thirsty.agency/
301 Moved Permanently 162 B IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Location: https://thirsty.agency/
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
X-FW-Server: Flywheel/5.1.0
X-FW-Hash: ri0siomphr
X-FW-Version: 5.0.0
Server: Flywheel/5.1.0
Accept-Ranges: bytes
Date: Wed, 30 Nov 2022 13:23:58 GMT
X-Served-By: cache-bma1674-BMA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1669814638.429037,VS0,VE2
Vary: Authorization
X-FW-Serve: TRUE
X-FW-Static: NO
X-FW-Type: VISIT
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18314
Expires: Wed, 30 Nov 2022 18:29:12 GMT
Date: Wed, 30 Nov 2022 13:23:58 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6123
Cache-Control: max-age=168564
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 13:23:58 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 12:13:22 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 13:19:41 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 257
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5721
Expires: Wed, 30 Nov 2022 14:59:19 GMT
Date: Wed, 30 Nov 2022 13:23:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: HSiL06uxjYKxUVq2F2azUB0vg6igRkg3mSOLEKHs2ZtNN2DcISusGU+IWKENGvujg2gOJzIVdac=
x-amz-request-id: Q47MMNNY82SS25HF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 12:45:14 GMT
age: 2324
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 13:23:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cacc6c39529759f1909694374b54990e
741e70fed4f13f51dcc295025da918b7dc8c5739
ffd84ad52553414fe9575f4e33ab1f7463251c31692594983d2ade47392545dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FFD84AD52553414FE9575F4E33AB1F7463251C31692594983D2ADE47392545DD"
Last-Modified: Wed, 30 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 30 Nov 2022 19:23:58 GMT
Date: Wed, 30 Nov 2022 13:23:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 13:08:56 GMT
cache-control: public,max-age=3600
age: 903
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
thirsty.agency/
200 OK 18 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (9381)
Hash c97f7752c1625c2da277e62f27c59c51
c0b621986711f614fd7830535d0446104fa031f2
895e201c33aacdde9e0f7565178e4c300c7410900de5dde5cc432c40721168ef
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://thirsty.agency/wp-json/>; rel="https://api.w.org/", <https://thirsty.agency/wp-json/wp/v2/pages/8327>; rel="alternate"; type="application/json", <https://thirsty.agency/>; rel=shortlink
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-dynamic: TRUE
x-fw-hash: ri0siomphr
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: NO:Not Cacheable
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669814639.889018,VS0,VE364
vary: Accept-Encoding
x-fw-serve: TRUE
x-fw-static: NO
x-fw-type: VISIT
content-length: 18445
X-Firefox-Spdy: h2
thirsty.agency/wp-content/plugins/loftloader-pro/assets/css/loftloader.min.css?ver=2020081201
200 OK 8.0 kB URL HTTP/2 thirsty.agency/wp-content/plugins/loftloader-pro/assets/css/loftloader.min.css?ver=2020081201
IP
File type ASCII text, with very long lines (64442), with no line terminators
Hash a5e4528e72ebeb0f443240c8c1b1900d
42e66cdea9e2f2918b72a11a476357394ed44c17
bcd12cb5379379131c5cb55183f80a5584e1616e23ab1363fbad179ec19f97da
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/loftloader-pro/assets/css/loftloader.min.css?ver=2020081201 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 01 Aug 2022 02:22:17 GMT
etag: W/"62e738d9-fbba"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.461420,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8022
X-Firefox-Spdy: h2
thirsty.agency/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
200 OK 15 kB URL HTTP/2 thirsty.agency/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
File type ASCII text, with very long lines (47826)
Hash 494d5da4270464f0f04720e2d2274891
aa632853200ab33d1ac163033782a89b35ab74a5
4db474d81bc40165336350d9d3de98277cc7c49aa4d9096d451255749e99595b
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 15 Nov 2022 20:31:33 GMT
etag: W/"6373f725-172a9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ri0siomphr
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.462044,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 14912
X-Firefox-Spdy: h2
thirsty.agency/wp-includes/css/classic-themes.min.css?ver=1
200 OK 189 B URL HTTP/2 thirsty.agency/wp-includes/css/classic-themes.min.css?ver=1
IP
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 15 Nov 2022 20:31:33 GMT
etag: W/"6373f725-d9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ri0siomphr
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.462491,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 189
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty-child/style.css?ver=1.1.8
200 OK 4.4 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty-child/style.css?ver=1.1.8
IP
File type ASCII text, with very long lines (3048)
Hash f4a12fcec416b7088ef6e8778dcb4f7d
0c33ebecf7193bc7aeeddb6e22c90c4d35598213
