg
165.22.20.44200 OK 340 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/vision-bg.jpg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2200x1080, components 3\012- data
Size 340 kB (339963 bytes)
Hash b31e8c81b215a87024ec0e540ae6b067
9dfdcac2656fd7633ff558b23b407655ef540c83
eca1714b2b06ed7a265bf6610499f19d7d479c65da4573da9c571e5982bbd5c0
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/images/vision-bg.jpg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/themes/custom/saudi_games/css/main.css?rlhtdj
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:05 GMT
ETag: "52ffb-5e94371d8a3e8"
Accept-Ranges: bytes
Content-Length: 339963
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
165.22.20.44/sites/default/files/2022-09/Vector%20%284%29.png
165.22.20.44200 OK 296 B URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/Vector%20%284%29.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 24 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 01ac37a7960c0606d864b1bfcb7557fd
54c88feba8b6b86154c08d3ff39a6bfcf190168a
13a1c8b3448642f6b8476520e3ec2dff18fa971ea8c389ebff05ecb925c2494d
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/Vector%20%284%29.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 21 Sep 2022 03:48:17 GMT
ETag: "128-5e927d0a4a240"
Accept-Ranges: bytes
Content-Length: 296
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/sites/default/files/2022-09/Vector%20%285%29.png
165.22.20.44200 OK 381 B URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/Vector%20%285%29.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 23 x 19, 8-bit/color RGBA, non-interlaced\012- data
Hash e1b800893895a0225e98c0ebbb219991
f66062d871c65a2458c522dd2d623ea96b150c74
a4d68db6701395b78d355be3e070d79b32dd3046c6f3c6c0c3ae9863fef3e028
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/Vector%20%285%29.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 21 Sep 2022 03:48:01 GMT
ETag: "17d-5e927cfb07e40"
Accept-Ranges: bytes
Content-Length: 381
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/sites/default/files/2022-09/Frame.png
165.22.20.44200 OK 438 B URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/Frame.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 21 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash 8b3d33e8fd163b22aeabd4a81d374fb4
bc37d28ff213c70e77e5d9330ca3947765d52bcc
4f2a9712a0bf1b75dbe599be6d1b5b3869ba54744ee9d15ab0a0e2df589b6ec3
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/Frame.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 21 Sep 2022 03:47:24 GMT
ETag: "1b6-5e927cd7beb00"
Accept-Ranges: bytes
Content-Length: 438
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
165.22.20.44/sites/default/files/2022-09/Aljadi.png
165.22.20.44200 OK 20 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/Aljadi.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 350 x 251, 8-bit/color RGBA, non-interlaced\012- data
Hash 6b034589d5295506025c0396e83f276f
1763583de10b26bf40e527c7ea9f24a6c9652212
71a7535166bdbce4f6d778bd6739778f4aaf7ef7844fe474dfca467d43e3a45d
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/Aljadi.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Sep 2022 14:58:39 GMT
ETag: "4fee-5e91d103845c0"
Accept-Ranges: bytes
Content-Length: 20462
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/sites/default/files/2022-09/mobily%20Logo-01.png
165.22.20.44200 OK 43 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/mobily%20Logo-01.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1690 x 1914, 8-bit/color RGBA, non-interlaced\012- data
Hash 7829442d6f5d3decc71dcdd4b4aca943
ab4155d1dce516683e6d62bbdd302de250267b25
7a5f61b215bf5fdb69e2fa69871f35af851c34e833ba4f0ab08321e18ba4abf9
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/mobily%20Logo-01.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Sep 2022 10:13:33 GMT
ETag: "a6b1-5e9e23f092d40"
Accept-Ranges: bytes
Content-Length: 42673
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/sites/default/files/2022-10/White.png
165.22.20.44200 OK 22 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-10/White.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1024 x 1012, 8-bit gray+alpha, non-interlaced\012- data
Hash ec7be7bd7142de7d4a0369b9dbacb642
592f417c591c3db54848e7759f6251625a2ff009
1dd45b090dd4cf2d9a2547144cf46d9e966a6ae42d3f941e5962baae80bf65f4
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-10/White.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 05 Oct 2022 10:38:29 GMT
ETag: "57d0-5ea472d693340"
Accept-Ranges: bytes
Content-Length: 22480
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/sites/default/files/2022-10/white%20tiktok-xxl_0.png
165.22.20.44200 OK 4.3 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-10/white%20tiktok-xxl_0.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash afb491887b95c18aa6cdbe565b078527
903686f0efd715d9e00020da1624298c6aa98aa3
c0a8af6d3b0e17c27d27fb2b03ac3edd1aa58f411e5d29c958259b02e16e975d
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-10/white%20tiktok-xxl_0.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 05 Oct 2022 10:51:26 GMT
ETag: "10b3-5ea475bb94780"
Accept-Ranges: bytes
Content-Length: 4275
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
165.22.20.44/sites/default/files/2022-09/ssc.png
165.22.20.44200 OK 5.5 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/ssc.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 350 x 111, 8-bit/color RGBA, non-interlaced\012- data
Hash 6f8701788ac68cb5fb7882503f362c66
267add5d740ed42fe09b6c3a6b59d31e4c039dda
66e67176ad37a7ba871cc663a9776c61226fafa870ceb7b9c63a7ceeb5997fdc
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/ssc.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Sep 2022 14:55:44 GMT
ETag: "1575-5e91d05c9fc00"
Accept-Ranges: bytes
Content-Length: 5493
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/sites/default/files/2022-09/Arabian-Centres-logo-1.png
165.22.20.44200 OK 27 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/Arabian-Centres-logo-1.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 350 x 386, 8-bit/color RGBA, non-interlaced\012- data
Hash bac7f9009a0aff6c4172a02a1ad4eb2c
3747a4f287bc0ef689b3bf2bdc7c216660bf8554
691a0d91ee16311e6d120b3e426f3b2754e47245ba3b775801715be167d17924
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/Arabian-Centres-logo-1.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Sep 2022 14:57:05 GMT
ETag: "6ae2-5e91d0a9df240"
Accept-Ranges: bytes
Content-Length: 27362
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: image/png
165.22.20.44/sites/default/files/2022-09/al-arabia.png
165.22.20.44200 OK 9.5 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/al-arabia.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 350 x 117, 8-bit/color RGBA, non-interlaced\012- data
