Overview

URL witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
IP34.235.99.249
ASNAMAZON-AES
Location United States
Report completed2022-09-25 10:59:24 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-25 2 witch-fucker.com/lp4/js/backoffer.js Phishing
2022-09-25 2 witch-fucker.com/lp4/js/url-params.js Phishing
2022-09-25 2 witch-fucker.com/lp4/images/25.svg Phishing
2022-09-25 2 witch-fucker.com/lp4/js/translate.js Phishing
2022-09-25 2 witch-fucker.com/lp4/js/jquery-2.2.4.min.js Phishing
2022-09-25 2 witch-fucker.com/lp4/js/function.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (24)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-09-25 04:26:31 UTC 34.120.237.76
mnemonic passive DNS ajax.googleapis.com (1) 12905 2014-10-18 20:16:48 UTC 2022-09-25 06:14:16 UTC 172.217.21.170
mnemonic passive DNS bam.nr-data.net (2) 630 2015-02-10 00:06:27 UTC 2022-09-25 04:59:22 UTC 162.247.241.14
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-25 05:42:52 UTC 143.204.55.110
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-09-25 04:54:16 UTC 142.250.74.3
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-25 05:07:25 UTC 34.215.56.181
mnemonic passive DNS readyrtr.com (1) 0 2021-07-26 20:26:22 UTC 2022-09-25 09:49:18 UTC 44.239.224.24 Unknown ranking
mnemonic passive DNS statisticresearch.com (1) 584767 2019-05-20 16:27:25 UTC 2022-09-25 02:07:48 UTC 3.212.86.82
mnemonic passive DNS notification-centr.com (1) 0 2019-09-11 19:40:56 UTC 2022-09-24 07:51:24 UTC 50.17.223.200 Unknown ranking
mnemonic passive DNS witch-fucker.com (27) 337341 2018-06-13 13:55:28 UTC 2022-09-25 00:51:23 UTC 50.17.223.200
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-25 05:48:33 UTC 143.204.55.115
mnemonic passive DNS kit.fontawesome.com (1) 1868 2019-03-29 02:12:52 UTC 2022-09-25 04:37:27 UTC 104.18.23.52
mnemonic passive DNS ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2022-09-25 08:02:21 UTC 93.184.220.29
mnemonic passive DNS geoip.enlistsecureup.com (1) 269993 2021-12-22 01:39:03 UTC 2022-09-24 19:43:16 UTC 163.171.128.172
mnemonic passive DNS www.gstatic.com (2) 0 2016-07-26 09:37:06 UTC 2022-09-25 04:56:34 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS ocsp2.globalsign.com (2) 1544 2012-05-21 07:12:19 UTC 2022-09-25 07:48:51 UTC 104.18.20.226
mnemonic passive DNS ajax.aspnetcdn.com (2) 693 2012-05-24 13:35:31 UTC 2022-09-25 04:57:08 UTC 152.199.19.160
mnemonic passive DNS ntnlst.com (8) 0 2022-02-14 22:23:26 UTC 2022-09-23 11:43:18 UTC 207.120.33.40 Unknown ranking
mnemonic passive DNS ka-p.fontawesome.com (3) 4489 2019-12-16 20:35:53 UTC 2022-09-25 03:15:39 UTC 104.18.23.52
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-25 05:02:41 UTC 23.36.77.32
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-25 04:51:16 UTC 34.117.237.239
mnemonic passive DNS ocsp.sca1b.amazontrust.com (4) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.165
mnemonic passive DNS js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-09-25 04:59:22 UTC 151.101.86.137
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-25 10:16:53 UTC 142.250.74.10


Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 34.235.99.249

Date UQ / IDS / BL URL IP
2022-09-25 10:59:24 +0000
0 - 0 - 6 witch-fucker.com/lp4/?subid=pllx_us_sg_mob&cl (...) 34.235.99.249

Last 5 reports on ASN: AMAZON-AES

Date UQ / IDS / BL URL IP
2022-12-03 08:07:54 +0000
0 - 0 - 1 setuphighlysophisticatedinfo-file.info/YLik3a (...) 3.226.146.143
2022-12-03 07:05:09 +0000
0 - 0 - 1 world-classrecord-totranslatetoday.info/ 35.169.3.110
2022-12-03 07:02:13 +0000
0 - 0 - 1 setupsophisticatedhighlyinfo-file.info/-I9sj3 (...) 3.226.146.143
2022-12-03 06:45:52 +0000
0 - 0 - 2 xd9bndwb86766.com/ 44.202.128.68
2022-12-03 06:44:27 +0000
0 - 0 - 1 setuphighlysophisticatedinfo-file.info/gvk7Hp (...) 3.226.146.143

Last 1 reports on domain: witch-fucker.com

Date UQ / IDS / BL URL IP
2022-09-25 10:59:24 +0000
0 - 0 - 6 witch-fucker.com/lp4/?subid=pllx_us_sg_mob&cl (...) 34.235.99.249

No other reports with similar screenshot



JavaScript

Executed Scripts (32)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (85)


Request Response
                                        
                                            GET /lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825 HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         50.17.223.200
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: awselb/2.0
Date: Sun, 25 Sep 2022 10:59:12 GMT
Content-Length: 134
Connection: keep-alive
Location: https://witch-fucker.com:443/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   134
Md5:    4aa7a432bb447f094408f1bd6229c605
Sha1:   1965c4952cc8c082a6307ed67061a57aab6632fa
Sha256: 34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2808
Expires: Sun, 25 Sep 2022 11:46:00 GMT
Date: Sun, 25 Sep 2022 10:59:12 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 10:14:55 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6F-Twy3jjHiph9He_5r0PYKB3Q249jkochAwMiYI2zLk_tEQDxEE7A==
Age: 2657