3d6c0a788d5f238269903fd6713619ffba7f6d2609b2e6621c7c99995b12cbf3
GET /wp-content/themes/thirsty-child/style.css?ver=1.1.8 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 15 Aug 2022 19:43:30 GMT
etag: W/"62faa1e2-515e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.463756,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4386
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty/style.css?ver=6.1.1
200 OK 65 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty/style.css?ver=6.1.1
IP
File type Unicode text, UTF-8 text, with very long lines (1357)
Hash cc4b190eb093f30cf99de4d1cce40f77
f650d25bb7e6fbc2e128230f2e676f2a87c462a0
738f4d79e9c7208097be39de30b45aea67ba9cea9bc61a532cf3b03bed91a67e
GET /wp-content/themes/thirsty/style.css?ver=6.1.1 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 01 Aug 2022 02:22:45 GMT
etag: W/"62e738f5-57906"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.463293,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 64794
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty-child/style.css?ver=6.1.1
200 OK 4.4 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty-child/style.css?ver=6.1.1
IP
File type ASCII text, with very long lines (3048)
Hash f4a12fcec416b7088ef6e8778dcb4f7d
0c33ebecf7193bc7aeeddb6e22c90c4d35598213
3d6c0a788d5f238269903fd6713619ffba7f6d2609b2e6621c7c99995b12cbf3
GET /wp-content/themes/thirsty-child/style.css?ver=6.1.1 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 15 Aug 2022 19:43:30 GMT
etag: W/"62faa1e2-515e"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.465268,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4386
X-Firefox-Spdy: h2
thirsty.agency/wp-content/plugins/the-grid/frontend/assets/css/the-grid.min.css?ver=2.7.9.1
200 OK 8.7 kB URL HTTP/2 thirsty.agency/wp-content/plugins/the-grid/frontend/assets/css/the-grid.min.css?ver=2.7.9.1
IP
File type ASCII text, with very long lines (43866), with no line terminators
Hash 5fee19ec75ac9dde2cac5dee80028748
357b5da0584fe3ae090df9fa7b5d13db13910f16
b3f9250126439ee6f6e52d33cf2acce2c510393b3865adadcea7a8cb4cee7dfa
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/the-grid/frontend/assets/css/the-grid.min.css?ver=2.7.9.1 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 01 Aug 2022 02:22:27 GMT
etag: W/"62e738e3-ab5a"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.466647,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8701
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty-child/fonts/fonts.css?ver=6.1.1
200 OK 625 B URL HTTP/2 thirsty.agency/wp-content/themes/thirsty-child/fonts/fonts.css?ver=6.1.1
IP
Hash 8ef9f7a763a99e2ad6672ad6e6c0e044
85f377280b1ff0b7de38eb2869e4fa30086e5988
666f6cf3484963924ecfc7fbbb41311c33cb2a360e30e09972f5aee2979dd79f
GET /wp-content/themes/thirsty-child/fonts/fonts.css?ver=6.1.1 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 01 Aug 2022 02:22:45 GMT
etag: W/"62e738f5-13b3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.465913,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 625
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty/js/custom-fonts.js
200 OK 308 B URL HTTP/2 thirsty.agency/wp-content/themes/thirsty/js/custom-fonts.js
IP
Hash 98731c3f32f42a00a12af7e99f4ee2f0
5b96ed2ce0be267b430bba596d9d629ba1f02da6
208bca7e516355181eea23b5a9bcb6280ce5931702bda89ae4ea3959c6b3d473
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty/js/custom-fonts.js HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:48 GMT
etag: W/"62e738f8-2f2"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.471157,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 308
X-Firefox-Spdy: h2
thirsty.agency/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
200 OK 34 kB URL HTTP/2 thirsty.agency/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
File type ASCII text, with very long lines (65447)
Hash 0f9984c60ff89c58395cad7c309f7baf
5f44ff87ee19e1427a7dfcfb079ab88273e2af1f
0dddffc97ab66c2cf2dd615f7f6ca217b8f8eadaa4e8224c2c7d4447878444e7
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 20:31:33 GMT
etag: W/"6373f725-15e54"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ri0siomphr
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.471264,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 34161
X-Firefox-Spdy: h2
thirsty.agency/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 4.4 kB URL HTTP/2 thirsty.agency/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
File type ASCII text, with very long lines (11126)
Hash 24957bc8161f979c6e661f46fdc3974f
fa1237ffe8b3745baa78ac481239038e133fcc17
46acf87c90961d413ac24eace25b77a8d5236daf38799fec2daf0bc350cc6ebe
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 20:31:33 GMT
etag: W/"6373f725-2bd8"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ri0siomphr
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.471237,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4405
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6116
Cache-Control: max-age=163488