Hash 455c30398b8202c252efe7a0ae2e6629
61a83bfaf016b177e299ffcb0609d1f9d0862088
76348e90c8b5fe1b65ba0a251cd59297fb460970ade1a07a73024105d5a7ba6c
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/al-arabia.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Sep 2022 14:54:09 GMT
ETag: "2527-5e91d00206640"
Accept-Ranges: bytes
Content-Length: 9511
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
165.22.20.44/sites/default/files/2022-10/image00002_0.JPG
165.22.20.44200 OK 138 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-10/image00002_0.JPG
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1080x720, components 3\012- data
Size 138 kB (138451 bytes)
Hash 1c2b97526800313581305dcc3f8b38d5
9b51be5a56032102707cdd3820867be528b5cf45
9c2958ab9e806fd26d7c6e12878a513c26b7f692ad257bc180449006436d0e20
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sites/default/files/2022-10/image00002_0.JPG HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 04 Oct 2022 09:37:14 GMT
ETag: "21cd3-5ea323485c680"
Accept-Ranges: bytes
Content-Length: 138451
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/jpeg
165.22.20.44/sites/default/files/2022-09/Saptco.png
165.22.20.44200 OK 49 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/Saptco.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 350 x 76, 8-bit/color RGBA, non-interlaced\012- data
Hash d880ee28c97687ec51f54226938c0a1c
ed488b1651589707b1aaebcaba50df32390f736b
0f0cdbccbcf11e09f64312cb1be9a4cc42cd9ea7e81a9d44aa87f0a0879a47e2
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/Saptco.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Sep 2022 14:58:12 GMT
ETag: "bed1-5e91d0e9c4900"
Accept-Ranges: bytes
Content-Length: 48849
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: image/png
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 20834398a0fb13a001bb475358a5c340
27b62771a6d7009e3c482d7f2dbdd9ac12772a35
090ef938c34d136bcb5b608e8544993d0197ef468d242fcc1071d21d0c8d005d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6061
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Last-Modified: Thu, 09 Feb 2023 09:15:41 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 20834398a0fb13a001bb475358a5c340
27b62771a6d7009e3c482d7f2dbdd9ac12772a35
090ef938c34d136bcb5b608e8544993d0197ef468d242fcc1071d21d0c8d005d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6061
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:42 GMT
Last-Modified: Thu, 09 Feb 2023 09:15:41 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
165.22.20.44/sites/default/files/2022-10/WhatsApp-Image-2022-09-26-at-10.15.jpg
165.22.20.44200 OK 174 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-10/WhatsApp-Image-2022-09-26-at-10.15.jpg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1280x853, components 3\012- data
Size 174 kB (173633 bytes)
Hash 623ed016663eee4028498b9a1c4ba1f0
ac12c35220257583d5733832ce5801bd672e429a
da164bc2fb08e9e9e66f084fc8de46bfc2dbd49949fc8dd41851031d5dc7e789
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-10/WhatsApp-Image-2022-09-26-at-10.15.jpg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Wed, 05 Oct 2022 10:09:50 GMT
ETag: "2a641-5ea46c6f35780"
Accept-Ranges: bytes
Content-Length: 173633
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: image/jpeg
165.22.20.44/sites/default/files/2022-09/4e932718-4997-4a98-a996-b822e76ba85f_0.jpg
165.22.20.44200 OK 151 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/4e932718-4997-4a98-a996-b822e76ba85f_0.jpg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x834, components 3\012- data
Size 151 kB (150901 bytes)
Hash 55505ecf79a1eb96b4f0910a38d33d1b
e7898340969eb28903b18c17479d334b68286aaa
54c73ceaf3c98a9955354cdd364e8187754488a1bd8ff2b06843ead4cd585e2c
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/4e932718-4997-4a98-a996-b822e76ba85f_0.jpg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 29 Sep 2022 12:16:34 GMT
ETag: "24d75-5e9cfd922ec80"
Accept-Ranges: bytes
Content-Length: 150901
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/jpeg
165.22.20.44/sites/default/files/2022-10/DSC09716.JPG
165.22.20.44200 OK 403 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-10/DSC09716.JPG
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, manufacturer=SONY, model=ILCE-7M4, xresolution=126, yresolution=134, resolutionunit=2, software=ILCE-7M4 v1.00, datetime=2022:10:01 14:33:56], baseline, precision 8, 2048x1365, components 3\012- data
Size 403 kB (403183 bytes)
Hash 8d778a06d3995f4989d0128a96c5b049
cc9213024438e02b68015a45c81a064085b8655b
a4f4851312b81881d7041461c79fc4784d96d9a7a7c37fa910f3fe3805adfca8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sites/default/files/2022-10/DSC09716.JPG HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 10 Oct 2022 06:29:43 GMT
ETag: "626ef-5eaa848f563c0"
Accept-Ranges: bytes
Content-Length: 403183
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 20834398a0fb13a001bb475358a5c340
27b62771a6d7009e3c482d7f2dbdd9ac12772a35
090ef938c34d136bcb5b608e8544993d0197ef468d242fcc1071d21d0c8d005d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6062
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Last-Modified: Thu, 09 Feb 2023 09:15:41 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
analytics.tiktok.com/i18n/pixel/static/identify_5f1fb.js
23.36.79.17200 OK 31 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/static/identify_5f1fb.js
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 591b95fff14a7f5e64f9536c5c595274
e02712023e2c51a67054a78696ea2203ff6fc85e
7b19272e8214a2ee99bba815ca143cf20e761055d526fa500d82b81f1753c634
GET /i18n/pixel/static/identify_5f1fb.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Cookie: _ttp=2LUyxVSdpGWQtSQdUM5sfbbV1Q3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-logid: 202302072108362D6BF22F360C4EC8114B
x-tt-trace-host: 0149ac210ef9156de5d0158c58c245ffa55bb2e8ba1356745a09f7bc6b8966f5e06f89c329caee7d4e9fe96ecf3737ecfccf99cf284406cdeb69bc36a3048781d6910af8592b11c62fae4a30bea833e584e4d134275604f50d063fb2b5ac1f59e9
content-encoding: gzip
date: Thu, 09 Feb 2023 10:56:43 GMT
content-length: 30679
x-cache: TCP_MEM_HIT from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
vary: Accept-Encoding
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
x-akamai-request-id: 126f6031
X-Firefox-Spdy: h2
165.22.20.44/sites/default/files/2022-10/DSC09241_2_1.jpg
165.22.20.44200 OK 214 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-10/DSC09241_2_1.jpg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1100, components 3\012- data
Size 214 kB (213823 bytes)
Hash 8ad36b8adb2e2f08297ed7dfbb23894f
900251da12165efd9ae831914d267eb8c27969e6
21d59d46159a044ad1462eca13c8e475779bec64e6aa10ecb3fb14f7a22ba0be
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-10/DSC09241_2_1.jpg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 13 Oct 2022 13:04:19 GMT