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nZXCQ5HuKoGcziTwtw6HrpvLtpKF4zPTsvAVPXw0MvuH7Ubaq8GRDA==
age: 23038
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 25 Sep 2022 10:59:12 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 25 Sep 2022 10:04:17 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 25 Sep 2022 10:12:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hYpYM63T5-q5qgrhwDE6MZNVpoBrb-_bs7WnjKXMi1C7E811XkZH5g==
Age: 3296


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 10:59:13 GMT
Server: ECS (dcb/7FA4)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Ilhyesqnrx6Qda9f7FIvn-p_wYmk6RrLS3B3bWnaWl_g3TGu6XT-Jw==

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6244
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 10:59:13 GMT
Last-Modified: Sun, 25 Sep 2022 09:15:09 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:59:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:59:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /firebasejs/5.0.2/firebase-messaging.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 18:29:50 GMT
expires: Tue, 19 Sep 2023 18:29:50 GMT
cache-control: public, max-age=31536000
age: 491363
last-modified: Thu, 10 May 2018 20:35:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (35547)
Size:   10017
Md5:    fa9987a23f5a9d865766e952511baa30
Sha1:   f2e620b99ee61a01671ba6a9e22ca75d58a1b52d
Sha256: 655daa1e20bf3aff16bc8462339dfea48c7ea5d3dd3505937015af3586d15fb7
                                        
                                            GET /firebasejs/5.0.2/firebase-app.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 8604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Sep 2022 20:25:09 GMT
expires: Sat, 23 Sep 2023 20:25:09 GMT
cache-control: public, max-age=31536000
age: 138844
last-modified: Thu, 10 May 2018 20:35:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (25088)
Size:   8604
Md5:    73069e532b7039778d3a7128c997c61a
Sha1:   c523bbf1ac7f4e612c8ade75434c42fbca885adc
Sha256: b6d7aec09aad2bb78dfbad4c9530fd03c0f33aed8385c3ee57c10b1fe959c4d5
                                        
                                            GET /pushjs/1.0.0/config/lang-config.js HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
server: nginx
last-modified: Wed, 27 Apr 2022 08:33:25 GMT
vary: Accept-Encoding
etag: W/"6268ffd5-23c2"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3063
Md5:    a60c5ff03570e07880d4e9d28d41a55d
Sha1:   4b20668f1790a3e90bd8c0ef10d913ab5597f180
Sha256: 7c80d55914a927da1985200ffee430f9e02d092fabe68cb3c25ece30c5ed8e11
                                        
                                            GET /lp4/images/logo.png HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 2684
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:23 GMT
etag: "62690087-a7c"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 312 x 30, 8-bit/color RGBA, non-interlaced\012- data
Size:   2684
Md5:    e3bacd0a23eeabb8e9bbf0df6a8c5302
Sha1:   6e9d8ea3ded1c9f6cded9ae7537e076023682519
Sha256: a96ad7b7854bfe8a6795c585f73d4b9c0e3402e90f65c8ffc65346d34e1e275a
                                        
                                            GET /lp4/images/person-3.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 31059
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:24 GMT
etag: "62690088-7953"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x1080, components 3\012- data
Size:   31059
Md5:    c98efc4b219748b71d88f6d5ddab3496
Sha1:   9eac104e66acb6b17f19553e0702db5dc939517d
Sha256: 3096a87b8f0ae281f739688dd252a3a6dbd13c3d34620f08bce18ca3ab1801d8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=132611
Date: Sun, 25 Sep 2022 10:59:13 GMT
Etag: "632f8eed-1d7"
Expires: Mon, 26 Sep 2022 23:49:24 GMT
Last-Modified: Sat, 24 Sep 2022 23:12:45 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NOxLmZoyYHdA5-m1Um80C4KjhRdu5mE2A2YEnUQcM9y20un0wc1LHg==
Age: 2199

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 65ZMaCdOZxxIiK0FfGr3Ig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.215.56.181
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 86JKpXKRXCRy9leMNNbaXU5b31o=

                                        
                                            GET /lp4/js/backoffer.js HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 430
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:25 GMT
etag: "62690089-1ae"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (430), with no line terminators
Size:   430
Md5:    6d5aa83d23ce0b9f72d3b87d000d8fae
Sha1:   034fb8768eb58ffc0b5849e2c162989741a6cbec
Sha256: 89266112a6c823b9c03dd5a32d8f1c5e9f4cbf4cf876b56c825781ea389d0800

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /lp4/js/url-params.js HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 597
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:26 GMT
etag: "6269008a-255"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   597
Md5:    3b5b3d245db0637cb0f43fbbf8bbd8f8
Sha1:   e4e3c446a651920765bdde8d7d93ab1b754fb012
Sha256: 15c9ca283635313f7b2f4ac312e2c79798f61ebfda402fe856e2c18031534a35

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /lp4/images/person-2.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 45444
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:24 GMT
etag: "62690088-b184"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x1080, components 3\012- data
Size:   45444
Md5:    c879a72e47a3c744e3520a609d1e45ac
Sha1:   c682c1b016ad5e571486f1304b294ffc05d80aea
Sha256: 55d957df227784a82d73ce61ff35f7f8a4ff8fdf00d517ed07f149d4a8c8a93c
                                        