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 13:23:59 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:48:47 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
thirsty.agency/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/nextend-gsap.min.js?ver=a96b01e9
200 OK 38 kB URL HTTP/2 thirsty.agency/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/nextend-gsap.min.js?ver=a96b01e9
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 76d9730df0b9149e166f50e9aeeb0329
2f343b7a25694127c8b45395b324291cda407e3e
a06e11a9034354f2d8f535519a90e6d33cb612adbdea6169e07f85690899e89b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/nextend-gsap.min.js?ver=a96b01e9 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:16 GMT
etag: W/"62e738d8-184cb"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.471998,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 37922
X-Firefox-Spdy: h2
thirsty.agency/wp-content/uploads/2020/09/t-dot-white.svg
200 OK 535 B URL HTTP/2 thirsty.agency/wp-content/uploads/2020/09/t-dot-white.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text
Hash 945e729213a8c2c477022356225e03c9
187c20fd01e79c68df6d826f56ca65a0f39c8ea6
7169fb25258bfcd4c0f4b40a08b1cf8179e01110429bd3fa4b374772dd65a1c6
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2020/09/t-dot-white.svg HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Mon, 01 Aug 2022 02:22:57 GMT
etag: W/"62e73901-458"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.475232,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 535
X-Firefox-Spdy: h2
thirsty.agency/wp-includes/js/imagesloaded.min.js?ver=4.1.4
200 OK 1.9 kB URL HTTP/2 thirsty.agency/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP
File type ASCII text, with very long lines (5477)
Hash fcf12c7d3f5778470877aff26bdb3040
b8cc6b30eb49ef014651e6f22e4a33b74a3fde1e
2b6a1c6d97acd8b8f1460d8e4acbac8f911aa950c482ab794888f40c63fb2d6f
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 20:31:33 GMT
etag: W/"6373f725-15fd"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ri0siomphr
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.476413,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1946
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/Flowtype.js/1.1.0/flowtype.min.js
200 OK 202 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/Flowtype.js/1.1.0/flowtype.min.js
IP
File type ASCII text, with very long lines (388), with no line terminators
Hash ca4204899eafbc313e7fa63d80208eee
2ed2a146a2ff1642eab25086d37621a2835444eb
ca56ab758207e7658ad1bdb2ab320d0411052d4b5ab3f9125f9a408f114c0685
GET /ajax/libs/Flowtype.js/1.1.0/flowtype.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thirsty.agency/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 13:23:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 202
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03cee-184"
last-modified: Mon, 04 May 2020 16:03:58 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15260632
expires: Mon, 20 Nov 2023 13:23:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RFu4KcxraTpsXXKfdgP1UaDkZli8ossLLSrzfGjkfKsAgHk18gUtV4w7z3I%2F9FYUFAvAuzzIO%2BZRvOK0CS0yenaXtQMjG8dM7IdEaRTYiq%2F%2FT9P7PEKCYirvpXfyq4WuKVlHKIPK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7723e699587bb4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty/js/vendor/flickity.pkgd.min.js
200 OK 16 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty/js/vendor/flickity.pkgd.min.js
IP
File type ASCII text, with very long lines (32020)
Hash a6d07891867bf514c60ec8a62b37bec9
b2976119f17e469e869c0cf94446eab89e63b01d
4dd972150875fdf5505c2105e44ce72a2f517191bbd2f51e260e952e097c896c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty/js/vendor/flickity.pkgd.min.js HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:48 GMT
etag: W/"62e738f8-d7c9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.476519,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 15688
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty/js/vendor/isotope.pkgd.min.js
200 OK 11 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty/js/vendor/isotope.pkgd.min.js
IP
File type ASCII text, with very long lines (32019)
Hash 4b2f760bebb24a292e7e0c45fd5e65ee
05d124f4ac49b475a0d8409324e3cbf7579b8144
f5333b88b9f08cca909b344b34019fa0dd311a3feb8da5fd8709737286eeb25e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty/js/vendor/isotope.pkgd.min.js HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:48 GMT
etag: W/"62e738f8-8a75"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.476679,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 10930
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty/js/vendor/jquery.fancybox.pack.js
200 OK 16 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty/js/vendor/jquery.fancybox.pack.js
IP
File type HTML document, Unicode text, UTF-8 text, with very long lines (32085)
Hash c31bd4b6121be5c94cf841faba06b803
1343d4321a62cbd9d694c16177728550159543c3
b2ec5bf6f7d484f8f04a77b469cab206bd57d6e33b2ca34b0a3d89461fe39e61