ETag: "3433f-5eaea25ae9ac0"
Accept-Ranges: bytes
Content-Length: 213823
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: image/jpeg
165.22.20.44/themes/custom/saudi_games/images/news-right.svg
165.22.20.44200 OK 245 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/news-right.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 099b9515348f14a98a68038c6e89b086
12824539b49ea2ac6105b1939643b6534ef6f1a5
c7066dce6317f1cc8882f280297c913b3ee1065f41dc72730d04fd8df738b878
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/news-right.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/themes/custom/saudi_games/css/news.css?rlhtdj
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:43 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "f5-5e94371cdbe9c"
Accept-Ranges: bytes
Content-Length: 245
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:43 GMT
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/sites/default/files/2022-10/DSC00305.JPG
165.22.20.44200 OK 324 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-10/DSC00305.JPG
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=8, manufacturer=SONY, model=ILCE-7M4, xresolution=126, yresolution=134, resolutionunit=2, software=ILCE-7M4 v1.00, datetime=2022:10:03 13:42:21], baseline, precision 8, 2048x1335, components 3\012- data
Size 324 kB (323836 bytes)
Hash 8e64ef5b164e8afcecfe52e8b0d0d0a6
4b4d7fe70125447eb6a987e6a10cc2597d898793
09ac6f07b2e133c3f383c3f8779347fa7152b22bbe15048f043d282a8864071d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sites/default/files/2022-10/DSC00305.JPG HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 06 Oct 2022 10:40:52 GMT
ETag: "4f0fc-5ea5b53c69500"
Accept-Ranges: bytes
Content-Length: 323836
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Content-Type: image/jpeg
165.22.20.44/themes/custom/saudi_games/images/news-left.svg
165.22.20.44200 OK 245 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/news-left.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 531a5cdba2e3d11456d54df7b47ea8f6
0f152a9d4f9faeffc9de2170f2b6b68b8ff4faba
788c46d0506bab9135c9c7a2016126d8db053977d92b05ab1f71f18d41e06028
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/news-left.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/themes/custom/saudi_games/css/news.css?rlhtdj
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:43 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "f5-5e94371cdbe9c"
Accept-Ranges: bytes
Content-Length: 245
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:43 GMT
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/sites/default/files/2022-10/DSC08797.jpg
165.22.20.44200 OK 326 kB URL HTTP/1.1 165.22.20.44/sites/default/files/2022-10/DSC08797.jpg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1327, components 3\012- data
Size 326 kB (325786 bytes)
Hash 70d0e7586904052fc0c87bbc27fe75bb
d6f2f82692cc25fb42aa8ceb5d090d20aefb7e89
cca5cb88d1654b84c87d693e86b2447c146d817426822ba65fb91962ae31344c
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-10/DSC08797.jpg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:43 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 04 Oct 2022 07:48:23 GMT
ETag: "4f89a-5ea30af3e9fc0"
Accept-Ranges: bytes
Content-Length: 325786
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:43 GMT
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: image/jpeg
tr.snapchat.com/cm/i?pid=0d708aef-c645-40c9-aa8c-2c46c8586a85&u_scsid=6afc5fe5-54ec-48df-8d94-ba12da9ac92d&u_sclid=849c43c9-f2ad-4e3d-805a-c3fd2591ef33
35.190.43.134200 OK 0 B URL HTTP/2 tr.snapchat.com/cm/i?pid=0d708aef-c645-40c9-aa8c-2c46c8586a85&u_scsid=6afc5fe5-54ec-48df-8d94-ba12da9ac92d&u_sclid=849c43c9-f2ad-4e3d-805a-c3fd2591ef33
IP 35.190.43.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/i?pid=0d708aef-c645-40c9-aa8c-2c46c8586a85&u_scsid=6afc5fe5-54ec-48df-8d94-ba12da9ac92d&u_sclid=849c43c9-f2ad-4e3d-805a-c3fd2591ef33 HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 10:56:43 GMT
content-type: text/html
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 0
x-envoy-upstream-service-time: 0
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 20834398a0fb13a001bb475358a5c340
27b62771a6d7009e3c482d7f2dbdd9ac12772a35
090ef938c34d136bcb5b608e8544993d0197ef468d242fcc1071d21d0c8d005d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6062
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Last-Modified: Thu, 09 Feb 2023 09:15:41 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
tr.snapchat.com/p
35.190.43.134200 OK 68 B IP 35.190.43.134:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
POST /p HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 451
Origin: http://165.22.20.44
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 10:56:43 GMT
access-control-allow-origin: *
cache-control: no-cache, no-transform
set-cookie: sc_at=v2|H4sIAAAAAAAAAAXBiQ0AIQgEwIpIVly+coh3VkHxznRAv6TLf02FZEtmQ45X6Uow7M4sDytCsQcPMNJ+fjIAAAA=;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
content-type: text/html
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 68
x-envoy-upstream-service-time: 4
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
165.22.20.44/libraries/slick/slick/ajax-loader.gif
165.22.20.44200 OK 4.2 kB URL HTTP/1.1 165.22.20.44/libraries/slick/slick/ajax-loader.gif
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 32 x 32\012- data
Hash c5cd7f5300576ab4c88202b42f6ded62
7a1aa43614396382bb15e5fde574d9cdcd21698f
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
Analyzer Verdict Alert quad9 Sinkholed
GET /libraries/slick/slick/ajax-loader.gif HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/libraries/slick/slick/slick-theme.css?rlhtdj
Cookie: _scid=12604d14-7100-4633-b18d-8c99280769d4
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:43 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "1052-5d6f22f57326f"
Accept-Ranges: bytes
Content-Length: 4178
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:43 GMT
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: image/gif
165.22.20.44/themes/custom/saudi_games/images/expand-circle-fill-green.svg
165.22.20.44200 OK 921 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/expand-circle-fill-green.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f1469fd1ab949f4405fd8876e7af6257
e173adeb2065e46bb83741e6ddd99010561839ec
1806a04d989b4f6759cefb2eece35717ea1c7196ab10d0651f0e3c270d1f819c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/expand-circle-fill-green.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:43 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 12:47:04 GMT
ETag: "399-5eb3a5f64ab37"
Accept-Ranges: bytes
Content-Length: 921
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:43 GMT
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: image/svg+xml
