r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7814
Expires: Mon, 12 Sep 2022 21:12:04 GMT
Date: Mon, 12 Sep 2022 19:01:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 18:08:16 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oMokl5I_EkfNnnQgYFX8JILFN6RabMuFJriPMtRamqw81V3g00MAEA==
Age: 3214
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Vx-76oB_z6phcOkiIADH4OkW7_D-5wLheGX9f6Fv8gsqZ6tRyS3O-g==
age: 42278
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 19:01:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 18:56:07 GMT
Expires: Mon, 12 Sep 2022 19:52:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4Yp7IYpSN7Bu2_mBY1Fvt_7gtX1mc-mPfp58sOQM_qQl2-cwZ2DSmg==
Age: 343
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cb674936db4af4be99c3c397eff8c6ae
de79d76bac3fae5799b0ff35ecc19360595dfb06
992b884b64f9f6fdb76a6ba91c48fed329325b95b99d8003b282879a52093c08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5069
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:50 GMT
Last-Modified: Mon, 12 Sep 2022 17:37:21 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
www.immigration.net/
132.148.112.52301 Moved Permanently 0 B IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 12 Sep 2022 19:01:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Mon, 12 Sep 2022 20:01:50 GMT
Cache-Control: max-age=3600
X-Redirect-By: WordPress
Set-Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; expires=Tue, 13-Sep-2022 19:01:50 GMT; Max-Age=86400; path=/
YWRlcnrXO=_xQmGW.fuOg7; expires=Tue, 13-Sep-2022 19:01:50 GMT; Max-Age=86400; path=/
CzepGkADlOSKtb=ry%40%5BA2UD; expires=Tue, 13-Sep-2022 19:01:50 GMT; Max-Age=86400; path=/
enCXHt=Bo1RIGh8nAkf; expires=Tue, 13-Sep-2022 19:01:50 GMT; Max-Age=86400; path=/
pll_language=en; expires=Tue, 12-Sep-2023 19:01:50 GMT; Max-Age=31536000; path=/; SameSite=Lax
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://www.immigration.net/
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
35.164.183.116101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.183.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LLuAlWRgC13DfDuJniyeew==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FZTfgscaMIewvOF20bE0beEdkVg=
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6568
Expires: Mon, 12 Sep 2022 20:51:20 GMT
Date: Mon, 12 Sep 2022 19:01:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6568
Expires: Mon, 12 Sep 2022 20:51:20 GMT
Date: Mon, 12 Sep 2022 19:01:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6568
Expires: Mon, 12 Sep 2022 20:51:20 GMT
Date: Mon, 12 Sep 2022 19:01:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6568
Expires: Mon, 12 Sep 2022 20:51:20 GMT
Date: Mon, 12 Sep 2022 19:01:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6568
Expires: Mon, 12 Sep 2022 20:51:20 GMT
Date: Mon, 12 Sep 2022 19:01:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8625e0707046e7a3715a8dbb40b1cae2
0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78
abc4c12561be08897341d9c8104c30a289357c0907e55c46895f7fb6afb2f75d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6c05fb6-7f49-4d2f-96eb-0b6c468353f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13568
x-amzn-requestid: ad06f499-3e04-414a-8a3f-6daa9e0124ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3yN1F2BIAMFoqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312fd8b-3a17f11440d2f37b23ac7f6a;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:08:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iNRnq8nMhoTo9oY379Ynb6uPW0vNyf3dNufU_HpXNfzxvhrAEKEzJQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:40:11 GMT
age: 76901
etag: "0f44ee871ad9d0a0ddd07d0c87d54f7e72b56f78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7ccc33ae0c85a906f2c17db281ec790
1904722d70348235d5472c54f888d2b4b991e2aa
f48edc03624f582b05b596694b76bd784f85eb9f2ca5dd025bbea9cc2ff1f096
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6999
x-amzn-requestid: 61e3e817-fb62-47c7-b938-2dfc6a134622
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO1mlG3XIAMFo5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3629-37c2c8982c4ccf891875c59a;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:00:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: S2TR552YpZeEbhTSAn4vdXexYpvR4Lrr-LaJmfNd7LnO0L4QM8w-Dg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:13:41 GMT
age: 42491
etag: "1904722d70348235d5472c54f888d2b4b991e2aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 239262b6ab17cb19414c35cd4f761092
48eddcf9838e980e67cc8f9cbb05b475df2f0331
cd27cbce632d769288d9c33c5c8e887ba02df5677f10f7a6d03139b590ba24b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9815
x-amzn-requestid: 89243e57-94eb-4c6b-903f-aa01df030ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxnEAjoAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-199403e2695b214711f5117f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PWOeca9JRnIgEymeLVyqTBucBJ0j6OS9Rmqwd4CcAKixqo0zvb452w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:48:14 GMT
age: 76418
etag: "48eddcf9838e980e67cc8f9cbb05b475df2f0331"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -SwaUjMInlOaGpH6yK1W1a57QCQMgY-l43RdUfKVtZA1zJzMrLzC6g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 04:04:42 GMT
age: 53830
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 22:16:58 GMT
age: 74694
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 76801
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css?ver=6.0.2
104.17.24.14200 OK 10 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css?ver=6.0.2
IP 104.17.24.14:0
File type ASCII text, with very long lines (59119)
Hash 14e1692fd4263ccfea0b84299bdbf1f5
7783020a9ced5f32c8d38205357c7d10798be1fd
8ff0cd2d1e7f0b6203a762fb9811256d4445a3ad0d97f07102e038ba0eb3db72
GET /ajax/libs/font-awesome/5.15.4/css/all.min.css?ver=6.0.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 19:01:52 GMT
content-type: text/css; charset=utf-8
content-length: 10462
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "613fa20b-28de"
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 2941183
expires: Sat, 02 Sep 2023 19:01:52 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jQtYJGbAwOomNwSzlrFgmqCrTc7B33xtKk%2B8%2BApSu2K5hIQtxjrCIrExOxhXndhRTpkf9iRMo9buXSE4cTLfZCVuVLuKoP4Ix7%2FMmDIWCQKzFt02Imnvkq8eHquABaRuDXWSUcVt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 749ae4eabcc20b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.mailmunch.co/app/v1/site.js
143.204.55.128200 OK 8.4 kB URL HTTP/2 a.mailmunch.co/app/v1/site.js
IP 143.204.55.128:0
File type ASCII text, with very long lines (25963), with no line terminators
Hash 5199c583c931528fb1c5eb80f2fbadff
14a9e7bb992c1b05646ed5d2023c203259e73987
ddb99fbc5182b37da43944529484fd47a6c5710789c9f60e9fdf5bd12f81b3d2
GET /app/v1/site.js HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 8397
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Fri, 09 Sep 2022 07:28:12 GMT
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 Sep 2022 18:14:28 GMT
cache-control: max-age=172800
etag: "5199c583c931528fb1c5eb80f2fbadff"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cGjfTiSsWtZq6UViWhmv0cu4K76g36Fwfv-9Q5HmTf6CJuW9hkhh8g==
age: 89245
X-Firefox-Spdy: h2
www.immigration.net/
132.148.112.52200 OK 27 kB IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12441), with CRLF, LF line terminators
Hash b1a42aa3cb5e0609126359920eef7f9d
d7172872e7c22baa47808f7a3605c9d705f61d14
00a0fe90802c30a5102d748372c1de208ad7f1ddbd01165a31c4a66541304d0e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.30
link: <https://www.immigration.net/wp-json/>; rel="https://api.w.org/", <https://www.immigration.net/wp-json/wp/v2/pages/2598>; rel="alternate"; type="application/json", <https://www.immigration.net/>; rel=shortlink
set-cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; expires=Tue, 13-Sep-2022 19:01:51 GMT; Max-Age=86400; path=/; secure
YWRlcnrXO=_xQmGW.fuOg7; expires=Tue, 13-Sep-2022 19:01:51 GMT; Max-Age=86400; path=/; secure
CzepGkADlOSKtb=ry%40%5BA2UD; expires=Tue, 13-Sep-2022 19:01:51 GMT; Max-Age=86400; path=/; secure
enCXHt=Bo1RIGh8nAkf; expires=Tue, 13-Sep-2022 19:01:51 GMT; Max-Age=86400; path=/; secure
pll_language=en; expires=Tue, 12-Sep-2023 19:01:51 GMT; Max-Age=31536000; path=/; secure; SameSite=Lax
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 27007
content-type: text/html; charset=UTF-8
date: Mon, 12 Sep 2022 19:01:51 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6a62a18394d6eb174eafda87a9a884ff
38825afcca70d68810f1a334449a16a87076b3f8
46079c65452ba17c02877e35862c4836e9a482b5b239a8ed80df9b8bb6acbd22
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6419
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:52 GMT
Last-Modified: Mon, 12 Sep 2022 17:14:53 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bff3a3f3f4f889b08163e7d307438790
c430c7c151973fa0e63ddf52e5624e1ce2282161
bce7d12a2343d8e43fbd05522fe82807ed48933a984aa113c284267364981750
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c3d8032059a24d14d00c2ee5d8840c01
62efae1ea6aaea612a12d42b6e5b65d24be11437