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty/js/vendor/jquery.fancybox.pack.js HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:48 GMT
etag: W/"62e738f8-b1ce"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.476888,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 16175
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty/js/vendor/lazysizes.min.js
200 OK 5.5 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty/js/vendor/lazysizes.min.js
IP
File type ASCII text, with very long lines (6649)
Hash d44e44b9dff05e059732bf535b4750c2
7db7d3f581ce53c9e3ccfc91951356eb96771527
9d95d8e4955609eb0613afe7d7aaa53f266558a8cb83b9eb16d3e03527f4985c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty/js/vendor/lazysizes.min.js HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:48 GMT
etag: W/"62e738f8-30d4"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.477631,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5478
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/gsap/3.5.1/gsap.min.js
200 OK 22 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/gsap/3.5.1/gsap.min.js
IP
File type ASCII text, with very long lines (60805)
Hash 3a9ac5b693abccb6ff1f7cbc1cdb3e7a
f3d0b8e789ff9600708834a210e90ad51cceb4dd
ebb6e07ed703530e814c3288cb93b60da2a03a040edef85edc88789cc175aac2
GET /ajax/libs/gsap/3.5.1/gsap.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thirsty.agency/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 13:23:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 21845
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f46ecc0-eeae"
last-modified: Wed, 26 Aug 2020 23:14:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 9743515
expires: Mon, 20 Nov 2023 13:23:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EbSB4FbnY5Qy4woV8MV%2Fj6m8Tdlek6ceS4zRtK7ZwslJkPH1Qgp%2BVFfQUTa7W8GhAb4WYd4xcL35%2BDo4cUuRr%2FMVs0FftpM5FJgf7T1uYp%2B1UkpZSGcpeibKmgUdAffPgnhYbDFk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7723e6996890b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty/js/vendor/packery-mode.pkgd.min.js
200 OK 4.5 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty/js/vendor/packery-mode.pkgd.min.js
IP
File type ASCII text, with very long lines (13554)
Hash d93e0482f807bc7435077fb21dad74ac
51744b3c2ecffe93772c4db6add968e6f6b9dc8d
4906d9e7c0239ed962c7fa8a66f4ac1492b032904e4421f1476bc58f0664eda3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty/js/vendor/packery-mode.pkgd.min.js HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:48 GMT
etag: W/"62e738f8-3539"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.478418,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4459
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty/js/vendor/hammer.min.js
200 OK 8.2 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty/js/vendor/hammer.min.js
IP
File type ASCII text, with very long lines (20581)
Hash 6131286c1113467547de88af990ce62f
c956b3adbbcb7a630314b55d874f55ae54611d2a
074cf3c5ba6bc9c1bf15f21ea214bacb12ac76b6cd5fab8938e0fa865800c6d2
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty/js/vendor/hammer.min.js HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:48 GMT
etag: W/"62e738f8-54d3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.479302,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8163
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 0f6a5643bab31f69c3efcc184522fb28
ab25a7973bc389db5f7f3118fd991625af4fc51a
eaa7763ccbacfb0d63bb812497643fa785fe47172bfe8db9d3af115d915815f0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6160
Cache-Control: max-age=98025
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 13:23:59 GMT
Etag: "63861d48-117"
Expires: Thu, 01 Dec 2022 16:37:44 GMT
Last-Modified: Tue, 29 Nov 2022 14:55:04 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
thirsty.agency/wp-content/uploads/2020/09/full-white.svg
200 OK 1.3 kB URL HTTP/2 thirsty.agency/wp-content/uploads/2020/09/full-white.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (965)
Hash eea1122da7d3314b63424d7634d54b21
f7cb7be2d0b1f934daef920cff09a5da71d492c1
4ac38760e62939c631cd535925dc2a875c98f1be44aa0c7bedd08dc3105fd5a7
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2020/09/full-white.svg HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Mon, 01 Aug 2022 02:22:55 GMT
etag: W/"62e738ff-d33"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.474326,VS0,VE7
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
access-control-allow-origin: *
x-fw-type: VISIT
content-length: 1326
X-Firefox-Spdy: h2
thirsty.agency/wp-content/plugins/loftloader-pro/assets/js/loftloader.min.js?ver=2020081201
200 OK 3.7 kB URL HTTP/2 thirsty.agency/wp-content/plugins/loftloader-pro/assets/js/loftloader.min.js?ver=2020081201
IP
File type HTML document, ASCII text, with very long lines (12359), with no line terminators
Hash 2d347de762dba86edf6bfde7a4746965
f5a0e0113e18bb7a15ac15a71adc88152549b3ea
c786db1a80abf099e90c990975d0ee2b11e8610d062c8463703cfb72b1393e90