165.22.20.44/themes/custom/saudi_games/images/menu-lines.svg
165.22.20.44200 OK 731 B URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/menu-lines.svg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (428)
Hash 526717d38677ba24e9e3e454d3336e9a
42da43112ed70a992f1b5c128e1d6f5b38cc4d97
eb22342127c602de47fe29fade3654645b6aeacfd65ee223ab38f421a3deec11
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /themes/custom/saudi_games/images/menu-lines.svg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
Cookie: _scid=12604d14-7100-4633-b18d-8c99280769d4
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:43 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "2db-5d6f22f58bcfb"
Accept-Ranges: bytes
Content-Length: 731
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:43 GMT
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/svg+xml
analytics.tiktok.com/api/v2/pixel
23.36.79.17200 OK 0 B URL HTTP/2 analytics.tiktok.com/api/v2/pixel
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/pixel HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 761
Origin: http://165.22.20.44
Connection: keep-alive
Referer: http://165.22.20.44/
Cookie: _ttp=2LUyxVSdpGWQtSQdUM5sfbbV1Q3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 0
access-control-allow-origin: *
x-tt-logid: 2023020910564305D1B1400C128B39DC51
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60b294eb1ae32bfdb0da8bf1819280156a7cf07f79536b9bd03445ebfdd07703b762a74138472d4b940fdf2bb0f38ba381d0a6681f46d654ac14c44c530b295a30c3efdfc8f8514a7c5f387163243e23b2
expires: Thu, 09 Feb 2023 10:56:43 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 09 Feb 2023 10:56:43 GMT
x-cache: TCP_MISS from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=22, cdn-cache; desc=MISS, edge; dur=5, origin; dur=118
x-origin-response-time: 119,23.36.79.13
x-akamai-request-id: 126f6053
X-Firefox-Spdy: h2
165.22.20.44/themes/custom/saudi_games/images/partners-bg.jpg
165.22.20.44200 OK 442 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/partners-bg.jpg
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1728x859, components 3\012- data
Size 442 kB (441511 bytes)
Hash b89fe70cfcaf7c9b5a80413a8fabe174
5433f77bd632123584512b6a8ff2116ed4ab5ddd
c3af6da85dc99784880bf95d998cffd53e7e14776d4f92a965ad5d5d7f427652
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/images/partners-bg.jpg HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/themes/custom/saudi_games/css/partner.css?rlhtdj
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:43 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 12:46:04 GMT
ETag: "6bca7-5e94371cdd224"
Accept-Ranges: bytes
Content-Length: 441511
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:43 GMT
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: image/jpeg
analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC72UVRC77U3FDT2VBI0&lib=ttq
23.36.79.17200 OK 1.3 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC72UVRC77U3FDT2VBI0&lib=ttq
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2725)
Hash cdabfad12a8b149a080d700d105ce9d9
43f2b68507c67f2074a146451072e32121ad879b
a363724c80603c62804bfd8f48a45b0294a13d38b69f32c03e1808096952dddc
GET /i18n/pixel/events.js?sdkid=CC72UVRC77U3FDT2VBI0&lib=ttq HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Cookie: _ttp=2LUyxVSdpGWQtSQdUM5sfbbV1Q3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 202302091056438B154C3E2C27734A414F
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60b294eb1ae32bfdb0da8bf1819280156af0a004e0b85153fd500187f969a0d5f09b3cd96778741fa4c0c6f95330b26fb007ed57759525f477b3670e81ee3452cc21db3a2c5a2bf9ce678b954f02861bd6
content-encoding: gzip
expires: Thu, 09 Feb 2023 10:56:43 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 09 Feb 2023 10:56:43 GMT
content-length: 1334
x-cache: TCP_MISS from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
vary: Accept-Encoding
set-cookie: _ttp=2LUyxVSdpGWQtSQdUM5sfbbV1Q3; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=101
x-origin-response-time: 101,23.36.79.13
x-akamai-request-id: 126f63bf
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC72UVRC77U3FDT2VBI0&lib=ttq
23.36.79.17200 OK 1.3 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC72UVRC77U3FDT2VBI0&lib=ttq
IP 23.36.79.17:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2725)
Hash 5cda86c512502d235c0dab6a3a543a47
3c1b25798b4a05e1b31ed374c09348b0d391bb94
399aa089f3470151995abf98c2c9d34898199029927faa1e8208141e78dffb96
GET /i18n/pixel/events.js?sdkid=CC72UVRC77U3FDT2VBI0&lib=ttq HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Cookie: _ttp=2LUyxVSdpGWQtSQdUM5sfbbV1Q3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20230209105643C6B584093CF6910F8E3A
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf600abfded03f52e527228925ae696ca9b5a8f67d0f8133cc3590f6188a6cacb7d553bb33bb6bc268af73d6748d51a02d32a87b3aebf88430ae032a29766467a878b0d92c0e2ef2d20ddb6240fd72d0f8136cf8da89489984fde72170fc0c0e1f67
content-encoding: gzip
content-length: 1335
x-origin-response-time: 12,23.218.223.23
x-akamai-request-id: f8c89d7.126f63bd
expires: Thu, 09 Feb 2023 10:56:43 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 09 Feb 2023 10:56:43 GMT
x-cache: TCP_MISS from a23-36-79-13.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
vary: Accept-Encoding
set-cookie: _ttp=2LUyxVSdpGWQtSQdUM5sfbbV1Q3; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-cache-remote: TCP_MISS from a23-218-223-23.deploy.akamaitechnologies.com (AkamaiGHost/11.0.0-46340752) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=113, origin; dur=12, inner; dur=9
x-parent-response-time: 125,23.36.79.13
X-Firefox-Spdy: h2
165.22.20.44/themes/custom/saudi_games/images/colored-logo_0.png
165.22.20.44200 OK 22 kB URL HTTP/1.1 165.22.20.44/themes/custom/saudi_games/images/colored-logo_0.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 277 x 521, 8-bit/color RGBA, non-interlaced\012- data
Hash ff1b8dabe7be2c482fede27b155bc747
7881019518869892841e09b8ad0c6cd65f5ca713
47aa30124edaa94ca133bec41599c7605faa30029b13ac0176ab2d7e64102dd8
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/custom/saudi_games/images/colored-logo_0.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
Cookie: _scid=12604d14-7100-4633-b18d-8c99280769d4; _tt_enable_cookie=1; _ttp=L_HRIFwGuRBRklYhgaC482_Mgqt; _gcl_au=1.1.911224240.1675940262
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:43 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Tue, 01 Feb 2022 10:15:48 GMT
ETag: "5795-5d6f22f58b143"
Accept-Ranges: bytes
Content-Length: 22421
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:43 GMT
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: image/png
static.ads-twitter.com/uwt.js
151.101.84.157200 OK 15 kB URL HTTP/1.1 static.ads-twitter.com/uwt.js
IP 151.101.84.157:0