                                            GET /lp4/images/25.svg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 1075
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:18 GMT
etag: "62690082-433"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text
Size:   1075
Md5:    3d0a0e2c7fd89cd11f4634492f3aee98
Sha1:   d693451ef88945db0aef9a7e14ccf8507f620c1b
Sha256: d5692e672d452e68ebd47460f89423045ec9743a3cfb6c56c2e9257a8b3bc4c1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /lp4/images/person-1.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 46694
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:24 GMT
etag: "62690088-b666"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x1080, components 3\012- data
Size:   46694
Md5:    a476cdc56306f48575dbd2fd2ed2f0de
Sha1:   c02f7fba5f70cc84b824c11a8f8d6e5687e1a24d
Sha256: b6732027f104c389436a54ddb2c2c30dddabb8e35c1fce6247d74062e8cc7077
                                        
                                            GET /lp4/images/person-4.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 50285
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:24 GMT
etag: "62690088-c46d"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 640x1080, components 3\012- data
Size:   50285
Md5:    475d6db151af9ed67556a40ebc8a81b0
Sha1:   e24b068fe76f3935d8547240f62b0d8a0337d3ca
Sha256: 8c96ceb6d7bce4f44de4b740ef6ac39ba4b93d55eaa32aaac92149bd297311cb
                                        
                                            GET /lp4/images/bg-4.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 109045
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:22 GMT
etag: "62690086-1a9f5"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size:   109045
Md5:    95b027e2078097a459b832dea0da8bef
Sha1:   79819d9fd04a8edce23b6faff7d55247997a02de
Sha256: 5b47892081de78b3ab26448ac57b7c6fbf5646a2b22693fc5ca2f87d70b32de2
                                        
                                            GET /lp4/images/bg-6.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 99226
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:23 GMT
etag: "62690087-1839a"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size:   99226
Md5:    067d2c9c46e599854c134cf17eb195ad
Sha1:   2d4ae740fb1925b52b5be3ce1ccc52d39019d669
Sha256: cb880d666019f18c108af37a3701232ff7cdfd84d470a4482495ee3ba3e14a84
                                        
                                            GET /lp4/images/bg-2.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 121626
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:21 GMT
etag: "62690085-1db1a"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size:   121626
Md5:    0b3cd3c8322f85531091bce00c0721d9
Sha1:   3bd2eecee79b4a60792c4ba2cd05633f30203fc6
Sha256: bca47c674878f22527bd554d45d5d2ec7096c9e0de3e16ac29fa3286606bb855
                                        
                                            GET /lp4/images/bg-9.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 131717
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:23 GMT
etag: "62690087-20285"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size:   131717
Md5:    a570d37c0a24d5a0d3f2ea9957227226
Sha1:   fafd0a048f168f4b26d0b94dae54229ae74212e9
Sha256: 975031a32fae41e76ff5546ba9e88d6e4f44c14c598d20b03895b7d1cca17811
                                        
                                            GET /lp4/images/bg-3.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 122618
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:21 GMT
etag: "62690085-1defa"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size:   122618
Md5:    9925753795ff45099cff04907be81a55
Sha1:   74d8b11dc67bc31397f0dfe518b1a46cf8690723
Sha256: b2d21d83b497c0966dc09b389118342ff9c1fbbe408b47625c91b015bdee1773
                                        
                                            GET /lp4/images/bg-12.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 104953
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:20 GMT
etag: "62690084-199f9"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size:   104953
Md5:    08c082f9a4f71f855d74c060b2425c61
Sha1:   d552d2aed69d087d77828a355ac7e27d7ee3de33
Sha256: d90a3323181e73c7656c33ce7db7f1c57aa5bcf80a5c3e5651d9b661fa34c881
                                        
                                            GET /lp4/images/bg-11.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 118979
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:19 GMT
etag: "62690083-1d0c3"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size:   118979
Md5:    db6576ed66e88ba02a61e5d604533e65
Sha1:   ec0b5399aaa59c6ac3911851f654454e712c3fb2
Sha256: 239027af04ce3ed3f0d0525a0ced12c687121bd74097928777573e106740f089
                                        
                                            GET /lp4/images/bg-5.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 166772
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:22 GMT
etag: "62690086-28b74"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size:   166772
Md5:    73f2b2da01437c57b82e60c0853bc39c
Sha1:   35bc6fcdbb54cc423259951d7e980af28a6089ca
Sha256: 0a37488e2efdd03945a5e22034793bc5ea5e0488dab379f5fa775da3876d3b97
                                        
                                            GET /lp4/images/bg-10.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 157533
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:19 GMT
etag: "62690083-2675d"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size:   157533
Md5:    52c37226c0ce48b9e6915842cd747ce9
Sha1:   ea6e98fe72ef74dc80e6ab64d9f607a07845933e
Sha256: e5d89f7b718d4f4a5538699a8b03e5b58fb51265965b7701bd13431d05074b98
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 404 Not Found
content-type: text/html
                                        
date: Sun, 25 Sep 2022 10:59:14 GMT
content-length: 162
server: nginx
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    70461da8b94c6ca5d2fda3260c5a8c3b
Sha1:   994bc667720c21257500e29038c1a5f61e25da1e
Sha256: f33c27745f2bd87344be790465ef984a972fd539dc83bd4f61d4242c607ef1ee
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 10:59:14 GMT
Last-Modified: Sun, 25 Sep 2022 09:20:35 GMT
Server: ECS (dcb/7EA3)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: S75CdXKvtKuNTsnap8_rTaoNDwksB8Bk0NnE6L0UzPKIHwQBgF59hA==
Age: 5919