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/loftloader-pro/assets/js/loftloader.min.js?ver=2020081201 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:17 GMT
etag: W/"62e738d9-3047"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.488054,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3690
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty/js/main-build.js
200 OK 29 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty/js/main-build.js
IP
File type ASCII text, with very long lines (2659)
Hash 1cfe7cef70ec39d2f31abf9937cb3f70
96f3dd5fedaed45e8435e3a5687ce92b0a07f910
98f96c6a65fbcf8171ea40130d8fa767e3fc82e92c2747b4615edc43a369b7b0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty/js/main-build.js HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:48 GMT
etag: W/"62e738f8-18c8d"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.488090,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 28805
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty-child/js/demo.js
200 OK 602 B URL HTTP/2 thirsty.agency/wp-content/themes/thirsty-child/js/demo.js
IP
Hash aa80f43d1ac01ba1c28283921e152d2a
778f10f847aa4334b4e94fe5463745b075e14d7b
e8d7f802a82ac509b48e7760013176dae5dd844d090cce55d3683cf979da8aed
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty-child/js/demo.js HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:45 GMT
etag: W/"62e738f5-4e4"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814640.506155,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 602
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 33f732b4dfbd5fb3ed7345eba2896fe6
2652f214cf7127302cc65b1d4e42f48a80907d5d
904ce722469d356f8ec20c14bd51ca3ce459012ea0869f7d14821a963310a494
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 13:23:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thirsty.agency/wp-content/plugins/the-grid/frontend/assets/js/the-grid.min.js?ver=2.7.9.1
200 OK 32 kB URL HTTP/2 thirsty.agency/wp-content/plugins/the-grid/frontend/assets/js/the-grid.min.js?ver=2.7.9.1
IP
File type Unicode text, UTF-8 text, with very long lines (65388), with CRLF line terminators
Hash 112734f4873861d012d66c6a20509138
e895a91ba02c1a0727795bc0510b7dc9cdecd9b1
8ee86d22170fde566d0deb159842eb7889e9ddb2b3404fdc82dce652074d8a8b
GET /wp-content/plugins/the-grid/frontend/assets/js/the-grid.min.js?ver=2.7.9.1 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:27 GMT
etag: W/"62e738e3-17c78"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814640.506065,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 32042
X-Firefox-Spdy: h2
thirsty.agency/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.2
200 OK 6.9 kB URL HTTP/2 thirsty.agency/wp-includes/js/jquery/ui/effect.min.js?ver=1.13.2
IP
File type ASCII text, with very long lines (15446)
Hash 4b3e098f506bd234c9da6fddadf83710
83a01a47bfc26c142c98543b892a4ea91767eadd
64e46fc3c0ea1d811d1f95b7ac5244bfa1640af11f77350c1b3c032d148848c4
GET /wp-includes/js/jquery/ui/effect.min.js?ver=1.13.2 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 20:31:33 GMT
etag: W/"6373f725-43ba"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: ri0siomphr
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814640.502945,VS0,VE5
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 6927
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-76423917-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-76423917-1
IP
File type ASCII text, with very long lines (1921)
Hash e8085e2d998eb7e8d1a718635d4fcab3
16f0516b36c22fd596b612eb20ae2aaadd7caeb5
ee0de8885eae44441d76074affb1a279a46ef0bb935db02dd4dc6c12ab81d525
GET /gtag/js?id=UA-76423917-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thirsty.agency/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 13:23:59 GMT
expires: Wed, 30 Nov 2022 13:23:59 GMT
cache-control: private, max-age=900
last-modified: Wed, 30 Nov 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43549
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 33f732b4dfbd5fb3ed7345eba2896fe6
2652f214cf7127302cc65b1d4e42f48a80907d5d
904ce722469d356f8ec20c14bd51ca3ce459012ea0869f7d14821a963310a494
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 13:23:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thirsty.agency/wp-content/themes/thirsty-child/fonts/Albra-Black.woff2
200 OK 24 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty-child/fonts/Albra-Black.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 23948, version 1.66\012- data
Hash db8bfe867147bb073facc50b9d4e5c57
7e6c68034ede885f3597246bfff5e2fdbf6c7689
64361a871d02edd3b3798bcb67f7f3f29896e1c102692cb31f053e38628fc335
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty-child/fonts/Albra-Black.woff2 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://thirsty.agency/wp-content/themes/thirsty-child/fonts/fonts.css?ver=6.1.1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Mon, 01 Aug 2022 02:22:44 GMT
etag: "62e738f4-5d8c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814640.811093,VS0,VE1
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 23948