File type ASCII text, with very long lines (57596), with no line terminators
Hash 573e6a7f86f6f3063763360ef0672c01
b12eab3b4ac8872d49ac6e15f9cd17741765c0cf
02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7
GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 15375
Last-Modified: Thu, 27 Oct 2022 18:55:37 GMT
Cache-Control: no-cache
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
Accept-Ranges: bytes
Date: Thu, 09 Feb 2023 10:56:43 GMT
X-Served-By: cache-iad-kjyo7100147-IAD, cache-bma1656-BMA
X-Cache: HIT, HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6d5882eafc87e0fd208339050fb4a553
11505fa91a1395b6639120faef4d4350087af794
bed94db046ef3d739b6e1f8f63c9cdc1e42d8e2cb59606fb93902942c1cf8c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4278
Cache-Control: max-age=171200
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Etag: "63e4ba75-1d7"
Expires: Sat, 11 Feb 2023 10:30:03 GMT
Last-Modified: Thu, 09 Feb 2023 09:18:45 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.46200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.46:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 09 Feb 2023 09:45:20 GMT
expires: Thu, 09 Feb 2023 11:45:20 GMT
cache-control: public, max-age=7200
age: 4283
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10977461905/?random=1675940261954&cv=11&fst=1675940261954&bg=ffffff&guid=ON&async=1>m=45be3280&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&auid=911224240.1675940262&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.130200 OK 933 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10977461905/?random=1675940261954&cv=11&fst=1675940261954&bg=ffffff&guid=ON&async=1>m=45be3280&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&auid=911224240.1675940262&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (2177), with no line terminators
Hash 5acfa443527a10172e1565f1ed3391c9
7c41c855515c4d86e8a9c1e0a61f932a4b2130dd
96ea947a5d2621030c167b26a2ba97e363227bd2a4e78a1399ef4dac7a081e42
GET /pagead/viewthroughconversion/10977461905/?random=1675940261954&cv=11&fst=1675940261954&bg=ffffff&guid=ON&async=1>m=45be3280&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&auid=911224240.1675940262&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 10:56:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 933
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 09-Feb-2023 11:11:43 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.205.11200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.205.11:0
File type ASCII text, with very long lines (64348)
Hash dd1f85cc598419df61e254e53f9ec1ef
f86c0ee563f5b7a01e1d40b566f2bc184a32380f
c06f52b233c835b03292f39cb847507a03bb971066bf91341b58a580244398c0
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: wyCBiacChn1n05RH2QL58joacm5gCMtoK3YyomCWHflArUSs/jNhl+hFtG87v0pC+7mQslJHtTqp7g/D9Nhv6w==
priority: u=3,i
content-length: 27843
x-fb-trip-id: 1679558926
date: Thu, 09 Feb 2023 10:56:43 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10977461905/?random=1675940261973&cv=11&fst=1675940261973&bg=ffffff&guid=ON&async=1>m=45He3280&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&auid=911224240.1675940262&rfmt=3&fmt=4
142.250.74.130200 OK 909 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10977461905/?random=1675940261973&cv=11&fst=1675940261973&bg=ffffff&guid=ON&async=1>m=45He3280&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&auid=911224240.1675940262&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (2113), with no line terminators
Hash 81f82893cb0b097b97450e0de2bee41f
3f9e5e8f0c27b74a4045a325fbae5e7a379f351c
3afd789d490a54d1dc472039f9f132029fc1b1faa88b28c44beb0ba75b294673
GET /pagead/viewthroughconversion/10977461905/?random=1675940261973&cv=11&fst=1675940261973&bg=ffffff&guid=ON&async=1>m=45He3280&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&auid=911224240.1675940262&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 10:56:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 909
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 09-Feb-2023 11:11:43 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6d5882eafc87e0fd208339050fb4a553
11505fa91a1395b6639120faef4d4350087af794
bed94db046ef3d739b6e1f8f63c9cdc1e42d8e2cb59606fb93902942c1cf8c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4278
Cache-Control: max-age=171200
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Etag: "63e4ba75-1d7"
Expires: Sat, 11 Feb 2023 10:30:03 GMT
Last-Modified: Thu, 09 Feb 2023 09:18:45 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 44fc0cb48c26edb9ce36736707b9182a
62de7faa3e8171c0d38a2e03a604d2545a3ede7f
9e511ad6ed9e7c5f28f573422e3891d2f4e5c2ba5107f7eda808c529a95931a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash c5c5e0ecbb70bb707ed5f561b185c71d
ce7c4234fdda2e94449ee4895596c98e77dc297f
c84ca0f6094ee096974b4b150e854ebf5cbf706cae814734a9124114a22cb50c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2911
Cache-Control: max-age=98203
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Etag: "63e3a2a7-138"
Expires: Fri, 10 Feb 2023 14:13:26 GMT
Last-Modified: Wed, 08 Feb 2023 13:24:55 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash c5c5e0ecbb70bb707ed5f561b185c71d
ce7c4234fdda2e94449ee4895596c98e77dc297f
c84ca0f6094ee096974b4b150e854ebf5cbf706cae814734a9124114a22cb50c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2911
Cache-Control: max-age=98203
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Etag: "63e3a2a7-138"
Expires: Fri, 10 Feb 2023 14:13:26 GMT
Last-Modified: Wed, 08 Feb 2023 13:24:55 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 312
t.co/i/adsct?bci=3&eci=2&event_id=ee58287d-6d4f-4cec-ad28-7d2fb755a9d3&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29
104.244.42.69200 OK 43 B URL HTTP/2 t.co/i/adsct?bci=3&eci=2&event_id=ee58287d-6d4f-4cec-ad28-7d2fb755a9d3&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29
IP 104.244.42.69:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=ee58287d-6d4f-4cec-ad28-7d2fb755a9d3&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29 HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 10:56:42 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=f4d23d29-e602-496f-82eb-671107aaad76; Max-Age=63072000; Expires=Sat, 08 Feb 2025 10:56:43 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: a49dca6e686b867f
strict-transport-security: max-age=0
x-response-time: 103
x-connection-hash: 4c1aef9d17d902505da75fa381554522710c23ed238cfca31c3bf46f3b06dc95
X-Firefox-Spdy: h2
t.co/i/adsct?bci=3&eci=2&event_id=6e1e9637-ed68-47ef-bd71-ee7728e1d37c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29
104.244.42.69200 OK 43 B URL HTTP/2 t.co/i/adsct?bci=3&eci=2&event_id=6e1e9637-ed68-47ef-bd71-ee7728e1d37c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29