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6713
Expires: Sun, 25 Sep 2022 12:51:07 GMT
Date: Sun, 25 Sep 2022 10:59:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6713
Expires: Sun, 25 Sep 2022 12:51:07 GMT
Date: Sun, 25 Sep 2022 10:59:14 GMT
Connection: keep-alive

                                        
                                            GET /lp4/images/bg-1.jpg HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
content-length: 76126
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:19 GMT
etag: "62690083-1295e"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6713
Expires: Sun, 25 Sep 2022 12:51:07 GMT
Date: Sun, 25 Sep 2022 10:59:14 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6713
Expires: Sun, 25 Sep 2022 12:51:07 GMT
Date: Sun, 25 Sep 2022 10:59:14 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F742ed98b-b8fa-4199-984b-51f661ac6e89.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4829
x-amzn-requestid: c283df3f-4198-47dd-9b24-634c425bccd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2aA_HgFoAMF_tQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632c0a06-3881d661368a03ae48227b37;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 07:08:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3zDl5u8ndYwMQ2-4aH1sRDit8p-G3OK9bvGNj1hOab9dWo5389KPGg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 08:15:05 GMT
age: 9849
etag: "8db9c71402f2c8ceee047c56ca1a5e41c74f5cf3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4829
Md5:    3f93f322ecd0244e7ee4169b200b50df
Sha1:   8db9c71402f2c8ceee047c56ca1a5e41c74f5cf3
Sha256: 2bb739a60a4581e554fb308be7df8b3d7f47e95051e5ef5e0d1d9ed0a0443b68
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6199
x-amzn-requestid: d26f22d9-4e9b-4764-8c96-2e1c7ce36340
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--OKHowoAMFbQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7727-7adb7c4925e6e50e13889544;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LryqVGSkKbiNOwcqXMULY9FXbOuZBBenjgGPDME3NZLZOdp5divXmw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:02:29 GMT
age: 46605
etag: "358e74de395352a9529ff1c17856daf8900888c5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6199
Md5:    714af732a9aa1db2b13ffb62810fd532
Sha1:   358e74de395352a9529ff1c17856daf8900888c5
Sha256: 1d2035cfcd283560ebe8494f9438e52f8d96cd092dd41cb0eb899a3f905c1e05
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rN_8rm10Pxb0AUKW6ECfNulcYxBaS7FgGD15gT14dX-FlsGJfqahxA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:19 GMT
age: 48115
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size:   12826
Md5:    b3a72e81317074689a71dac7059e4b6a
Sha1:   b6d56333d7f1ea7ddc8838d84de498ff913c5464
Sha256: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78aaf154-de5d-4fec-94c5-4e185b4c0cc1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4320
x-amzn-requestid: 72d102a6-8552-473f-b3f8-99450722017d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--PmHEgIAMFXvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7730-7e4789b1723913e2500ea5f2;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4XK0s7000jxVbsu88-3ze_Mg_SqTKMDgAWKiLkc3ZCiiqGhS02Cn5w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:12:06 GMT
age: 46028
etag: "1ec47b0f11a2b1173a1dcd32d541e5680b0088b1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4320
Md5:    7eba9d4ed7413abb8e8824cc86071b50
Sha1:   1ec47b0f11a2b1173a1dcd32d541e5680b0088b1
Sha256: 399622d6099137974fa30a332c145b45182a7be272523a325418c63bfe70e5a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7642
x-amzn-requestid: b0fc9bea-7735-43c0-a176-eae4d5000a6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2ZPtHajIAMF8zQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632c08ca-391092bd30ae5bf9692e93ba;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 07:03:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gc7lA-XfgIAhotpUdrOaihuA2nbdMY2zNiJSHZpSN3yKPaT-k93auQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 06:00:25 GMT
age: 17929
etag: "1534aa8a5158dfa9592d65e6fb761b41c0852c58"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7642
Md5:    00c09f267aacde9465a329542463b9e5
Sha1:   1534aa8a5158dfa9592d65e6fb761b41c0852c58
Sha256: 276ff24598159f62fd7333992575834f901eea7c75a228b9c12d1c049f1df558
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0737a7ae-3ae7-4fe5-b739-e988b295c795.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8715
x-amzn-requestid: d5e237f4-4c0e-4e3b-b3ae-ea1eb5b7cafc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y5JmTEAwIAMF_Mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632d22f4-48a975a866edc1755858600f;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 03:07:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Sm6N8Un8XKHtGGZwxLd1aYygBns1l8siRvcc2w_9V2imJopvt8Ockw==
via: 1.1 44cd593d82a2d200a94217033c614c6a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 07:09:15 GMT
age: 13799
etag: "79c83cc27996b2339bd63764dbb2ae9744db6d70"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8715
Md5:    a89e7161745036637a66e8ab5b7efdf9
Sha1:   79c83cc27996b2339bd63764dbb2ae9744db6d70
Sha256: 13b990c3c6a9bee6def25d007e14628c52e427b6f4c718895b1817d5e8e59760
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.165
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 10:59:14 GMT
Last-Modified: Sun, 25 Sep 2022 10:29:53 GMT
Server: ECS (dcb/7FA8)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5VsH3j83AlJZw35LLxnxf93_pSpo_4amvt21EhedBGMHhHF-Hcd3ag==
Age: 1761