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty-child/fonts/Pragmatica.woff2
200 OK 18 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty-child/fonts/Pragmatica.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17952, version 1.0\012- data
Hash 895ea343bd6b5189fe6cea687ecf1a9c
0601fc2e1ac58b81a4246a2b13b6930b1445b3b8
b07d0b691109a512e4165829403a0c73a7a792240323e6bee7a5cc668f20c82b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty-child/fonts/Pragmatica.woff2 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://thirsty.agency/wp-content/themes/thirsty-child/fonts/fonts.css?ver=6.1.1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Mon, 01 Aug 2022 02:22:44 GMT
etag: "62e738f4-4620"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814640.810238,VS0,VE2
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 17952
X-Firefox-Spdy: h2
thirsty.agency/wp-content/themes/thirsty-child/fonts/MADE%20Outer%20Sans%20Black.woff2
200 OK 13 kB URL HTTP/2 thirsty.agency/wp-content/themes/thirsty-child/fonts/MADE%20Outer%20Sans%20Black.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 12728, version 1.0\012- data
Hash 751c3a1d4e31a72978a1cd21926b4d66
0891a384d5f7bca744788da820df64477d080779
96fc7d51e98224ad5d62bc201b91a639d1be87b640b249ebac250263143873e2
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/thirsty-child/fonts/MADE%20Outer%20Sans%20Black.woff2 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://thirsty.agency/wp-content/themes/thirsty-child/fonts/fonts.css?ver=6.1.1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Mon, 01 Aug 2022 02:22:44 GMT
etag: "62e738f4-31b8"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814640.807002,VS0,VE6
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 12728
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UJTty41IZvmS4QBNQMw7/g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: T2lcIHf9fRV67ud3w2pp+vc58kQ=
ocsp.sectigo.com/
200 OK 471 B IP
Hash 9f3461cbf3a1ed3435006054d2db89a5
bed94e880c8a0f621df2165d97d9081fb646b15d
c818995cc185b2f78f198274bd035cd5d1d189ecf711c29f5959e3366a1642f8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 13:23:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 09:12:44 GMT
Expires: Sun, 04 Dec 2022 09:12:43 GMT
Etag: "bed94e880c8a0f621df2165d97d9081fb646b15d"
Cache-Control: max-age=329923,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7723e69a2af4b515-OSL
ocsp.sectigo.com/
200 OK 471 B IP
Hash 9f3461cbf3a1ed3435006054d2db89a5
bed94e880c8a0f621df2165d97d9081fb646b15d
c818995cc185b2f78f198274bd035cd5d1d189ecf711c29f5959e3366a1642f8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 13:23:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 27 Nov 2022 09:12:44 GMT
Expires: Sun, 04 Dec 2022 09:12:43 GMT
Etag: "bed94e880c8a0f621df2165d97d9081fb646b15d"
Cache-Control: max-age=329923,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7723e69a289a1bfe-OSL
thirsty.agency/false
404 Not Found 12 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381)
Hash 811b355c87981b39d719fa8958f818e3
f9047a3ff28e7fbcc7b52bd6fff38c65d1e22dbf
3830dae4165d84bc00ef88de334fd03e15348d11f27b7a18db17ab2afeec9670
Analyzer Verdict Alert fortinet Phishing
GET /false HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://thirsty.agency/wp-json/>; rel="https://api.w.org/"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-dynamic: TRUE
x-fw-hash: ri0siomphr
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: NO:Not Cacheable
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:24:00 GMT
x-served-by: cache-bma1662-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669814640.804965,VS0,VE281
vary: Accept-Encoding
x-fw-serve: TRUE
x-fw-static: NO
x-fw-type: VISIT
content-length: 12061
X-Firefox-Spdy: h2
ajew8ag5yp-flywheel.netdna-ssl.com/wp-content/themes/thirsty-child/toasty/toasty.css
502 Bad Gateway 166 B URL HTTP/2 ajew8ag5yp-flywheel.netdna-ssl.com/wp-content/themes/thirsty-child/toasty/toasty.css
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 261b1f079fa0a5c0c32d181e43440c05
300ee04911225728b015abd82d7ca5f43f999b79
c79255f6cb550eaa07d6e90d859b8c1abe81658115ae8175e74b67ac22c7ed87
GET /wp-content/themes/thirsty-child/toasty/toasty.css HTTP/1.1
Host: ajew8ag5yp-flywheel.netdna-ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thirsty.agency/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 502 Bad Gateway
date: Wed, 30 Nov 2022 13:24:00 GMT
content-type: text/html
content-length: 166
server: NetDNA-cache/2.2
X-Firefox-Spdy: h2
unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
200 OK 14 kB URL HTTP/2 unpkg.com/imagesloaded@4.1.4/imagesloaded.pkgd.min.js
IP
File type ASCII text, with very long lines (5477)
Hash b31e087639b5738e4c396fb7b5c1d132
ba69c8b87a0fdf536458b3758c02bcd1fe9f48b5
f326f32fd0e7e7b5cdc6a3be65ee768c1338b5d86a8638ad2c2c10b8d1e368db
GET /imagesloaded@4.1.4/imagesloaded.pkgd.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 13:23:59 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Tue, 02 Jan 2018 16:53:35 GMT