IP 104.244.42.69:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=6e1e9637-ed68-47ef-bd71-ee7728e1d37c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29 HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 10:56:42 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=736226d9-880f-4db6-902b-831621044ccb; Max-Age=63072000; Expires=Sat, 08 Feb 2025 10:56:43 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 42ff835c56152fff
strict-transport-security: max-age=0
x-response-time: 112
x-connection-hash: 4c1aef9d17d902505da75fa381554522710c23ed238cfca31c3bf46f3b06dc95
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4370
Expires: Thu, 09 Feb 2023 12:09:33 GMT
Date: Thu, 09 Feb 2023 10:56:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4370
Expires: Thu, 09 Feb 2023 12:09:33 GMT
Date: Thu, 09 Feb 2023 10:56:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce710ab5746832fe637fada3e6d63abf
d545c85d4a8cf92dc8b88db0a056623d1ef7a943
40bae4a2fb9dd60e9339d15ad0838f3ca83b5b6275c35cd22878b6783fcd6247
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ac74c9c-b95e-40f4-a5ca-7180c40cc241.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: 7e2b1875-ecf9-4ee9-8d5a-a911fdd28d16
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AColKGwOIAMFyqA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e42153-097b982244d3ad7b6f49a392;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 22:25:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Uvdg9MhYDsR9aC-s_chZDKp7_5RzhQfTwXZ0epZVW7TUVdrdADUEfQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 03:49:25 GMT
age: 25638
etag: "d545c85d4a8cf92dc8b88db0a056623d1ef7a943"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffa089b5-b6af-40bb-98d7-cfce928d0761.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffa089b5-b6af-40bb-98d7-cfce928d0761.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0e9c6d739031209088f6dbbf08f19e59
649a29bfcc9fa92c656231bad3ce41e88c4037a6
520f00562077664a006b427c200a9f3c42dbeba3fed67bdc61537e71adcf6fc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffa089b5-b6af-40bb-98d7-cfce928d0761.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9872
x-amzn-requestid: 62e9b3ff-7a27-4d74-90b0-ef7aeabaad39
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f53QlGE4oAMF53A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e09f36-79e1ef9f3c167abb05cfefd4;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 06:33:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: i887GcI8RbG4H_MBORz2PmKh4q33pZ2jLz1f4MZNbolHX4b9O_f-aw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 23:57:48 GMT
age: 39535
etag: "649a29bfcc9fa92c656231bad3ce41e88c4037a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4370
Expires: Thu, 09 Feb 2023 12:09:33 GMT
Date: Thu, 09 Feb 2023 10:56:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4370
Expires: Thu, 09 Feb 2023 12:09:33 GMT
Date: Thu, 09 Feb 2023 10:56:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y-1zzLzVegi0T-SAyTpUuFD6iVVYbuL5u71dc74BY2l7PrxVu-am5w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
age: 48126
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fa3b80f6c5e48935acba628afd26f4ce
f69397ac7d88fc285d79b1a17ec28340c8a5c564
6019b3d5a40f38c020b87c2bc5d25b3646b7cccd3bf005f835cb74b46869100d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6019B3D5A40F38C020B87C2BC5D25B3646B7CCCD3BF005F835CB74B46869100D"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4370
Expires: Thu, 09 Feb 2023 12:09:33 GMT
Date: Thu, 09 Feb 2023 10:56:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 95081172f8e19d19921acc802488e019
8531c150cb11de44361a95624b11cf46b9e0ba02
7a2d8f012c7d590f3f39ad834d4f3f9fb729143b7395bc588bd608b5bdee039b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8db31dc-3366-48e5-8c4b-ebe994dd40ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15019
x-amzn-requestid: 574e3e2c-2fbe-4215-9500-021147338832
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f583LHiioAMFqkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a82d-4f12aac524c39f822ca4f422;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:11:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _3jIo3Giw3zmTmnSkJArAllT6uigN7EEzLPfkGpd6168_mSdqdk_Cg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 12:41:28 GMT
age: 80115
etag: "8531c150cb11de44361a95624b11cf46b9e0ba02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ead57d-06ef-4e5b-9d45-4c0ed94ff0f7.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ead57d-06ef-4e5b-9d45-4c0ed94ff0f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa8bb3f20238f62a7a6ebb5d0985192a
f6b3839bfb0cf51d63e9eff2de402495906cd19b
db5ad61fdd000a13b6c8952d1614a6ab18e5f7104270d6471df96f773dacf4e4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75ead57d-06ef-4e5b-9d45-4c0ed94ff0f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 92d41e06-632b-43f9-828e-268bc024875c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ACiGuESYIAMFc_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e416f7-599e0f7d327a69921d447f7e;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:41:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ouX4yFdSvKvEUowCAqs8iTO2SOZuEFa2dGuMDeb_pygK0DbvS8XlHg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:10:46 GMT
age: 45957
etag: "f6b3839bfb0cf51d63e9eff2de402495906cd19b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 84889b914548f7820766f27a40699cfa
bc674cdb5819759b5ecd5aabfde47f56127f5d89
e2a69fe4edd028d00a8a744b62ef51dada2aff144da0cd9813efc887a11f70a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 84889b914548f7820766f27a40699cfa
bc674cdb5819759b5ecd5aabfde47f56127f5d89
e2a69fe4edd028d00a8a744b62ef51dada2aff144da0cd9813efc887a11f70a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GnbG_CYddidhGlygFinwMyN81eHxP_vRzxsm7QBIAJzFqwaKTt-POQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:44 GMT
age: 48119
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 22a107f9c4d1c04b4c311c891b5ee090
5fd96275cce5ac25c2a6c3c1c2a1fb729caec0c6
d23d92574a8f9494a4b4d223512ebaffaf05c9ddb89003e22913a9c078c667ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4519
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Last-Modified: Thu, 09 Feb 2023 09:41:24 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 22a107f9c4d1c04b4c311c891b5ee090
5fd96275cce5ac25c2a6c3c1c2a1fb729caec0c6
d23d92574a8f9494a4b4d223512ebaffaf05c9ddb89003e22913a9c078c667ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3891
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:43 GMT
Last-Modified: Thu, 09 Feb 2023 09:51:52 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 313