2319fe90c8b4d3cc41ec9cce275c82d19fb764015196bd1c52dfb9c5d85b9b0b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ce73c519c98c5a35e15c819475ab355d
2c563afaf4eb3f70985495851054983dcc951aeb
7c9c48120b24609c0134228714ba075206d9b97d39c9db6ed5a5f8f07e96887b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5175
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:52 GMT
Last-Modified: Mon, 12 Sep 2022 17:35:37 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
www.googletagmanager.com/gtag/js?id=AW-10928892074
142.250.74.72200 OK 61 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10928892074
IP 142.250.74.72:0
File type ASCII text, with very long lines (3012)
Hash b37cd12bd672bd3c7059e832956d14c8
957db1bd71ed9532f5ade452ecec0581c6e62f11
86223e68f102c51f97c99c1201beef1462db0da99432855601c9faffc008d836
GET /gtag/js?id=AW-10928892074 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 12 Sep 2022 19:01:52 GMT
expires: Mon, 12 Sep 2022 19:01:52 GMT
cache-control: private, max-age=900
last-modified: Mon, 12 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61158
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.3.0
132.148.112.52200 OK 4.3 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash ab51a57b0a7892002f038df1b5804f17
8ff348441a76ff9aad17e731bc33b9e53aa406d0
22d2bf6b4a7f66c1bff36c3228d6887436400deb15f1ab44517b9ad0efa07a1f
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b419fc-5c7b-5e700677cd6ca-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4318
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bff3a3f3f4f889b08163e7d307438790
c430c7c151973fa0e63ddf52e5624e1ce2282161
bce7d12a2343d8e43fbd05522fe82807ed48933a984aa113c284267364981750
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ec7a5bb8e310f5c9c992cf85832d5445
e32b8e200a79da9008985e8e6c272f35b02581c5
6391e4c68631e272509ade559b8f568b03dd88be1956906332ae584f9faee00a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
132.148.112.52200 OK 3.3 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (27709)
Hash de25deb1514a3ba39e90bb45665aaa2f
fd5d4c836cc80f4350101414de25e665c4df4b51
67cdfdaf9767c318d1f269c0c46e768a65520ff151b103f40fc1446b473abec8
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 14 Jul 2021 15:50:19 GMT
etag: "1a00e34-6c70-5c7174fb524c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3267
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
bit.ly/3qtHNyR
67.199.248.10301 Moved Permanently 163 B IP 67.199.248.10:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 541c17809172ccc0057dfdc275a00cdd
e35982fdbeabce9ac267a95076e40e77d8fcee2a
3e3f83a55f14f1106a07e846d10890f5fa09f559369e81f5500213e24c8c02d0
GET /3qtHNyR HTTP/1.1
Host: bit.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Mon, 12 Sep 2022 19:01:52 GMT
content-type: text/html; charset=utf-8
content-length: 163
cache-control: private, max-age=90
location: https://resource.kenect.com/api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG
set-cookie: _bit=m8cj1Q-270d59cf9cdd13d39d-002; Domain=bit.ly; Expires=Sat, 11 Mar 2023 19:01:52 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.10.207200 OK 6.6 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.10.207:0
File type ASCII text, with very long lines (27303)
Hash 947d28c38016abe40337288fbc14d08c
8b6f446dd3e5583da74c31a870b933c7cda4c08e
3a4fce7ae794e445eb05cec55a394919632b0a783f1c66315deb8b2442e80be1
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 19:01:52 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 8453560
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 749ae4eb2eb5b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ce73c519c98c5a35e15c819475ab355d
2c563afaf4eb3f70985495851054983dcc951aeb
7c9c48120b24609c0134228714ba075206d9b97d39c9db6ed5a5f8f07e96887b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5175
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:52 GMT
Last-Modified: Mon, 12 Sep 2022 17:35:37 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
IP 142.250.74.3:0
Hash ad0ea0a519efd02a0253e8e9cd336cd1
39a7299dcbdae7bfd155eb5d31f9fc5d7b18a2d7
9da3d65bcc66241fca3b48cd5a3c55378db8ce9663f4788bbdcee2ce57190d2c
POST /s/gts1d4/_FxBsn3OejE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:52 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.css?v=070afde0274dc6039a8a8949d12a15cd&ver=6.0.2
132.148.112.52200 OK 1.1 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.css?v=070afde0274dc6039a8a8949d12a15cd&ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (7116)
Hash 826884fdb05b65bb7a14b9db8a343e78
c82f3e28cdc0ff73c184174378a7e1ba0b0bc538
824f944e16e18ef36d50608cadec803c542ea322f4931f1e08896822a2c932ee
GET /nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.css?v=070afde0274dc6039a8a8949d12a15cd&ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:42 GMT
etag: "1ac148c-2043-5e700674bac97-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1051
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
132.148.112.52200 OK 12 kB URL HTTP/2 www.immigration.net/nova/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (43771)
Hash e5548800176e913a9084f47a3e1e04f6
eff4604acc5c26ae82a19188de2f98bf5b79d80c
a2569c768eaca09f2483b971fcebb97badd57c9a16b5ae3e16b8cdcd8c688b07
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 13 Jul 2022 02:59:58 GMT
etag: "1a400f6-15b64-5e3a6faf52780-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 11681
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/visual-link-preview/dist/public.css?ver=2.2.4
132.148.112.52200 OK 273 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/visual-link-preview/dist/public.css?ver=2.2.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (637)
Hash 7088432ee0ac9084b81eb0db71aed8d1
b3ec7fa11323e31b1787888bcd2db74bc50d6706
b5c3abb76b713f1f1a1a893667e19d0cbf0900244599b77e88239a4544086011
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/visual-link-preview/dist/public.css?ver=2.2.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Feb 2022 15:00:22 GMT
etag: "1a2066a-27f-5d71e64b30d80-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 273
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/wp-ada-compliance-check-basic/styles.css?ver=1650652011
132.148.112.52200 OK 4.7 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/wp-ada-compliance-check-basic/styles.css?ver=1650652011
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (405)
Hash 9aac96cd088c656c1abd20bec99485e0
abe636351b19d1a3ffc035137ed1647002a90712
09d6c27aa7abbe68f0bd42ae82ea85e6f489df3d6d9937e928c404cffb5a5a90
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/wp-ada-compliance-check-basic/styles.css?ver=1650652011 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 22 Apr 2022 18:26:51 GMT
etag: "19e1271-5502-5dd425ec370c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4740
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/themes/x-child/style.css?ver=9.1.4
132.148.112.52200 OK 463 B URL HTTP/2 www.immigration.net/nova/wp-content/themes/x-child/style.css?ver=9.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash 19903779c578815d1ffa44a56f0e4c29
0a9ed74ac05dc366b27fb9807da23afac3a2cc17
1b38b631e6276d507645db54e100cd24ee5c4f830f45ef8536a2c675e81e5cd6
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/themes/x-child/style.css?ver=9.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 18 Nov 2021 16:39:29 GMT
etag: "1a21108-482-5d112cd633240-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 463
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
132.148.112.52200 OK 212 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash db66de13c05ea53fcf76501102756efa
e124611eaa5ac52ad1ffa6d8e13bd54ec53f251b
bcc8b236b089f186585569d3128078fcc27eafe97a8d01b2075f6f8528779e07
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 19:36:11 GMT
etag: "1a00197-137-5e4ce877c00c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 212
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/monarch/css/style.css?ver=1.3.16
132.148.112.52200 OK 13 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/monarch/css/style.css?ver=1.3.16
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (718)
Hash bf4e8a511d82daf1e22f290808d204d6
ff0d4c9d382224e906f316191212e799f453b798
3fcc24dac9076fdb99d3106c540c92a3b074c6574e2417821daac276fccfa5e9
GET /nova/wp-content/plugins/monarch/css/style.css?ver=1.3.16 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 11 Jan 2018 19:02:28 GMT
etag: "1a00edd-1c56d-56284ca03b900-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 12734
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
resource.kenect.com/api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG
34.149.59.194200 OK 24 kB URL HTTP/2 resource.kenect.com/api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG
IP 34.149.59.194:0
File type Unicode text, UTF-8 text, with very long lines (24355), with no line terminators
Hash be61b0a0004e754488ea7fb2fcd77e44
212cb3448da348e4210b33835cae508ead202423
f7142e633bb1306b0454dd2670cf771431546f346bdd700da0b46a7c8ae06469
GET /api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG HTTP/1.1
Host: resource.kenect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.immigration.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.23.1