                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:59:15 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 29 Sep 2022 07:59:21 GMT
ETag: "ff8f5010af496cf8fcf8b5edae6be15c3d7594d4"
Last-Modified: Sun, 25 Sep 2022 07:59:22 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 344
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75033fd61b1f0b06-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    11be99bb7d9d7f4e09db9599f4db27cf
Sha1:   ff8f5010af496cf8fcf8b5edae6be15c3d7594d4
Sha256: 8d92d99556844621985b32eb4da3a47da73d9bb2fdea75c90fdd5b702de1911a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0744C5C9B0C23B5FDA2431D14046CF8F36551E9CDF57779565D57899D618190D"
Last-Modified: Sat, 24 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3698
Expires: Sun, 25 Sep 2022 12:00:54 GMT
Date: Sun, 25 Sep 2022 10:59:16 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1361
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 10:59:16 GMT
Last-Modified: Sun, 25 Sep 2022 10:36:35 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1 
Host: ajax.aspnetcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         152.199.19.160
HTTP/2 200 OK
content-type: text/css
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 8830292
cache-control: public,max-age=31536000
date: Sun, 25 Sep 2022 10:59:16 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   19629
Md5:    7e2bb6028f0b19917a1a2d1944fc72b1
Sha1:   e1837fc75ee2ddd24c6e1df6b309ea212b57e681
Sha256: cc6093bd7162882fd34252fb5d3e8e7d07247e3b70fad894320bf2a960abeda5
                                        
                                            GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1 
Host: ajax.aspnetcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ntnlst.com
Connection: keep-alive
Referer: https://ntnlst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         152.199.19.160
HTTP/2 200 OK
content-type: application/javascript
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 5736101
cache-control: public,max-age=31536000
date: Sun, 25 Sep 2022 10:59:16 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32033)
Size:   9839
Md5:    432ca07a1a844dbb27f9e0ab0d468be5
Sha1:   7fdaf858d702f84536a515c675b4028ce2eb0cfa
Sha256: 12732099d21835fabf83a93eec52f7cf1847cd64a0572d18917b2e13b06d5cf0
                                        
                                            GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ntnlst.com
Connection: keep-alive
Referer: https://ntnlst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.170
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 11:22:32 GMT
expires: Thu, 21 Sep 2023 11:22:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
age: 344204
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30774
Md5:    81182f4b684635f6bdcbdd907ee66f25
Sha1:   a1f2f151df72ede41397c8131bd47a3ce85575b3
Sha256: be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
                                        
                                            GET /common_tpls/compactML/css/epcclgafv1.css HTTP/1.1 
Host: ntnlst.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/acct/epc68930/add/?epcVIP=48.1066.g23lf&email=&password=&firstname=&lastname=&zip=&lang=no&cts=1&act=epc68930.47283-159730.pllx_us_sg_mob.jiogz632fa4170005d825&epcCID=q3Ramdi3rfx3i6mcw3a9ocA0E546Pc02j&rtid=9862231917
Cookie: PHPSESSID=d98b9027ad3640b9b890ed02993bf0f6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.40
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
content-length: 8235
last-modified: Tue, 01 Jun 2021 20:17:27 GMT
etag: W/"60b695d7-b782"
content-encoding: gzip
section-io-cache-id: a43cd641f123fd5e23823054140c3610
vary: Accept-Encoding
x-varnish: 786373 261987
age: 19212
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 3e82c527ccd37b07017915f15733bf3c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   8235
Md5:    8a344ce5e61ae09037b93003d0a45b2a
Sha1:   0cfc0debab3db8ff782aadcfc5f7e031b7cca1de
Sha256: 3b1f5ede4bfb286c8dc80b2a3a954f2fc731d200cb70e90244c8a7e604d56f4e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /lp4/js/translate.js HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:26 GMT
vary: Accept-Encoding
etag: W/"6269008a-71ff"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   12887
Md5:    ad7ce9521afa046a46f54bb23c15ce1c
Sha1:   ab4d4dd0c5310236f298cdcb409250950ea7a514
Sha256: adfbcbee5de48677bd68804d75a5ffa290c2776029029264acc8424e7fa103d9

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /common_tpls/images/icons/email.png HTTP/1.1 
Host: ntnlst.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/acct/epc68930/add/?epcVIP=48.1066.g23lf&email=&password=&firstname=&lastname=&zip=&lang=no&cts=1&act=epc68930.47283-159730.pllx_us_sg_mob.jiogz632fa4170005d825&epcCID=q3Ramdi3rfx3i6mcw3a9ocA0E546Pc02j&rtid=9862231917
Cookie: PHPSESSID=d98b9027ad3640b9b890ed02993bf0f6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.40
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:08 GMT
etag: "599b3538-4e6"
section-io-cache-id: 515e87ac556d8be202e29b2913c519d2
x-varnish: 3218289 2537566
age: 19874
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 388703c3460c4d72ea2f5ca9400b2513
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size:   1254
Md5:    a86d99b9176d82a211cfa29b2f0b353f
Sha1:   62947ddfd87e3a21869818885e4bfa4e55ad0c11
Sha256: f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1
                                        