www.google.no/pagead/1p-user-list/10977461905/?random=1675940261973&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45He3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&fmt=3&is_vtc=1&random=915824179&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10977461905/?random=1675940261973&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45He3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&fmt=3&is_vtc=1&random=915824179&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10977461905/?random=1675940261973&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45He3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&fmt=3&is_vtc=1&random=915824179&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 10:56:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/10977461905/?random=1675940261973&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45He3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&fmt=3&is_vtc=1&random=915824179&rmt_tld=0&ipr=y
142.250.74.4200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/10977461905/?random=1675940261973&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45He3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&fmt=3&is_vtc=1&random=915824179&rmt_tld=0&ipr=y
IP 142.250.74.4:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10977461905/?random=1675940261973&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45He3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&fmt=3&is_vtc=1&random=915824179&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 10:56:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/10977461905/?random=1675940261954&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45be3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2886875804&rmt_tld=0&ipr=y
142.250.74.4200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/10977461905/?random=1675940261954&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45be3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2886875804&rmt_tld=0&ipr=y
IP 142.250.74.4:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10977461905/?random=1675940261954&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45be3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2886875804&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 10:56:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/10977461905/?random=1675940261954&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45be3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2886875804&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10977461905/?random=1675940261954&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45be3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2886875804&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10977461905/?random=1675940261954&cv=11&fst=1675936800000&bg=ffffff&guid=ON&async=1>m=45be3280&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2F165.22.20.44%2F&tiba=%D8%A7%D9%84%D8%B5%D9%81%D8%AD%D8%A9%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9%20%7C%20%D8%A7%D9%84%D8%A3%D9%84%D8%B9%D8%A7%D8%A8%20%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A%D8%A9&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2886875804&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 10:56:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-242801499-1&cid=1361774542.1675940262&jid=986897535&gjid=1192461296&_gid=1190150858.1675940262&_u=YEDAAUABAAAAACAAI~&z=1340242300
64.233.163.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-242801499-1&cid=1361774542.1675940262&jid=986897535&gjid=1192461296&_gid=1190150858.1675940262&_u=YEDAAUABAAAAACAAI~&z=1340242300
IP 64.233.163.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-242801499-1&cid=1361774542.1675940262&jid=986897535&gjid=1192461296&_gid=1190150858.1675940262&_u=YEDAAUABAAAAACAAI~&z=1340242300 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://165.22.20.44
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://165.22.20.44
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 09 Feb 2023 10:56:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Feb 2023 10:05:58 GMT
expires: Fri, 09 Feb 2024 10:05:58 GMT
cache-control: public, max-age=31536000
age: 3046
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Feb 2023 03:13:01 GMT
expires: Fri, 09 Feb 2024 03:13:01 GMT
cache-control: public, max-age=31536000
age: 27823
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=6e1e9637-ed68-47ef-bd71-ee7728e1d37c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29
104.244.42.131200 OK 43 B URL HTTP/2 analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=6e1e9637-ed68-47ef-bd71-ee7728e1d37c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29
IP 104.244.42.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=6e1e9637-ed68-47ef-bd71-ee7728e1d37c&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 10:56:43 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_BuK1k84UhGU7RvyU+h+Hrg=="; Max-Age=63072000; Expires=Sat, 08 Feb 2025 10:56:44 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: dd72cf90c53fd29b
strict-transport-security: max-age=631138519
x-response-time: 103
x-connection-hash: 5432b28b946a1a15237419748c80bec62af1ef7668ea5404f81a0fb7d90811b6
X-Firefox-Spdy: h2
analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=ee58287d-6d4f-4cec-ad28-7d2fb755a9d3&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29
104.244.42.131200 OK 43 B URL HTTP/2 analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=ee58287d-6d4f-4cec-ad28-7d2fb755a9d3&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29
IP 104.244.42.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=ee58287d-6d4f-4cec-ad28-7d2fb755a9d3&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=b0782f50-d69e-453e-8ab5-fa02a6a88b92&tw_document_href=http%3A%2F%2F165.22.20.44%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=oc7s2&type=javascript&version=2.3.29 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 10:56:43 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_IU2BJEmWXbHCq9TMvIwF1Q=="; Max-Age=63072000; Expires=Sat, 08 Feb 2025 10:56:44 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: b0f4d886ed66896f
strict-transport-security: max-age=631138519
x-response-time: 103
x-connection-hash: 5432b28b946a1a15237419748c80bec62af1ef7668ea5404f81a0fb7d90811b6
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f30ebb7855430e77d7f7e78185824905
f833d3fbb268c2d0b289b8af527a13ea6ab3535d
ecf61ddf953eab9c7889a0b5e697364bed9f8fee9f7be3c3d13258542c858354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.166200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.166:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Feb 2023 10:50:50 GMT
expires: Thu, 09 Feb 2023 11:05:50 GMT
cache-control: public, max-age=900
age: 354
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 09 Feb 2023 10:56:44 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f30ebb7855430e77d7f7e78185824905
f833d3fbb268c2d0b289b8af527a13ea6ab3535d
ecf61ddf953eab9c7889a0b5e697364bed9f8fee9f7be3c3d13258542c858354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash e841082b3ff6fc371ce18a68ee740492