date: Mon, 12 Sep 2022 19:01:52 GMT
content-type: text/javascript;charset=UTF-8
content-length: 24363
x-cloud-trace-context: d29a28663da41c5116998b566e01ce45/8519697713387250010
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
IP 142.250.74.3:0
Hash ad0ea0a519efd02a0253e8e9cd336cd1
39a7299dcbdae7bfd155eb5d31f9fc5d7b18a2d7
9da3d65bcc66241fca3b48cd5a3c55378db8ce9663f4788bbdcee2ce57190d2c
POST /s/gts1d4/_FxBsn3OejE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:52 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/themes/x/framework/dist/css/site/stacks/integrity-light.css?ver=9.1.4
132.148.112.52200 OK 33 kB URL HTTP/2 www.immigration.net/nova/wp-content/themes/x/framework/dist/css/site/stacks/integrity-light.css?ver=9.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash d43fc828f8dcd8cbda95e57b1ece2450
cf5f94a9916d67d0017d6c31d56afbd0c69888ec
1f83236713a2ab03b6808de3ff2f8e3572f283866b3785ab8bd1026b5c7284ae
GET /nova/wp-content/themes/x/framework/dist/css/site/stacks/integrity-light.css?ver=9.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Nov 2021 16:25:39 GMT
etag: "1a21133-2ff49-5d0d6426446c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 33334
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.3.0
132.148.112.52200 OK 3.4 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (21440)
Hash a033d66bedb7d4b81e367e0cd3bdd24b
366af2db24db29b2b6bed3d627f4d8de0d97e77e
5a540db5c135e3911ef9c9e78d3e2eaf780da89aa49567b2c176928ad6bf3294
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b41a13-54f7-5e700677cde9a-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3372
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.2
132.148.112.52200 OK 5.4 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (15291)
Hash 387aa8b49ea3be1275e8d4a007985db0
b12f59be593abf0b1d5cbb48a5bd5343da47b413
76a9407f62ac0c7007c29909faeb68aef1914f3441b8e71418561a34adcff155
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 15 Jul 2022 18:24:50 GMT
etag: "1a20f40-3bbc-5e3dc2238a080-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 5391
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.3.16
132.148.112.52200 OK 1.9 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.3.16
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (4205)
Hash adffe288d354bc53918565e48f7b60b7
3b5815526f8fbe9b19fe9c472d33b54f86b75991
4f3d1120aa1a8584b66c9407d9cf3979767bd42e2f3b8d59a4f1492398c3fe90
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.3.16 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:54:11 GMT
etag: "1a00ee9-10e3-5e0d106d592c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1882
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/comment-reply.min.js?ver=6.0.2
132.148.112.52200 OK 2.3 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/comment-reply.min.js?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (4751)
Hash f16589caad01d11d8200ccf25ebddad2
a6b32cb2db229df690641d771f40454e7ed7e653
1073bce21fef8679a7d4d1ecf03e48b17ed13c177a9841919b07f16a4215dc5c
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/js/comment-reply.min.js?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 26 May 2022 17:59:23 GMT
etag: "1802a11-12b2-5dfedf323b4c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2282
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.0
132.148.112.52200 OK 2.5 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (4781)
Hash 267c28c21e5f8866a6fd14928f12e58f
e98fad1633c56eff809c658ef47b6c8a1ea5910f
54848d04b079a7c6059ace7b8d952aa212d9435081c5f0e97437fd433888e66b
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 19:36:11 GMT
etag: "1a001b3-12d4-5e4ce877c00c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2466
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.0
132.148.112.52200 OK 1.7 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1805)
Hash edb814cfd57d1f8796e263e8a966bd5e
5b92eca6bcd272955b28dcb188213b348702de3b
7425a79f4aac3e1fc1160ef81460f29bfa8aa5db0b0f6ea5defb87c29de3f9b7
GET /nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 19:36:11 GMT
etag: "1a001b7-d32-5e4ce877c00c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1681
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.0
132.148.112.52200 OK 1.4 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1808)
Hash 68535827dff0fc346a88808408ce2afc
6ba9eca7cf148f8f83f7fe13f5f9575f81c909b8
e3b04379c12b6c337495c7699ec3756283beb48fb44154a6832bbbe464f06c36
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 19:36:11 GMT
etag: "1a001ae-b22-5e4ce877c00c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1350
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
132.148.112.52200 OK 2.9 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9680), with no line terminators
Hash 7c2c4ebd10adb73367b5c5f0e1e5d3ce
a67e4fd0e3e7452e74b22517ba924b58307d7758
5244443e699788a134cc77adfc3fd18f03386df5fe49e6c82b057387ba4d0ebd
GET /nova/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 06:29:09 GMT
etag: "1ac01ee-25d0-5e7abd904cb2a-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2914
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
132.148.112.52200 OK 1.1 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1809)
Hash 455d6342214263aa1337901caa4f7409
58147936c4e437e6ad9dcd5ea437f4c99c64c2de
8fd8a2eb0442197cfbfccdef612577686647eaa79c20156cfb310b2e23d4878c
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:53:56 GMT
etag: "1a00e3c-858-5e0d105f0b100-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1128
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.2
132.148.112.52200 OK 1.8 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (8319)
Hash 4ef76087ceebf8f309ed48ec12e63876
8c01ce47d1fd1bdbdf77f4b4b1e002ccd7d92afa
2a79fd037132847cedca153e7cb2ac6057afb3a33af627d63c0fce9a5393b8d5
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 15 Jul 2022 18:24:50 GMT
etag: "1a20f5f-2080-5e3dc2238a080-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1786
content-type: text/css
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
132.148.112.52200 OK 5.1 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (11126)
Hash ae64378f010be422e18e87de79f15a3f
acdf51dfac83cfd2aea21a07d75df00428b75d95
d09dd000b97a147a6f907fa7ddab9559b7a36814ce6c64d8ffec24c86f852969
GET /nova/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Feb 2022 15:01:57 GMT
etag: "1a40217-32e5-5d71e6a5ca340-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 5083
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
132.148.112.52200 OK 3.9 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (12211), with no line terminators
Hash 7ef755c2700783f9eae63fc539149a18
e57c0c5ceb5e2fbf1aaad44aad6319f8b26b69a1
95c808afbeaf569865125c132b69df4a68bca03fd6b792d38ef9a0e341dbf06b
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 06:29:09 GMT
etag: "1ac01f1-2fb3-5e7abd904cb2a-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3934
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.2
132.148.112.52200 OK 2.0 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (4907)
Hash 3355220cc4853affe74bfeec6c5cafe7
840efcbdcb82ee6725de16562fb94dc613cc7b6d
eb52fed40e9cf2dc63fb48cd86376dce059f0787a981b9fe125efddb08757bf0
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 15 Jul 2022 18:24:50 GMT
etag: "1a20f37-132c-5e3dc2238a080-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1998
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
132.148.112.52200 OK 5.9 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (15660)
Hash bf39d7c58b51b2b49f347ce4b638666a
aef4b7d331fdd76e560f78cf47fae1a8ac0052c1
37b9e4701df035563ba7493ce8259d3fe3b90423f52700a0134198dd32ef913b
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 26 May 2022 17:59:23 GMT
etag: "1802a54-4fc6-5dfedf323b4c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 5937
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/monarch/js/custom.js?ver=1.3.16
132.148.112.52200 OK 6.5 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/monarch/js/custom.js?ver=1.3.16
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1815)
Hash 4f7996d43ee4c68714b20f4296799364
e8f38c124d82ef19779bb48fbdcf54c0089fc28f
f57fd305904a112ffc4678dffc512e5506890fd338b142c874b907c99c7ba295
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/monarch/js/custom.js?ver=1.3.16 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:54:11 GMT
etag: "1a00ee8-6e10-5e0d106d592c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 6466
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/js/site/flexslider.js?ver=6.1.4
132.148.112.52200 OK 7.8 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/js/site/flexslider.js?ver=6.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (26122), with no line terminators
Hash 2077b074f53a9b62b0d55e99c360daf7
41a8d6127fb557a770e81f7dfe6233c7c4cb00c3
2f760a668165e4affea06215c56144f4c90781e86d4de0975d9434240d903856
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/js/site/flexslider.js?ver=6.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:53:55 GMT
etag: "1a0097d-660a-5e0d105e16ec0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 7837
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