                                            GET /common_tpls/images/icons/fname.png HTTP/1.1 
Host: ntnlst.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/acct/epc68930/add/?epcVIP=48.1066.g23lf&email=&password=&firstname=&lastname=&zip=&lang=no&cts=1&act=epc68930.47283-159730.pllx_us_sg_mob.jiogz632fa4170005d825&epcCID=q3Ramdi3rfx3i6mcw3a9ocA0E546Pc02j&rtid=9862231917
Cookie: PHPSESSID=d98b9027ad3640b9b890ed02993bf0f6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.40
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
content-length: 1649
last-modified: Tue, 28 Nov 2017 20:51:58 GMT
etag: "5a1dcc6e-671"
section-io-cache-id: 1eab29e2916704dc0320a9ee620bae55
x-varnish: 3218290 261314
age: 19874
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 5395b7c91d321fbf4a6f282d18b8f632
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size:   1649
Md5:    5c846870756544f39604e671d4111b9d
Sha1:   304938c74246e228fa82d8ca40201c3db6098074
Sha256: d43abf8c5665519a3fe3f7e90298fc17b62e06d8ada1b90a44ea9985a62abb4d
                                        
                                            GET /common_tpls/images/icons/address.png HTTP/1.1 
Host: ntnlst.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/acct/epc68930/add/?epcVIP=48.1066.g23lf&email=&password=&firstname=&lastname=&zip=&lang=no&cts=1&act=epc68930.47283-159730.pllx_us_sg_mob.jiogz632fa4170005d825&epcCID=q3Ramdi3rfx3i6mcw3a9ocA0E546Pc02j&rtid=9862231917
Cookie: PHPSESSID=d98b9027ad3640b9b890ed02993bf0f6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.40
HTTP/2 200 OK
content-type: image/png
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
content-length: 1167
last-modified: Tue, 16 Jun 2020 16:45:10 GMT
etag: "5ee8f716-48f"
section-io-cache-id: eba414503aa260f59f5316e9b5c48f49
x-varnish: 786376 2565030
age: 19874
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 570f125890a95085f6d4642bb54739e4
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size:   1167
Md5:    b579e9868402d708e54e1a980166c444
Sha1:   1c58e2890b934c0b1ab057f3ac28bedd2a082d19
Sha256: 67756f8b542c7823bcdba421219c3b8e1ee472748d8c3463534f667271356dfb
                                        
                                            GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1 
Host: ka-p.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntnlst.com/
Origin: https://ntnlst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.18.23.52
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 2046695
accept-ranges: bytes
server: cloudflare
cf-ray: 75033fdccf430b61-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26366)
Size:   4194
Md5:    7fd743485fa194e25e2a207bff6c258a
Sha1:   97c999d752b95ee1ed6271a29aa58109dc17281e
Sha256: dd939d69a23f003d49287291f0bcb59df58119d60bc5f14a81cbfd957894f6dc
                                        
                                            GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1 
Host: ka-p.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntnlst.com/
Origin: https://ntnlst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.18.23.52
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 2046695
accept-ranges: bytes
server: cloudflare
cf-ray: 75033fdccf460b61-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (27832)
Size:   2603
Md5:    eaaabd3f60063923cd5333eb1d7a20a1
Sha1:   0da69706105e28896a1f6eeaa91d5bec1b82f7f1
Sha256: f863309ec0ac675409167610ff9776fa9c7620d6ee3592cc0c19d0b883ff2f70
                                        
                                            GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1 
Host: ka-p.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntnlst.com/
Origin: https://ntnlst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.18.23.52
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 2046695
accept-ranges: bytes
server: cloudflare
cf-ray: 75033fdccf450b61-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65397)
Size:   54194
Md5:    dc9270247a97f75913a5d8934c24de03
Sha1:   ed9b0fa01b552571f99d529ed355b2ba91cfc48d
Sha256: 847cc3ab1ea736cbbaac34833596335471fc7a888089b501b3c83a323566f0b8
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:59:16 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 29 Sep 2022 07:56:19 GMT
ETag: "5797d9bc3288c5bf738ef310e8b89e78149c9b55"
Last-Modified: Sun, 25 Sep 2022 07:56:20 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 343
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75033fdcfa0e0b06-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    561f1706a33489752723a4e6647d2e6b
Sha1:   5797d9bc3288c5bf738ef310e8b89e78149c9b55
Sha256: c9f6de9161367bc9cb7dbc217544ba3f0a1f72d7eacc8b7ea52aa24d36169b94
                                        
                                            GET /nr-spa-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sun, 25 Sep 2022 10:59:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1643-BMA
x-cache: HIT
x-cache-hits: 722
x-timer: S1664103557.956475,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32010)
Size:   18216
Md5:    6561a2403142205f966207d61576f1a6
Sha1:   1310e72f494e12ab63a4280fc1600a2c89dc9bb8
Sha256: 0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
                                        
                                            GET /common_tpls/js/validate_form_v2.js?jsv=25 HTTP/1.1 
Host: ntnlst.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/acct/epc68930/add/?epcVIP=48.1066.g23lf&email=&password=&firstname=&lastname=&zip=&lang=no&cts=1&act=epc68930.47283-159730.pllx_us_sg_mob.jiogz632fa4170005d825&epcCID=q3Ramdi3rfx3i6mcw3a9ocA0E546Pc02j&rtid=9862231917
Cookie: PHPSESSID=d98b9027ad3640b9b890ed02993bf0f6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.40
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
vary: Accept-Encoding
last-modified: Wed, 21 Sep 2022 17:58:41 GMT
etag: W/"632b50d1-5a13"
section-io-cache-id: e05a1ba911c0350696cf67fe9da639d0
x-varnish: 786374 1913339
age: 19901
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 248614b44d2a835401d1db6d4bcaad9a
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   6041
Md5:    d90c7e217cb2254cbbd24bb4f6fed01c
Sha1:   4c306b3f9c1145f75b63c715f14ccab607640914
Sha256: dd6a1c9f6c92e14cbc5d434a437168f4e8cd70ce9f230b4c055703fe7f16a09e
                                        