e89e2a79ccd80374cd9d7dcc4b1b10140eecf05f
7f8414179a7813907db646fc23ec63d74affe04b295b0886bc853bd5a7a39551
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 09 Feb 2023 10:56:44 GMT
server: ESF
cache-control: private
content-length: 31011
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 433af7e1e2f0f14adb78a739bbae1832
fab933db47af9ab3f4f86befee579ac9972b82fd
a6be621f8cdc57bd55a8e73ff58a34b6a816eb558cb88b49cc031222042f82a0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AL5GRJWrAsciOQjGoAONuIZaCHwXSCPTl9XOEZAphAZivg=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 2.0 kB URL HTTP/2 yt3.ggpht.com/ytc/AL5GRJWrAsciOQjGoAONuIZaCHwXSCPTl9XOEZAphAZivg=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 3d38485032a2ee21cba8d51d5899de9c
b7fc87255fef6fbd3c4a21b78b96cdb74ad9ed27
41148fad19ee44f3162076d0de3166afb4ad95876541ecfa87a13b4926b1ed94
GET /ytc/AL5GRJWrAsciOQjGoAONuIZaCHwXSCPTl9XOEZAphAZivg=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 2016
x-xss-protection: 0
date: Thu, 09 Feb 2023 07:05:16 GMT
expires: Fri, 27 Jan 2023 05:09:19 GMT
cache-control: public, max-age=86400, no-transform
age: 13888
etag: "v136"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 433af7e1e2f0f14adb78a739bbae1832
fab933db47af9ab3f4f86befee579ac9972b82fd
a6be621f8cdc57bd55a8e73ff58a34b6a816eb558cb88b49cc031222042f82a0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.42200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Thu, 09 Feb 2023 10:56:45 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.42200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with no line terminators
Hash ed49c8dbe11fe3dc3b4042cd45979041
a96b4257c464db79c9de1cc7b22f93c48838b383
5b77f71cc8b35b22b4bc479fcf3abb6ff1f36d58ffce4af9e4e6615794af0d67
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1002
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Thu, 09 Feb 2023 10:56:45 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da7ec6cdfb8eb8618e25bd1233622b0e
fa69c0711b2ad58b96ffbcaa8c1c8e617415712d
39ea51794254bafd67a8070483a664e61f63d5a7b15b8b083a109564641c11ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da7ec6cdfb8eb8618e25bd1233622b0e
fa69c0711b2ad58b96ffbcaa8c1c8e617415712d
39ea51794254bafd67a8070483a664e61f63d5a7b15b8b083a109564641c11ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/BvEVRuIo_kA/hqdefault.jpg?sqp=-oaymwEmCOADEOgC8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGFsgZShYMA8=&rs=AOn4CLDivXKiZRkGmM3wt2Qp6vBRYB2P0Q
142.250.74.150200 OK 27 kB URL HTTP/2 i.ytimg.com/vi/BvEVRuIo_kA/hqdefault.jpg?sqp=-oaymwEmCOADEOgC8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGFsgZShYMA8=&rs=AOn4CLDivXKiZRkGmM3wt2Qp6vBRYB2P0Q
IP 142.250.74.150:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 480x360, components 3\012- data
Hash dcd51d2baa509ec1e008a9f692894519
510a41b49ca3153895c6ec1d8960e569bd0670ba
faa76701cc54d1624a86101abbad391f089198af16c1d9276718086bec13ad92
GET /vi/BvEVRuIo_kA/hqdefault.jpg?sqp=-oaymwEmCOADEOgC8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGFsgZShYMA8=&rs=AOn4CLDivXKiZRkGmM3wt2Qp6vBRYB2P0Q HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 27262
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Feb 2023 09:34:10 GMT
expires: Thu, 09 Feb 2023 11:34:10 GMT
cache-control: public, max-age=7200
age: 4955
etag: "0"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
i.ytimg.com/vi_webp/dxTSSeFGPxk/hqdefault.webp
142.250.74.150200 OK 22 kB URL HTTP/2 i.ytimg.com/vi_webp/dxTSSeFGPxk/hqdefault.webp
IP 142.250.74.150:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f096ab709c867877bd82957adc3e4ec6
1d0ed97769633e7b01dc984e83e7f490bd0309b1
9554f659c6dec6f2bec8029690424b06111da1d8cdeeb6b0b9172255e9e2f6bf
GET /vi_webp/dxTSSeFGPxk/hqdefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 22334
date: Thu, 09 Feb 2023 10:56:45 GMT
expires: Thu, 09 Feb 2023 12:56:45 GMT
cache-control: public, max-age=7200
etag: "0"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da7ec6cdfb8eb8618e25bd1233622b0e
fa69c0711b2ad58b96ffbcaa8c1c8e617415712d
39ea51794254bafd67a8070483a664e61f63d5a7b15b8b083a109564641c11ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 10:56:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/iframe_api
142.250.74.142200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.142:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Thu, 09 Feb 2023 10:56:43 GMT
date: Thu, 09 Feb 2023 10:56:43 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=OkNEdYQZfrk; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=x6GHVS30DKM; Domain=.youtube.com; Expires=Tue, 08-Aug-2023 10:56:43 GMT; Path=/; Secure; HttpOnly; SameSite=none
DEVICE_INFO=ChxOekU1T0RFd09ETTJNamcyTWpRd09UTTBNZz09EOuik58GGOuik58G; Domain=.youtube.com; Expires=Tue, 08-Aug-2023 10:56:43 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+589; expires=Sat, 08-Feb-2025 10:56:43 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
165.22.20.44/sites/default/files/2022-10/MapMotion%20-%20Final.gif
165.22.20.44200 OK 0 B URL HTTP/1.1 165.22.20.44/sites/default/files/2022-10/MapMotion%20-%20Final.gif
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-10/MapMotion%20-%20Final.gif HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Oct 2022 14:05:04 GMT
ETag: "2f54fb-5eb3b764e6400"
Accept-Ranges: bytes
Content-Length: 3101947
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/gif
165.22.20.44/sites/default/files/2022-09/UFM%20LOGO.png
165.22.20.44200 OK 0 B URL HTTP/1.1 165.22.20.44/sites/default/files/2022-09/UFM%20LOGO.png
IP 165.22.20.44:0
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert quad9 Sinkholed
GET /sites/default/files/2022-09/UFM%20LOGO.png HTTP/1.1
Host: 165.22.20.44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://165.22.20.44/
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 10:56:42 GMT
Server: Apache/2.4.37 (centos)
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Sep 2022 14:18:26 GMT
ETag: "1f64e-5e944bc139080"
Accept-Ranges: bytes
Content-Length: 128590
Cache-Control: max-age=1209600
Expires: Thu, 23 Feb 2023 10:56:42 GMT
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: image/png
tr.snapchat.com/config/44/0d708aef-c645-40c9-aa8c-2c46c8586a85.js
35.190.43.134200 OK 0 B URL HTTP/2 tr.snapchat.com/config/44/0d708aef-c645-40c9-aa8c-2c46c8586a85.js
IP 35.190.43.134:0
GET /config/44/0d708aef-c645-40c9-aa8c-2c46c8586a85.js HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://165.22.20.44
Connection: keep-alive
Referer: http://165.22.20.44/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 10:56:43 GMT
access-control-allow-origin: http://165.22.20.44
content-type: application/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time: 0
content-encoding: gzip
vary: Accept-Encoding
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2