132.148.112.52200 OK 32 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65447)
Hash b958907d28ecd24396af4feca1425dc6
80c3c6532bcd8208efe6727d81a62b141dcbfc38
0f0bb931990c65bdff228c1b1185d514391f796903eb07b311f4b9101713ae6c
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Feb 2022 15:01:57 GMT
etag: "1a4021f-164be-5d71e6a5ca340-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 31847
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/themes/x/framework/dist/js/site/x.js?ver=9.1.4
132.148.112.52200 OK 15 kB URL HTTP/2 www.immigration.net/nova/wp-content/themes/x/framework/dist/js/site/x.js?ver=9.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (54351), with no line terminators
Hash ccbefa361a7ff48b275b71aa9def53bc
e6921539bfeed4ff0a4e2a004e9e333e30ab8606
d7b1a7dd56e78c321cf377310a318082af7c43f1d126bbeab12aae8e4f5545b7
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/themes/x/framework/dist/js/site/x.js?ver=9.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:54:18 GMT
etag: "1a2113e-d44f-5e0d107406280-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 15382
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.3.0
132.148.112.52200 OK 42 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65343)
Hash 8915ae671d1b078d67b86d554ee78087
2bb06cd05eb0e9e3375df44a1e8dce34a96db301
fa807f6f33b991c713df5b48eddbec3ddd35f5eba9b7cd98bd997d490570ba65
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b41a12-1e049-5e700677cdab2-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 41980
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif
132.148.112.52200 OK 42 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /nova/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 19:36:11 GMT
etag: "1a001a9-2a-5e4ce877c00c0"
accept-ranges: bytes
content-length: 42
content-type: image/gif
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/js/site/cs.6f62d0f.js
132.148.112.52200 OK 46 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/js/site/cs.6f62d0f.js
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash ce8386fcb7d86dbda40a00d063d6cd57
5960ed916fa94e0846df795a50b39d9e02b58de1
149afab4a6ae5889221997de240deadf6c16d9791ef1a1453bc3415c2c7ce935
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/js/site/cs.6f62d0f.js HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:53:55 GMT
etag: "1a0097c-22b10-5e0d105e16ec0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 46135
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/uploads/2017/10/Kuck_Immigration_Slider02.jpg
132.148.112.52200 OK 31 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2017/10/Kuck_Immigration_Slider02.jpg
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1280x720, components 3\012- data
Hash ea64b175603f9acfd5683a5087d15c33
d84f84165f03d1034ced95e472f5335764bd3fc6
10318ac880b6e3f5e70bc6b525570792f1570644fbcfa556153d4b5b7a9061cf
GET /nova/wp-content/uploads/2017/10/Kuck_Immigration_Slider02.jpg HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 Oct 2017 05:19:19 GMT
etag: "1a214a4-784e-55cbcc7c903c0"
accept-ranges: bytes
content-length: 30798
content-type: image/jpeg
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2018/01/Kuck_Baxter_Logo_2018.png
132.148.112.52200 OK 37 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/Kuck_Baxter_Logo_2018.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 2001 x 824, 8-bit/color RGBA, non-interlaced\012- data
Hash 7d44788bc34ac5e61dbfd213fa8d599e
415bde76066080d99326779e7e2630aa700b80b8
a4e84089771d0353a227f74d203ba7b67a89177077f235279066414ca1959429
GET /nova/wp-content/uploads/2018/01/Kuck_Baxter_Logo_2018.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 04 Jan 2018 12:16:09 GMT
etag: "1a2158d-9121-561f24c061440"
accept-ranges: bytes
content-length: 37153
content-type: image/png
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:10:21 GMT
expires: Wed, 06 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 525092
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 17:10:21 GMT
expires: Wed, 06 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 525092
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 24408, version 1.0\012- data
Hash efee2d080d7bebdd2e0aeb2e030813a0
f8d38f9f9584e48c2e469877ebd94232265585f1
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
GET /s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24408
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 20:02:00 GMT
expires: Tue, 05 Sep 2023 20:02:00 GMT
cache-control: public, max-age=31536000
age: 601193
last-modified: Tue, 26 Apr 2022 15:50:25 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4894843dd17150368f9e81305262c361
09c1036ec45f4da92b1749c5b0a76062d32ee681
5242d2bcde6e9f49b38e0749771de0388b9687af78be7b13a27e147b3e38684e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/uploads/2022/02/Kuck_Baxter_Logo_white_2018.png
132.148.112.52200 OK 45 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2022/02/Kuck_Baxter_Logo_white_2018.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 1000 x 412, 8-bit/color RGBA, non-interlaced\012- data
Hash 7b51f021c99a15448d1b90bbe02be466
d236132e22bb0a383266b76f1c4b60a67b9d59e2
322e51b2aba7159137b98c9ef788adec4a81ec76ba229d84847171847db57bca
GET /nova/wp-content/uploads/2022/02/Kuck_Baxter_Logo_white_2018.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 24 Feb 2022 11:46:16 GMT
etag: "1a22097-b154-5d8c221361200"
accept-ranges: bytes
content-length: 45396
content-type: image/png
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2018/01/Charles_Univision.jpg
132.148.112.52200 OK 65 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/Charles_Univision.jpg
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, progressive, precision 8, 960x541, components 3\012- data
Hash d48dcb33e423a96f11e99c0b4a8b4c6b
a76689673124704835610e51a3ff424a4497edd4
b677dff80761c80c6b67c54ca6fe9be674b439872ddc781de7e76d0ff2d1dc59
GET /nova/wp-content/uploads/2018/01/Charles_Univision.jpg HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 22 Jan 2018 16:12:54 GMT
etag: "1a21579-fe56-5635fb3d9ed80"
accept-ranges: bytes
content-length: 65110
content-type: image/jpeg
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net//nova/wp-content/uploads/2018/07/yelp-brands.jpg
132.148.112.52200 OK 1.1 kB URL HTTP/2 www.immigration.net//nova/wp-content/uploads/2018/07/yelp-brands.jpg
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 32x32, components 3\012- data
Hash 6a09a2f803b7310a34915a131c78c23f
6866bf0f42f32745cd2d01b6ab1aac9f221cb0fe
0fc12d125cbb69bef362d8831222705d0a07a59d0b549cc23df4b020ac58247e
GET //nova/wp-content/uploads/2018/07/yelp-brands.jpg HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/nova/wp-content/themes/x-child/style.css?ver=9.1.4
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 01 Aug 2018 01:04:51 GMT
etag: "1a21680-438-572554819f2c0"
accept-ranges: bytes
content-length: 1080
content-type: image/jpeg
date: Mon, 12 Sep 2022 19:01:53 GMT
server: Apache
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2
104.17.24.14200 OK 78 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2
IP 104.17.24.14:0
File type Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196\012- data
Hash d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
GET /ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 19:01:53 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 78268
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "613fa20b-131bc"
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 4055618
expires: Sat, 02 Sep 2023 19:01:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5BLCOCZ7bf7EI43MAE5YSwkErXDFtt5kgQc1YBG02qB2u2iBi7d0hefSVxk5sme1Wx0DXGQx5fPbmouQZPYMNUo9MO902iS9wih0MVfYO2AeizmyzSF8r%2B1SEpfOXd8FZD72nWe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 749ae4f44fec0b31-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2022/02/Sky-1536x862.jpeg
132.148.112.52200 OK 129 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2022/02/Sky-1536x862.jpeg
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 180x180, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=10, manufacturer=Canon, model=Canon PowerShot A580, orientation=upper-left, xresolution=161, yresolution=169, resolutionunit=2, software=ACD Systems Digital Imaging, datetime=2012:07:02 16:50:20], baseline, precision 8, 1536x862, components 3\012- data
Size 129 kB (128883 bytes)
Hash b7deae195841c47c6de148a790b68da0
508d75b4bfd89b1a184aae542397609665a8d400
688aeccf812f5d346e82e723b19ec3af8285c879771c7d5acf09d2f2ccb1c4d3
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/uploads/2022/02/Sky-1536x862.jpeg HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 24 Feb 2022 11:39:12 GMT
etag: "1a2209f-1f773-5d8c207f05800"
accept-ranges: bytes
content-length: 128883
content-type: image/jpeg
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2019/08/21819-banner-PODCAST-INGLES.jpg
132.148.112.52200 OK 134 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2019/08/21819-banner-PODCAST-INGLES.jpg
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1280x720, components 3\012- data
Size 134 kB (133771 bytes)
Hash 9011633ca4c735202e2eaaf0eecde627