                                            GET /acct/trk/?rtid=9862231917 HTTP/1.1 
Host: ntnlst.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: VwUCVFRWCBAJV1dSDwkPVV0=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjMzNTUyNTAiLCJhcCI6IjExMDMwNzg4NDIiLCJpZCI6IjI3YjUxMTZiMGYzMWIyY2QiLCJ0ciI6IjJjOGViZjBiMzQ2YjI1MGVhZjk3Zjc5ZDg0NjQ1NDE2IiwidGkiOjE2NjQxMDM1NTU0OTN9fQ==
traceparent: 00-2c8ebf0b346b250eaf97f79d84645416-27b5116b0f31b2cd-01
tracestate: 3355250@nr=0-1-3355250-1103078842-27b5116b0f31b2cd----1664103555493
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://ntnlst.com/acct/epc68930/add/?epcVIP=48.1066.g23lf&email=&password=&firstname=&lastname=&zip=&lang=no&cts=1&act=epc68930.47283-159730.pllx_us_sg_mob.jiogz632fa4170005d825&epcCID=q3Ramdi3rfx3i6mcw3a9ocA0E546Pc02j&rtid=9862231917
Cookie: PHPSESSID=d98b9027ad3640b9b890ed02993bf0f6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.40
HTTP/2 200 OK
content-type: text/json;charset=UTF-8
                                        
date: Sun, 25 Sep 2022 10:59:17 GMT
content-length: 21
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 3478017
age: 0
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Miss
section-io-id: 8822e0aa84676aaf4b36c8b0efb07ce6
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   21
Md5:    048b3509439145f1f53c540d4f3736e9
Sha1:   946e8175ff4edbd72dd8cf94d1462a910033eb38
Sha256: eca2337d425ba796d158f64416381d7ee1cd281fc98ec329252a3cf89194ff93
                                        
                                            GET /1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=3092&ck=1&ref=https://ntnlst.com/acct/epc68930/add/&ap=93&be=2556&fe=3011&dc=3008&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664103552468,%22n%22:0,%22f%22:1879,%22dn%22:1881,%22dne%22:1893,%22c%22:1893,%22s%22:1998,%22ce%22:2211,%22rq%22:2211,%22rp%22:2485,%22rpe%22:2485,%22dl%22:2489,%22di%22:2996,%22ds%22:3007,%22de%22:3010,%22dc%22:3010,%22l%22:3010,%22le%22:3012%7D,%22navigation%22:%7B%7D%7D&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Sun, 25 Sep 2022 10:59:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 75033fdfeecdb51e-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=cbdf86da31c1f2aa; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   72
Md5:    107d93e382e2c9b00fbf9fb0edc65d86
Sha1:   77e750e3ebf9706f4f6dd253785602d70be17c6c
Sha256: a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
                                        
                                            POST /events/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=3386&ck=1&ref=https://ntnlst.com/acct/epc68930/add/ HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 669
Origin: https://ntnlst.com
Connection: keep-alive
Referer: https://ntnlst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sun, 25 Sep 2022 10:59:17 GMT
Content-Length: 24
Connection: keep-alive
CF-Ray: 75033fe0f83bb51e-OSL
Access-Control-Allow-Origin: https://ntnlst.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   24
Md5:    bc32ed98d624acb4008f986349a20d26
Sha1:   2d3df8c11d2168ce2c27e0937421d11d85016361
Sha256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0693f3eb-ed7b-4594-b2db-7432590f4d49.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4723
x-amzn-requestid: 4be5e73a-e648-40a4-8566-cb3417e5843b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EKHYcoAMFgMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7880-4682134275162910149d09ec;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 67JgCuzx90IROr0JQJq0jbsntmkbD0dReobbS4G1V6pPD22qOosLrg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:15:14 GMT
age: 45847
etag: "8324b383c89771a2b1155ec6d069bf5a47338acd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4723
Md5:    3d35df1f57d0736995615b0d8f50b8a3
Sha1:   8324b383c89771a2b1155ec6d069bf5a47338acd
Sha256: 9f381d59d2e4b086d43d784d7660e27f6f7760dc2b4eb9beee4b6e94801cb6db
                                        