etag: W/"15da-bT4RF04iZo5p3yNuXEVCFo98v+w"
via: 1.1 fly.io
fly-request-id: 01G4XKHAKMA0TM8SXBZFY8DNJK-fra
cf-cache-status: HIT
age: 15258761
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7723e69bab8c0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ajew8ag5yp-flywheel.netdna-ssl.com/wp-content/themes/thirsty-child/toasty/jquery.toasty.js
502 Bad Gateway 166 B URL HTTP/2 ajew8ag5yp-flywheel.netdna-ssl.com/wp-content/themes/thirsty-child/toasty/jquery.toasty.js
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 261b1f079fa0a5c0c32d181e43440c05
300ee04911225728b015abd82d7ca5f43f999b79
c79255f6cb550eaa07d6e90d859b8c1abe81658115ae8175e74b67ac22c7ed87
GET /wp-content/themes/thirsty-child/toasty/jquery.toasty.js HTTP/1.1
Host: ajew8ag5yp-flywheel.netdna-ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thirsty.agency/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 502 Bad Gateway
date: Wed, 30 Nov 2022 13:24:00 GMT
content-type: text/html
content-length: 166
server: NetDNA-cache/2.2
X-Firefox-Spdy: h2
ajew8ag5yp-flywheel.netdna-ssl.com/wp-content/themes/thirsty-child/toasty/toasty.css
502 Bad Gateway 166 B URL HTTP/2 ajew8ag5yp-flywheel.netdna-ssl.com/wp-content/themes/thirsty-child/toasty/toasty.css
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 261b1f079fa0a5c0c32d181e43440c05
300ee04911225728b015abd82d7ca5f43f999b79
c79255f6cb550eaa07d6e90d859b8c1abe81658115ae8175e74b67ac22c7ed87
GET /wp-content/themes/thirsty-child/toasty/toasty.css HTTP/1.1
Host: ajew8ag5yp-flywheel.netdna-ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thirsty.agency/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 502 Bad Gateway
date: Wed, 30 Nov 2022 13:24:00 GMT
content-type: text/html
content-length: 166
server: NetDNA-cache/2.2
X-Firefox-Spdy: h2
thirsty.agency/wp-content/uploads/2020/12/cropped-Tfavi-32x32.png
200 OK 455 B URL HTTP/2 thirsty.agency/wp-content/uploads/2020/12/cropped-Tfavi-32x32.png
IP
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 6ea53029082a6c1dc2ce97b095b8387e
66bf8c4f5c2642d9cf06b5b53034e42b674d95b2
d1f6c7d39cebfebfd6fc9f202ff6818667943f534ef32dfaa624ec2feb64b741
GET /wp-content/uploads/2020/12/cropped-Tfavi-32x32.png HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Mon, 01 Aug 2022 02:22:50 GMT
etag: W/"62e738fa-1b0"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:24:00 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814640.301730,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 455
X-Firefox-Spdy: h2
thirsty.agency/wp-content/uploads/2020/12/cropped-Tfavi-192x192.png
200 OK 2.0 kB URL HTTP/2 thirsty.agency/wp-content/uploads/2020/12/cropped-Tfavi-192x192.png
IP
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 6bf7bbc70397ec1b7689eab97dc5a6c0
1b8e070c687eeaa7c264cd00d45a2c0d555288d7
1da570a1b2b92638a34bf7ae4e9c829ef2bf4e846391232afb958bffe1d1d5da
GET /wp-content/uploads/2020/12/cropped-Tfavi-192x192.png HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Mon, 01 Aug 2022 02:22:53 GMT
etag: W/"62e738fd-807"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:24:00 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814640.301275,VS0,VE4
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1984
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thirsty.agency/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 30 Nov 2022 12:41:08 GMT
expires: Wed, 30 Nov 2022 14:41:08 GMT
cache-control: public, max-age=7200
age: 2572
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
thirsty.agency/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/n2-j.min.js?ver=a96b01e9
200 OK 18 kB URL HTTP/2 thirsty.agency/wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/n2-j.min.js?ver=a96b01e9
IP
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, the_grid \012- data
Hash 8c1ff30238b4a219b2dd470a2c414296
c36d9884c6d83cd8df66daca2a46ee5830083976
1cf1af2f6a0741407a3978158d8e3502b62ac41c026187815e8677d04fa4b393
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/nextend-smart-slider3-pro/Public/SmartSlider3/Application/Frontend/Assets/dist/n2-j.min.js?ver=a96b01e9 HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 01 Aug 2022 02:22:16 GMT
etag: W/"62e738d8-1aba4"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:23:59 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814639.471172,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 40517
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5679
Expires: Wed, 30 Nov 2022 14:58:39 GMT
Date: Wed, 30 Nov 2022 13:24:00 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5679
Expires: Wed, 30 Nov 2022 14:58:39 GMT
Date: Wed, 30 Nov 2022 13:24:00 GMT
Connection: keep-alive
unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js
302 Found 569 B URL HTTP/2 unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js
IP
Hash 7fa442d3a32b6715cc74f615e94e7082
6ed398632fcfab4b4d002d0c0c2c7fa7dde6e190
e026d98042346b715f8406cca22b9243c0b406409185bb645c990ddc354a3fa7