488c985d6bafeb4755c5e5248e4269f6254dc218
d7234d3b3c9a4ef93efe7ff472ad52b0b12dc1476ba4d0c65c3d1add0b6410eb
GET /nova/wp-content/uploads/2019/08/21819-banner-PODCAST-INGLES.jpg HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 22 Aug 2019 06:46:11 GMT
etag: "1a21abc-20a8b-590af0b8cb2c0"
accept-ranges: bytes
content-length: 133771
content-type: image/jpeg
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5d77d749f09a04b82a23d3eead159239
c3bf17901f939a5c398dcb00164a05cf6963d55b
bf0c32c180a7b9a9600d6e9c0878fcd103abc2b78a7e147284516c09406de635
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-brands-400.woff2
132.148.112.52200 OK 78 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-brands-400.woff2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 78464, version 331.-31392\012- data
Hash ff496de99efc36ce4f6f1e611ada7e65
f6b96b15619d6c70e152ccc6901f5872b58b08be
59beb1f8f4ea7e16c50ae0652005e6f7a39f58f9deb0e155d8c8981ea99544b0
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/fonts/fa-brands-400.woff2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Nov 2021 16:26:12 GMT
etag: "1a0096b-13280-5d0d6445bd100"
accept-ranges: bytes
content-length: 78464
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Mon, 12 Sep 2022 19:01:53 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 65853637a2bec49d6dad83c506766ed6
8347788c8315eda56afbb4a8b2f57a66cf752045
3fbb3780d6048c4488a07a4fcdbcf0d23155478c56670d5f3f84ba1653438a86
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-solid-900.woff2
132.148.112.52200 OK 141 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-solid-900.woff2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 140996, version 331.-31392\012- data
Size 141 kB (140996 bytes)
Hash 25d740d42658b6e2c293ce7b3322aac7
41cc9ae4b5dd70fd3988059dfb864f20f99ae371
8b5a3ff47c2413e0bf3dd3bb7899a25aeef9b390a055847a1185a39ad48a2da2
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/fonts/fa-solid-900.woff2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Nov 2021 16:26:12 GMT
etag: "1a00974-226c4-5d0d6445bd100"
accept-ranges: bytes
content-length: 140996
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Mon, 12 Sep 2022 19:01:53 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/css/loading.gif
132.148.112.52200 OK 1.7 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/css/loading.gif
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type GIF image data, version 89a, 32 x 32\012- data
Hash 265808cc54404f22de9785c713e0cb7e
bf3d1b71957caee1c6273061ad00c99c5d785a0f
b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec
GET /nova/wp-content/plugins/a3-lazy-load/assets/css/loading.gif HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 19:36:11 GMT
etag: "1a00198-69a-5e4ce877c00c0"
accept-ranges: bytes
content-length: 1690
content-type: image/gif
date: Mon, 12 Sep 2022 19:01:53 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5d77d749f09a04b82a23d3eead159239
c3bf17901f939a5c398dcb00164a05cf6963d55b
bf0c32c180a7b9a9600d6e9c0878fcd103abc2b78a7e147284516c09406de635
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
storage.googleapis.com/widget.kenect.com/resources/prompt.html.gz
142.250.74.48200 OK 1.4 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/prompt.html.gz
IP 142.250.74.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1300)
Hash 8f25df841e51cfab45b5aae5db6d18b8
90e76f0a60f48f3d790e95540aa1be35a6f884ac
03a07b070691db50795f43a532e134326abc81f2907d8e2ffb067f27f0ce105b
GET /widget.kenect.com/resources/prompt.html.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdud_dsfNOtuOkqeQD8bHK3-9xokQWYofncnClMoUl6wvwuv22HfTVWiqdxNVmWyITXGi7c42NPorWV7YX7MlmtP4A
x-goog-generation: 1657738774177700
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1436
content-encoding: gzip
x-goog-hash: crc32c=AnuppQ==, md5=jyXfhB5Rz6tFtarl220YuA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1436
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Mon, 12 Sep 2022 18:41:31 GMT
expires: Mon, 12 Sep 2022 19:41:31 GMT
cache-control: public,max-age=3600
age: 1223
last-modified: Wed, 13 Jul 2022 18:59:34 GMT
etag: "8f25df841e51cfab45b5aae5db6d18b8"
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,400i,700,700i&subset=latin,latin-ext&display=auto
142.250.74.10200 OK 1.8 kB URL HTTP/2 fonts.googleapis.com/css?family=Lato:400,400i,700,700i&subset=latin,latin-ext&display=auto
IP 142.250.74.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (748)
Hash 298fe890e00f6b1a6aa333574f6f820c
212f08c6e37daeebdd36f088b5ec0a0307ee9ec2
9972a8f9256ae91f8f3bc68b8209248a93de14d664e0f89fa8aa043f59be0168
GET /css?family=Lato:400,400i,700,700i&subset=latin,latin-ext&display=auto HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Sep 2022 19:01:52 GMT
date: Mon, 12 Sep 2022 19:01:52 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
storage.googleapis.com/widget.kenect.com/resources/prompt.min.js.gz
142.250.74.48200 OK 1.1 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/prompt.min.js.gz
IP 142.250.74.48:0
File type ASCII text, with very long lines (2437)
Hash 1037d122e10bb5f0d760dc08a815afeb
a9d0faf68ebde9ef78a1c9fddea06ff094762235
e100214aa8f96b8c08394ebbca05454d0b142abc3a4c3e16f7693dabb4af13c8
GET /widget.kenect.com/resources/prompt.min.js.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://storage.googleapis.com/widget.kenect.com/resources/prompt.html.gz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycduCI_gsgCzfgP2ZCyi4Ej7jDJ9sPRA37ByPkw72rgFKgKsSJ9iaUpSbNDnI1AsW8kcDQuFpVfeqRtquJ8dcA35_5Q
x-goog-generation: 1657738775277442
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1139
content-encoding: gzip
x-goog-hash: crc32c=EN5cHQ==, md5=EDfRIuELtfDXYNwIqBWv6w==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1139
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Mon, 12 Sep 2022 18:48:05 GMT
expires: Mon, 12 Sep 2022 19:48:05 GMT
cache-control: public,max-age=3600
age: 829
last-modified: Wed, 13 Jul 2022 18:59:35 GMT
etag: "1037d122e10bb5f0d760dc08a815afeb"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
storage.googleapis.com/widget.kenect.com/resources/button.min.js.gz
142.250.74.48200 OK 1.2 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/button.min.js.gz
IP 142.250.74.48:0
File type ASCII text, with very long lines (2745)
Hash 4cc815772707982e8c2b9ec45fd2fc96
95e0d491cda07f48bf73ea97355e71be7975020b
239d57f3384ca410ab6bfa207d1bf9c48949469f29c42acd4d3d27b3eca27fd2
GET /widget.kenect.com/resources/button.min.js.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://storage.googleapis.com/widget.kenect.com/resources/button.html.gz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycds2uC4bXB5dK3JiRdkAfBmAILXNDHyYb7m8WG2c40IQGFVWRSGv72NJ0E4uOM89ORDcu8HDnWMvg3zmXqCqv-Nbvg
x-goog-generation: 1657738774766484
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1182
content-encoding: gzip
x-goog-hash: crc32c=nJPn3A==, md5=TMgVdycHmC6MK57EX9L8lg==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1182
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Mon, 12 Sep 2022 18:48:05 GMT
expires: Mon, 12 Sep 2022 19:48:05 GMT
cache-control: public,max-age=3600
age: 829
last-modified: Wed, 13 Jul 2022 18:59:34 GMT
etag: "4cc815772707982e8c2b9ec45fd2fc96"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5d77d749f09a04b82a23d3eead159239
c3bf17901f939a5c398dcb00164a05cf6963d55b
bf0c32c180a7b9a9600d6e9c0878fcd103abc2b78a7e147284516c09406de635
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type gzip compressed data, max compression\012- data
Hash 2997aaeebb305a5f276e43a48cef6e86
87600a51cfa4b946702c9e0660a50f3e4d76284e
bd29772326811975a16d1260e75c042d42ddcb36a3653fef303f23dbf28f1bd9
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://storage.googleapis.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Sep 2022 02:02:22 GMT
expires: Sun, 10 Sep 2023 02:02:22 GMT
cache-control: public, max-age=31536000
age: 233972
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://storage.googleapis.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 430066
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2020/07/Comment.jpeg
132.148.112.52200 OK 70 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2020/07/Comment.jpeg
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 990x540, components 3\012- data
Hash 365264c0f5260c48d7522ba775faebad
29a4bbba00b469d5fd38d645c8608f7d742d5f16
ab2d063abb25162b8e125a2404fa33a801867a8b82db59d170a477a8a5f9993d
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/uploads/2020/07/Comment.jpeg HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 15 Jul 2020 16:13:48 GMT
etag: "1a21dbe-10f94-5aa7d35744700"
accept-ranges: bytes
content-length: 69524
content-type: image/jpeg
date: Mon, 12 Sep 2022 19:01:53 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,700
142.250.74.10200 OK 16 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,700
IP 142.250.74.10:0
Hash 44511e854f77100ecf24f42f26dbe56a
5b73cd8d3a24c07b7b43eb7e7a2219cd77ac1b34
e56193e52d0f2f918f9c836f23082c550dc1bfd84f97b820e28be3d47529531f
GET /css?family=Open+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Sep 2022 19:01:52 GMT