                                            GET /b314bdf1b3.js HTTP/1.1 
Host: kit.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ntnlst.com
Connection: keep-alive
Referer: https://ntnlst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.23.52
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FxDOlwQAizxGFHYS96Qh
cf-cache-status: HIT
server: cloudflare
cf-ray: 75033fdc0e990b61-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1 
Host: ntnlst.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/acct/epc68930/add/?epcVIP=48.1066.g23lf&email=&password=&firstname=&lastname=&zip=&lang=no&cts=1&act=epc68930.47283-159730.pllx_us_sg_mob.jiogz632fa4170005d825&epcCID=q3Ramdi3rfx3i6mcw3a9ocA0E546Pc02j&rtid=9862231917
Cookie: PHPSESSID=d98b9027ad3640b9b890ed02993bf0f6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.40
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
vary: Accept-Encoding
last-modified: Tue, 16 Jun 2020 16:45:10 GMT
etag: W/"5ee8f716-3445"
section-io-cache-id: b3dfe6981a6ba19768be0e5e19a56044
x-varnish: 3218291 2015929
age: 19816
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: ff1ed5e734fa516edbded94d62532386
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /lp4/js/jquery-2.2.4.min.js HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:26 GMT
vary: Accept-Encoding
etag: W/"6269008a-14e4a"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /lp4/js/function.js HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:25 GMT
vary: Accept-Encoding
etag: W/"62690089-6c7"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825 HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: text/html
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:16 GMT
vary: Accept-Encoding
etag: W/"62690080-3386"
expires: Tue, 25 Oct 2022 10:59:13 GMT
cache-control: max-age=2592000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /lp4/css/style.css HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
server: nginx
last-modified: Wed, 27 Apr 2022 08:36:17 GMT
vary: Accept-Encoding
etag: W/"62690081-19d7"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /icon?family=Material+Icons HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 25 Sep 2022 10:59:16 GMT
date: Sun, 25 Sep 2022 10:59:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /cr.php?cid=445&ACT=68930&TRK=pllx_us_sg_mob.jiogz632fa4170005d825 HTTP/1.1 
Host: readyrtr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         44.239.224.24
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Sun, 25 Sep 2022 10:59:14 GMT
location: https://www.qcktrkr.com/ep.php/prmagms:72927/68930:pllx_us_sg_mob.jiogz632fa4170005d825?crpx=O4Hl092539554
set-cookie: AWSALB=QLxSGAG3LpV+nlycmjKDgQXZEI4f0gAXoHdtbbsLseVDNJ9FCbm8Tza2RnL2VmBfSqUNi96T+nMtOQJqvldwri3ZlfFlMrRi2I7wtyr9nAowCW1I3eFsed5aayBR; Expires=Sun, 02 Oct 2022 10:59:14 GMT; Path=/ AWSALBCORS=QLxSGAG3LpV+nlycmjKDgQXZEI4f0gAXoHdtbbsLseVDNJ9FCbm8Tza2RnL2VmBfSqUNi96T+nMtOQJqvldwri3ZlfFlMrRi2I7wtyr9nAowCW1I3eFsed5aayBR; Expires=Sun, 02 Oct 2022 10:59:14 GMT; Path=/; SameSite=None; Secure hskp=O4Hl092539554%2C; expires=Sun, 09-Oct-2022 10:59:14 GMT; Max-Age=1209600 skip=-1664103554%2C1203; expires=Sun, 25-Sep-2022 11:09:14 GMT; Max-Age=600 445_1203_0=1664103554; expires=Mon, 26-Sep-2022 10:59:14 GMT; Max-Age=86400
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /common_tpls/js/form_support.js?v=1516308712 HTTP/1.1 
Host: ntnlst.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/acct/epc68930/add/?epcVIP=48.1066.g23lf&email=&password=&firstname=&lastname=&zip=&lang=no&cts=1&act=epc68930.47283-159730.pllx_us_sg_mob.jiogz632fa4170005d825&epcCID=q3Ramdi3rfx3i6mcw3a9ocA0E546Pc02j&rtid=9862231917
Cookie: PHPSESSID=d98b9027ad3640b9b890ed02993bf0f6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.40
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
vary: Accept-Encoding
last-modified: Wed, 21 Sep 2022 17:58:41 GMT
etag: W/"632b50d1-3bf"
section-io-cache-id: c47298db92e1cb059008d288a83a8e53
x-varnish: 3218288 2243905
age: 19874
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 7f79d2358d95250ded229dcc2c95cd4f
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /user-segments/?pid=TH HTTP/1.1 
Host: statisticresearch.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         3.212.86.82
HTTP/2 200 OK
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
server: nginx
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /pushjs/1.0.0/utils.js HTTP/1.1 
Host: notification-centr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
server: nginx
last-modified: Wed, 16 Sep 2020 11:36:14 GMT
vary: Accept-Encoding
etag: W/"5f61f8ae-20f2"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /pushjs/1.0.0/subscriber.js HTTP/1.1 
Host: witch-fucker.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://witch-fucker.com/lp4/?subid=pllx_us_sg_mob&clickID=jiogz632fa4170005d825
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         50.17.223.200
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:13 GMT
server: nginx
last-modified: Wed, 27 Apr 2022 08:33:24 GMT
vary: Accept-Encoding
etag: W/"6268ffd4-3894"
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /?v=1 HTTP/1.1 
Host: geoip.enlistsecureup.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntnlst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.128.172
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 25 Sep 2022 10:59:16 GMT
server: waf/4.31.19-2.el6
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-via: 1.1 PS-SJC-011UH181:6 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1bc200:14 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1je97:15 (Cdn Cache Server V2.0)
x-ws-request-id: 63303484_PSdgflkfFRA1vg90_35686-65110
set-cookie: HMF_CI=0543b1ca3c809d2922952b35429e1c9fbb6d9b9e4d1066030c480c7c3efa54390b55499aa26e1c0c3416ea7908706fadf4dee9fcb745a906b3240bdf4375fecd5e; Expires=Tue, 25-Oct-22 10:59:16 GMT; Path=/
X-Firefox-Spdy: h2


--- Additional Info ---