GET /imagesloaded@4/imagesloaded.pkgd.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thirsty.agency/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 30 Nov 2022 13:23:59 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /imagesloaded@4.1.4/imagesloaded.pkgd.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GK4AT6AP3BSJ8PGRBT35EQ6S-fra
cf-cache-status: HIT
age: 541
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7723e699f9d90b49-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5679
Expires: Wed, 30 Nov 2022 14:58:39 GMT
Date: Wed, 30 Nov 2022 13:24:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03014221d7f49b50ffc2d1b0a0e75457
772d86ad983042a728ee3490630a9cf1134ad0dd
81fb954fa569955907952987e9d8efd1dac80e0e4a682826abf3c5d90eb31771
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1c32283b-8309-408e-85df-cad97da6bc80.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10176
x-amzn-requestid: 768fc69c-e91b-4dd9-8add-63634762b2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpbgEFOIAMF71A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bc49-21756db31c4714af0553f21b;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:12:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jS-AS3x8V3XacXRNkU63UJjBxA6unvBer5WcxUYseR5p4eZPK64o2g==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 04:55:46 GMT
age: 30494
etag: "772d86ad983042a728ee3490630a9cf1134ad0dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05196ec43964cf559caa0c0279148d62
6170d6776615503e3e29f86783febc3e3e78ca66
47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IMaVlQblNnh9mFKwb2LG7hw7h_f1_nVYqO4aEUqY01a2HofnnQqcFQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:31 GMT
age: 56069
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59baec8db5ced0210ab766ea5636a5fd
f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b
33ff55891f18c22970804f1b8b2ba6821ddfd7426b01486410bd43f2b4295a8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QhUrNKIJUxXTYFTgfCwizAd9L4PdLMVLbqv1sHmmnrWya0xz1MTSiw==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:46 GMT
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
content-type: image/jpeg
age: 54914
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp
200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bbe350ea797a0fec5a19a450fc5de4b4
2f3a39a528d3b759060203931de33c12303592e1
4d661dac2e19e07ae15d0f8cf00bd268c6c2defb2f5e4de38fcb6e7031dfd605
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9330
x-amzn-requestid: 3fad352d-7664-43e0-9395-e840f671ca61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFQFIdoAMFSmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a21-5e9847852f8435231d401fe6;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mCEtSOenWKxay4vNy5mN9cexxXKXKt7TMuLaLw-M86tLKwQ2MwuxPg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:00:54 GMT
age: 55386
etag: "2f3a39a528d3b759060203931de33c12303592e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e00769bd1391b8f4f5b8ab128a825355
e4ddf955e8ac1986045ed55880c43c69e588a021
81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 55655
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 777ce44582c70bf01a31da4cab366f36
57e1d34f146d5ccd9943aa97bcc3158f7103bb07
fbdc8f65ae74dc13b7aafec464f08fdc9902af519946200ec52432ac3ca55982
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd170538c-f8cf-4acb-ba33-2ead00b9db73.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10958
x-amzn-requestid: abfea5b0-58f5-49e1-b78e-7cf456d03cb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFHF9oIAMF5lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a20-5ab719292d440d083b07a478;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gCt9oHpZ68tLCYHIYpI1XLtADkScxwf12kDFnU0o5WoQIVSzWlqozw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:16:52 GMT
etag: "57e1d34f146d5ccd9943aa97bcc3158f7103bb07"
content-type: image/jpeg
age: 54428
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
thirsty.agency/wp-content/uploads/2022/09/PATTYIMG00002.png
200 OK 341 kB URL HTTP/2 thirsty.agency/wp-content/uploads/2022/09/PATTYIMG00002.png
IP
File type PNG image data, 838 x 541, 8-bit/color RGBA, non-interlaced\012- data
Size 341 kB (340668 bytes)
Hash b5deb5873e5968dbc3655d2ca16f3dd6
11dce4ac78e209fb09334a6e6d4a8380a0d0c64d
d27e51c5e79d3e8855864fd7cc6718d56ed94018cc51af0f113c4443438c3efb
GET /wp-content/uploads/2022/09/PATTYIMG00002.png HTTP/1.1
Host: thirsty.agency
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thirsty.agency/
Connection: keep-alive
Cookie: _ga=GA1.2.840432928.1669814639; _gid=GA1.2.187618990.1669814639; _gat_gtag_UA_76423917_1=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Fri, 02 Sep 2022 15:27:32 GMT
etag: W/"631220e4-53c07"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: ri0siomphr
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 30 Nov 2022 13:24:01 GMT
x-served-by: cache-bma1662-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1669814642.537194,VS0,VE9
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 340668
X-Firefox-Spdy: h2
151.101.194.159
104.16.123.175
23.36.77.32
93.184.220.29