date: Mon, 12 Sep 2022 19:01:52 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2019/07/iStock-684755186-1200x671.jpg
132.148.112.52200 OK 298 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2019/07/iStock-684755186-1200x671.jpg
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=13, description=Close up on USA visa in a passport. A visitor needs a valid US visa to present to the CBP officer (customs and border protectio, manufacturer=NIKON CORPORATION, model=NIKON D5000, orientation=upper-left, xresolution=2428, yresolution=2436, resolutionunit=2, software=Adobe Photoshop CC 2015 (Windows), datetime=2017:04:18 00:23:31], baseline, precision 8, 1200x671, components 3\012- data
Size 298 kB (298122 bytes)
Hash 3aff1fd1fb318af8b25a92f315ec4923
179da199c3892c4f665d955b838f50c8d3988dfc
386dbf23f20ad561da4b5ea30d670f68a0373ff1fc47cb9d7eee9f5ea6cfda61
GET /nova/wp-content/uploads/2019/07/iStock-684755186-1200x671.jpg HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 08 Jul 2019 18:19:00 GMT
etag: "1a21a95-48c8a-58d2f7a656d00"
accept-ranges: bytes
content-length: 298122
content-type: image/jpeg
date: Mon, 12 Sep 2022 19:01:53 GMT
server: Apache
X-Firefox-Spdy: h2
storage.googleapis.com/widget.kenect.com/build/index.html.gz?token=6Sj957aIcyVWOLohrUqwmG
142.250.74.48200 OK 1.2 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/build/index.html.gz?token=6Sj957aIcyVWOLohrUqwmG
IP 142.250.74.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2673), with no line terminators
Hash 4e1143b063372f7126154563379abcd0
a3300862db2ccc98b160811cb95085fe431ca1bd
44da3a189b96ae54334ecc435c3ee23777face457d287b1b2ea2a1a6ddb46f2e
GET /widget.kenect.com/build/index.html.gz?token=6Sj957aIcyVWOLohrUqwmG HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdtDhI8GnJpV6cfWtmODXcXz8_P9YwjX4rP7gnJtaxwhC_SiNi8_19_khtLFQqfk-h30otn_sfhdxKvpe-9Yy1z3UBPn9xta
x-goog-generation: 1658206774132232
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1176
content-encoding: gzip
x-goog-hash: crc32c=REEuxA==, md5=ThFDsGM3L3EmFUVjN5q80A==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1176
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Mon, 12 Sep 2022 19:01:54 GMT
expires: Mon, 12 Sep 2022 20:01:54 GMT
cache-control: public,max-age=3600
last-modified: Tue, 19 Jul 2022 04:59:34 GMT
etag: "4e1143b063372f7126154563379abcd0"
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.oribi.io/XzI4MTU4OTU5OA/oribi.js
143.204.55.3200 OK 3 B URL HTTP/2 cdn.oribi.io/XzI4MTU4OTU5OA/oribi.js
IP 143.204.55.3:0
File type JSON data\012- , ASCII text
Hash 8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
GET /XzI4MTU4OTU5OA/oribi.js HTTP/1.1
Host: cdn.oribi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=UTF-8
content-length: 3
date: Mon, 12 Sep 2022 19:01:54 GMT
cache-control: public, max-age=60
x-cache: Miss from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0PHWPwfap37u0RK5ciLHCSL8pK1d3xNYhPlMWVFr1b0HMtz5V-pXow==
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
216.58.207.234200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (32038)
Hash 103708790db3586027df27ded660f8ef
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe
GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 11 Sep 2022 20:25:40 GMT
expires: Mon, 11 Sep 2023 20:25:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 81374
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
snap.licdn.com/li.lms-analytics/insight.min.js
2.22.244.90200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 2.22.244.90:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=67037
date: Mon, 12 Sep 2022 19:01:54 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/1f642.svg
192.0.77.48200 OK 788 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/1f642.svg
IP 192.0.77.48:0
Hash 2fc21a34dbef5f8b304bc70a1fb9ceb1
a74f51efffb195f099406dfce0e1e45aec9c578c
44fbabcd9d31acbd24c1753bf916b3b5149a4517f5aa39d3f076cc1cedad583d
GET /images/core/emoji/14.0.0/svg/1f642.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 19:01:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 3d32ed765bfab663c00246ac795b64ba
4d8e0099c2e32840ef64a48713b88d6c09b310c4
e90e0103ef98a15975d48c8e0de74e1b8eb5ebe8a4c359d363b73740d0da663f
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Mon, 12 Sep 2022 18:41:12 GMT
expires: Mon, 12 Sep 2022 20:41:12 GMT
cache-control: public, max-age=7200
age: 1242
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 437c7ccd2c357dd83d6b9a5118d4b402
e0002389b286a960b454a92aeb3d1a1e08317ff2
9a5b3bdb7765ea21d7147a0c8022198a1be6c8256fa594b53732cf59e86532b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 45b55c678e2944a30a6d8160bb6e4a94
a1ac0c9681902e7d64e49bd9e146820ce2c60f4f
5a89db56a9b47aa3e426799671db9b25a42d7dd7d6881c66eca7ed37facf6bd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash 8e7e24fb3539746aa8b869558f589615
d8086d86bbd5cfacc3b6a5ef14aa917830e137dd
7304497ee417a664bdea67d7307ca36a36013556b927c3ea5bca6c04b66236ef
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: HtImIbxRDSaj1Z0ou7XFA8iDG9OhmIBCtyKNMLEN3p01VRK9xftTDx6Vl6QXAGhdQD3wjdwzaj77/eOK7WKndQ==
priority: u=3,i
content-length: 26737
x-fb-trip-id: 1679558926
date: Mon, 12 Sep 2022 19:01:54 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1623)
Hash 4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 12 Sep 2022 19:01:54 GMT
expires: Mon, 12 Sep 2022 19:01:54 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.mailmunch.co/app/v1/styles.css
143.204.55.128200 OK 2.3 kB URL HTTP/2 a.mailmunch.co/app/v1/styles.css
IP 143.204.55.128:0
File type ASCII text, with very long lines (21666), with no line terminators
Hash 8bde8c669566502ced26fc415723b990
329476ec7160563489487d0d7518281e281521da
11ad1805ed2135c3fdaf56a607f22154138e9995062ac5d0bbabce65f49ab860
GET /app/v1/styles.css HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 2274
date: Sun, 11 Sep 2022 03:36:57 GMT
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Fri, 09 Sep 2022 07:28:17 GMT
etag: "8bde8c669566502ced26fc415723b990"
cache-control: max-age=172800
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yNnCYZvwTdFMvO2NfmEBbv8le88NBgwfBDlTTIAeqsNH831UH-Z6RQ==
age: 141898
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-192x192.png
132.148.112.52200 OK 6.3 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-192x192.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 22088157dc6b204dde2ee845068880e5
316cf54d748255ddc055a0b40547396a944322ec
82333541f18d98b110bd0f85302b99868c2512c9a74990b4d05b026211cd9aec
GET /nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-192x192.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en; _gcl_au=1.1.1758015466.1663009302
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Apr 2020 01:45:31 GMT
etag: "1a2159c-186e-5a2bda7c864c0"
accept-ranges: bytes
content-length: 6254
content-type: image/png
date: Mon, 12 Sep 2022 19:01:54 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-32x32.png
132.148.112.52200 OK 788 B URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-32x32.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash c6aa6a2a07ab263497254c23bb616b8a
0c66fff3499b4f4e034ad214320b293ba66ec3bd
89f7476a2b80bf46a47a313fecef13e0e0c57d5ce4e511194db5c971666e262e
GET /nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-32x32.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en; _gcl_au=1.1.1758015466.1663009302
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Apr 2020 01:45:31 GMT
etag: "1a215a0-314-5a2bda7c864c0"
accept-ranges: bytes
content-length: 788
content-type: image/png
date: Mon, 12 Sep 2022 19:01:54 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0b93bf10aa6a1c704f00fe526ad647b
0a19767b3b99aa79469aadc9b88ec5d3df93d442
852466649bb58710c5a9a42d6fcc2ada0d5062ba42351cc503ed2fdd46588e33
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6522
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Last-Modified: Mon, 12 Sep 2022 17:13:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ad439cab56126bcc402ee9f92365a209
a4b48a9a733c53cbc7020e190b8c787e1f80f55a
d0e2e52b66a8dec8c57092ec332f452a7348941d778d7b4686ca32696aabd065
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/s/player/977792fa/www-widgetapi.vflset/www-widgetapi.js
216.58.207.238200 OK 54 kB URL HTTP/2 www.youtube.com/s/player/977792fa/www-widgetapi.vflset/www-widgetapi.js
IP 216.58.207.238:0
File type ASCII text, with very long lines (814)
Hash b1b717eac9680b5de93681d5c57e9b6b
001014d30e71a6122c97a364df7764bac4947480
894ddf42c3a7fc3f9ec94573e8d937bc657da595167d1a17622003e7797b56d5
GET /s/player/977792fa/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 53533
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 17:13:43 GMT
expires: Fri, 08 Sep 2023 17:13:43 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 08 Sep 2022 00:15:07 GMT
content-type: text/javascript
age: 352091
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 437c7ccd2c357dd83d6b9a5118d4b402
e0002389b286a960b454a92aeb3d1a1e08317ff2
9a5b3bdb7765ea21d7147a0c8022198a1be6c8256fa594b53732cf59e86532b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 324364e9311c1f7cb5e4068f3d947d5d
ddb00dc97404cee267838983ce8bb4ae48d6647a
d6cc296b22c48f9e7bb3a905dd9e899441ae7c29faec4a62e71628e1f23d61a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10928892074/?random=1663009302397&cv=9&fst=1663009302397&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2F&tiba=Atlanta%20Immigration%20Lawyers%2C%20Deportation%20Attorneys%2C%20Work%20Visa%20-%20Kuck%20%7C%20Baxter&auid=1758015466.1663009302&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.66200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10928892074/?random=1663009302397&cv=9&fst=1663009302397&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2F&tiba=Atlanta%20Immigration%20Lawyers%2C%20Deportation%20Attorneys%2C%20Work%20Visa%20-%20Kuck%20%7C%20Baxter&auid=1758015466.1663009302&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.66:0
File type ASCII text, with very long lines (2414), with no line terminators
Hash 7a017ebc1a61c551ef240993e1ec3ba9
d82ddbfc4d76038cedc1dddcb8645fc14425b616
dd05d27c917d2345eb9460ec913796da819bb121fecb2bb2c126f6aa319cf0b8
GET /pagead/viewthroughconversion/10928892074/?random=1663009302397&cv=9&fst=1663009302397&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2F&tiba=Atlanta%20Immigration%20Lawyers%2C%20Deportation%20Attorneys%2C%20Work%20Visa%20-%20Kuck%20%7C%20Baxter&auid=1758015466.1663009302&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 19:01:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1082
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 12-Sep-2022 19:16:54 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663009302247&url=https%3A%2F%2Fwww.immigration.net%2F
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663009302247&url=https%3A%2F%2Fwww.immigration.net%2F
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=4573033&time=1663009302247&url=https%3A%2F%2Fwww.immigration.net%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663009302247%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252F%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQIwkTvZ-Qv6NQAAAYMzFFcA_EB-MQnJAioBUsgHCM1-FYI5FaUHJW7BkBJdUQnnyxR0iruXWE-kCA; Max-Age=2592000; Expires=Wed, 12 Oct 2022 19:01:54 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQLjR44PU0wV0AAAAYMzFFcAhm2Y8eM9GtTcE7TD_xM11jEM2yVoOx-IutOfwjE79ef50-gpEsX4LdtHp0XchQ; Max-Age=2592000; Expires=Wed, 12 Oct 2022 19:01:54 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&9ddd1c84-dae4-4c61-8521-804757c485e7"; domain=.linkedin.com; Path=/; Secure; Expires=Tue, 12-Sep-2023 19:01:54 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2341:u=1:x=1:i=1663009314:t=1663095714:v=2:sig=AQGiopdKI61WqEoZFbvuTFWV8GAZUwsm"; Expires=Tue, 13 Sep 2022 19:01:54 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXof4dzs2l2dxsot4LlvQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: D21E6D31B75043F494144E1B64F0CF59 Ref B: OSL30EDGE0312 Ref C: 2022-09-12T19:01:54Z
date: Mon, 12 Sep 2022 19:01:54 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 324364e9311c1f7cb5e4068f3d947d5d
ddb00dc97404cee267838983ce8bb4ae48d6647a
d6cc296b22c48f9e7bb3a905dd9e899441ae7c29faec4a62e71628e1f23d61a2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d2af1fb3989fd5a905698146c993b43c
20bd008892a40b3e3f5eb6f453a0b0b27318a442
9c2dd06f0e0c8b8d50f6c75b3bbafed3af0b9e31d3bb87b7847f55187d6f171e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C2DD06F0E0C8B8D50F6C75B3BBAFED3AF0B9E31D3BB87B7847F55187D6F171E"
Last-Modified: Sun, 11 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1628
Expires: Mon, 12 Sep 2022 19:29:02 GMT
Date: Mon, 12 Sep 2022 19:01:54 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cc16b956392846e1100a913453575c87
09e81e2f60ab04ca565b73ed9060380a2229cf30
3a3eecb77d71c4f1c3d706f33f33e8df527b3653906d0086089c2e5b45fd25e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/10928892074/?random=1663009302397&cv=9&fst=1663009200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2F&tiba=Atlanta%20Immigration%20Lawyers%2C%20Deportation%20Attorneys%2C%20Work%20Visa%20-%20Kuck%20%7C%20Baxter&async=1&fmt=3&is_vtc=1&random=2368822455&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10928892074/?random=1663009302397&cv=9&fst=1663009200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2F&tiba=Atlanta%20Immigration%20Lawyers%2C%20Deportation%20Attorneys%2C%20Work%20Visa%20-%20Kuck%20%7C%20Baxter&async=1&fmt=3&is_vtc=1&random=2368822455&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10928892074/?random=1663009302397&cv=9&fst=1663009200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa970&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2F&tiba=Atlanta%20Immigration%20Lawyers%2C%20Deportation%20Attorneys%2C%20Work%20Visa%20-%20Kuck%20%7C%20Baxter&async=1&fmt=3&is_vtc=1&random=2368822455&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 12 Sep 2022 19:01:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4fd53df42280409cd83e9f2cbd753bb6
c7879abb078bdc6dfd363f72509d1f36e5a8a622
c6eecc725ec5cf4376f99fafaf029eaa6f207dceefb09c09f1e8aaaa1fa1b5f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 19:01:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
forms.mailmunch.co/sites/542742
54.157.58.70200 OK 130 B URL HTTP/1.1 forms.mailmunch.co/sites/542742
IP 54.157.58.70:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 4353ee35a7f95ee12db9f5caa2336e11
f8c69a2413978f2dfb53e5d227a52c60080e58af
b0243a30596ed7f56bc362e8b9d49b16d7303a451017de4d81bdb05531353bae
GET /sites/542742 HTTP/1.1
Host: forms.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-MM-Form-Tool, X-MM-Coupons
Access-Control-Expose-Headers: X-MM-Comp-Tracking, X-MM-EU-Continent, X-MM-T
Content-Type: application/json; charset=utf-8
Content-Length: 130
Etag: W/"82-+MaaJBOXjy37U+XSJ6UsYAgOWK8"
Vary: Accept-Encoding
Date: Mon, 12 Sep 2022 19:01:54 GMT
Via: 1.1 vegur
www.facebook.com/tr/?id=3361911217415580&ev=PageView&dl=https%3A%2F%2Fwww.immigration.net%2F&rl=&if=false&ts=1663009302657&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1663009302656.1886697968&it=1663009302422&coo=false&rqm=GET
157.240.200.35200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=3361911217415580&ev=PageView&dl=https%3A%2F%2Fwww.immigration.net%2F&rl=&if=false&ts=1663009302657&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1663009302656.1886697968&it=1663009302422&coo=false&rqm=GET
IP 157.240.200.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=3361911217415580&ev=PageView&dl=https%3A%2F%2Fwww.immigration.net%2F&rl=&if=false&ts=1663009302657&sw=1280&sh=1024&v=2.9.79&r=stable&ec=0&o=30&fbp=fb.1.1663009302656.1886697968&it=1663009302422&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Mon, 12 Sep 2022 19:01:54 GMT
expires: Mon, 12 Sep 2022 19:01:54 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663009302247%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252F%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663009302247%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252F%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663009302247%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252F%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.immigration.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663009302247&url=https%3A%2F%2Fwww.immigration.net%2F&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&be32b560-ac1c-4739-8c27-0fbc53ae0800"; Domain=.linkedin.com; Expires=Tue, 12-Sep-2023 19:01:54 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220912190154c325ec2c-3b72-409f-87ad-226b62b11754AQHtjiMW2wdVM3JaO9gzuhBfiuxIMSzz"; Domain=.www.linkedin.com; Expires=Tue, 12-Sep-2023 19:01:54 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjMwMDkzMTQ7MjswMjGO1u+JybgzzdNEZrCY9tQH0XibGdJMrmWjHoTdEhtMng==; Domain=.linkedin.com; Expires=Sat, 11 Mar 2023 19:01:54 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2341:u=1:x=1:i=1663009314:t=1663095714:v=2:sig=AQGiopdKI61WqEoZFbvuTFWV8GAZUwsm"; Expires=Tue, 13 Sep 2022 19:01:54 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-source-fabric: prod-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXof4d2kpVJjn6VJt/IFg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 35AC3F060D644E5A9F24070AF31C1497 Ref B: OSL30EDGE0312 Ref C: 2022-09-12T19:01:54Z
date: Mon, 12 Sep 2022 19:01:54 GMT
content-length: 0
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
216.58.207.238200 OK 1.6 kB URL HTTP/2 www.youtube.com/iframe_api
IP 216.58.207.238:0
File type ASCII text, with very long lines (509)
Hash 34180996bc7d086804127702e6561a83
3f30320c0ffba19194153f281ed3a474bd02fbec
2a80c611bcd0c4c853647591b22cf231c5c5f9db2baddd64a3effca034c3a48a
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Mon, 12 Sep 2022 19:01:54 GMT
date: Mon, 12 Sep 2022 19:01:54 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=Lg5Ik4jwzP4; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=3dRTtRtfjl8; Domain=.youtube.com; Expires=Sat, 11-Mar-2023 19:01:54 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+282; expires=Wed, 11-Sep-2024 19:01:54 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.mailmunch.co/forms-cache/542742/691900/index-1633697391.html
143.204.55.128200 OK 85 kB URL HTTP/2 a.mailmunch.co/forms-cache/542742/691900/index-1633697391.html
IP 143.204.55.128:0
Hash ca0f29d41eceff49f8f9ede46682c7a9
6e6dfde4465159cb1585845ea19daea2e137192f
87f644ba1cb4e10b6659887453e0ae81a38e9d92e6ae2e76bce699505d6e22ee
GET /forms-cache/542742/691900/index-1633697391.html HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Wed, 07 Sep 2022 07:17:59 GMT
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Fri, 08 Oct 2021 13:20:29 GMT
etag: W/"a0bc59f06086390beb0c3e7fc120ff99"
cache-control: max-age=31556952
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9BLkU8bhnXUpbYSM9LnDQk8YDTsikr_QeTzwhcdp80AkqQR01kcbMQ==
age: 474237
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663009302247&url=https%3A%2F%2Fwww.immigration.net%2F&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663009302247&url=https%3A%2F%2Fwww.immigration.net%2F&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=4573033&time=1663009302247&url=https%3A%2F%2Fwww.immigration.net%2F&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.immigration.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&b2d64803-9c69-43a6-87f6-4aac6ac12389"; domain=.linkedin.com; Path=/; Secure; Expires=Tue, 12-Sep-2023 19:01:55 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2341:u=1:x=1:i=1663009315:t=1663095715:v=2:sig=AQGf7qShmss1PFLSdKqwr15-owKdNi4y"; Expires=Tue, 13 Sep 2022 19:01:55 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-source-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXof4d6SC18cTS3ToqqTQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 37CCF051BC9849E98D3B4FC71C9FEB03 Ref B: OSL30EDGE0312 Ref C: 2022-09-12T19:01:54Z
date: Mon, 12 Sep 2022 19:01:54 GMT
content-length: 0
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1211.min.js
151.101.86.137200 OK 16 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1211.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32005)
Hash 7b77b3d7bee1029e0448396ce9b2a5cd
597bd0afc66a54e49f6eaab08ae66fe2e5c0ecd1
c29053215fa48791043f848a5a44effa881c8625e60d33585944a166e14db01e
GET /nr-spa-1211.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: unJyFjwMueefdw98CsCPPiCQzxwwDzQR5PsqUf7i1PqDfi/S2kW9zovTM8xnmkfD3kpFuU4eggQ=
x-amz-request-id: TXTEKQ3D4T65FNTE
last-modified: Mon, 27 Sep 2021 20:46:51 GMT
etag: "a5ee6c68d7de5e7446d73910964b5c10"
x-amz-version-id: CLSa7QJ2hagEFCkLjcLamPCZ0EDdPlaV
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Mon, 12 Sep 2022 19:01:55 GMT
via: 1.1 varnish
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 48
x-timer: S1663009315.289615,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 16260
X-Firefox-Spdy: h2
bam.nr-data.net/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5436&ck=1&ref=https://www.immigration.net/&be=4469&fe=5339&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663009297725,%22n%22:0,%22f%22:954,%22dn%22:957,%22dne%22:961,%22c%22:961,%22s%22:1109,%22ce%22:1403,%22rq%22:1404,%22rp%22:2419,%22rpe%22:2567,%22dl%22:2435,%22di%22:4088,%22ds%22:4093,%22de%22:4127,%22dc%22:5336,%22l%22:5336,%22le%22:5340%7D,%22navigation%22:%7B%7D%7D&fcp=3802&jsonp=NREUM.setToken
162.247.241.14200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5436&ck=1&ref=https://www.immigration.net/&be=4469&fe=5339&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663009297725,%22n%22:0,%22f%22:954,%22dn%22:957,%22dne%22:961,%22c%22:961,%22s%22:1109,%22ce%22:1403,%22rq%22:1404,%22rp%22:2419,%22rpe%22:2567,%22dl%22:2435,%22di%22:4088,%22ds%22:4093,%22de%22:4127,%22dc%22:5336,%22l%22:5336,%22le%22:5340%7D,%22navigation%22:%7B%7D%7D&fcp=3802&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5436&ck=1&ref=https://www.immigration.net/&be=4469&fe=5339&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663009297725,%22n%22:0,%22f%22:954,%22dn%22:957,%22dne%22:961,%22c%22:961,%22s%22:1109,%22ce%22:1403,%22rq%22:1404,%22rp%22:2419,%22rpe%22:2567,%22dl%22:2435,%22di%22:4088,%22ds%22:4093,%22de%22:4127,%22dc%22:5336,%22l%22:5336,%22le%22:5340%7D,%22navigation%22:%7B%7D%7D&fcp=3802&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 19:01:55 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 749ae4fcfe0cb500-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=a241600aa7b1378e; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 064376799de232c208167444b079d6b7
54618c9661228e8661d2dcb566cf55183e57259c
b759333a22ff64f81817f57ecdd7a080f81696e3139303e48e11fa67cbb0605c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B759333A22FF64F81817F57ECDD7A080F81696E3139303E48E11FA67CBB0605C"
Last-Modified: Sat, 10 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9772
Expires: Mon, 12 Sep 2022 21:44:47 GMT
Date: Mon, 12 Sep 2022 19:01:55 GMT
Connection: keep-alive
analytics.mailmunch.co/event/?site_id=542742&widget_id=691900&event_name=views&cache=1663009303318&referrer=https%3A%2F%2Fwww.immigration.net%2F&visitor_id=8036ded4-a23a-45c4-ac3f-8c824da33f44
54.91.59.199200 OK 35 B URL HTTP/1.1 analytics.mailmunch.co/event/?site_id=542742&widget_id=691900&event_name=views&cache=1663009303318&referrer=https%3A%2F%2Fwww.immigration.net%2F&visitor_id=8036ded4-a23a-45c4-ac3f-8c824da33f44
IP 54.91.59.199:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /event/?site_id=542742&widget_id=691900&event_name=views&cache=1663009303318&referrer=https%3A%2F%2Fwww.immigration.net%2F&visitor_id=8036ded4-a23a-45c4-ac3f-8c824da33f44 HTTP/1.1
Host: analytics.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Type: image/gif
Date: Mon, 12 Sep 2022 19:01:55 GMT
Transfer-Encoding: chunked
Via: 1.1 vegur
bam.nr-data.net/events/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5762&ck=1&ref=https://www.immigration.net/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5762&ck=1&ref=https://www.immigration.net/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5762&ck=1&ref=https://www.immigration.net/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 317
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 19:01:55 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 749ae4ff8a71b500-OSL
Access-Control-Allow-Origin: https://www.immigration.net
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36ab1cf7-da3f-4bea-abd5-3f9da5a18c29.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36ab1cf7-da3f-4bea-abd5-3f9da5a18c29.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash beca122055c554548ca6ef68a66a4e2e
cf5ec3650282d05c082eb0534f1b70a59f9f4bbe
a9cf7ef5dfb6a58c66bc29b2a280c2253e56a28ce317d8271273ddae2008d9d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36ab1cf7-da3f-4bea-abd5-3f9da5a18c29.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9126
x-amzn-requestid: 86fd10d3-f2bb-4191-93b0-3a416000fd68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUJHeGMqoAMFnwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e5562-1f8b12e10d7212353f050f3f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WcMMN48JT7YRvUBGR6oAes5EwusRcdgrWT60xJffsOfsbkJ4_XyALg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 76808
etag: "cf5ec3650282d05c082eb0534f1b70a59f9f4bbe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.3.0
132.148.112.52200 OK 0 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b41a11-2048e-5e700677cdab2-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
a.mailmunch.co/v2/themes/mailmunch/simple/embedded/index.css
143.204.55.128200 OK 0 B URL HTTP/2 a.mailmunch.co/v2/themes/mailmunch/simple/embedded/index.css
IP 143.204.55.128:0
GET /v2/themes/mailmunch/simple/embedded/index.css HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Wed, 08 Jan 2020 12:44:20 GMT
server: AmazonS3
content-encoding: gzip
date: Sun, 11 Sep 2022 20:33:32 GMT
cache-control: max-age=172800
etag: W/"c253f8043dd991176c2fe766d0cba6bc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: J7egjIMrmcCloXCMH4MtEqAvTH6rTyrNDrZ3Vc0_vxHEFl1lk2V4mg==
age: 80917
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.min.js?v=070afde0274dc6039a8a8949d12a15cd&ver=6.0.2
132.148.112.52200 OK 0 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.min.js?v=070afde0274dc6039a8a8949d12a15cd&ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
GET /nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.min.js?v=070afde0274dc6039a8a8949d12a15cd&ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:42 GMT
etag: "1ac1487-4d71d-5e700674bac97-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/javascript
date: Mon, 12 Sep 2022 19:01:52 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP 142.250.74.10:0
GET /css?family=Lato:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Sep 2022 19:01:52 GMT
date: Mon, 12 Sep 2022 19:01:52 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.mailmunch.co/forms-cache/542742/settings-1662935970.json
143.204.55.128200 OK 0 B URL HTTP/2 a.mailmunch.co/forms-cache/542742/settings-1662935970.json
IP 143.204.55.128:0
GET /forms-cache/542742/settings-1662935970.json HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sun, 11 Sep 2022 23:07:18 GMT
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Sun, 11 Sep 2022 22:39:36 GMT
etag: W/"1cd542084896d4f46dd12168f42e8113"
cache-control: max-age=31556952
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Eztn3MbBjQc3aDy4mUfstAXHxnzsN0yW9nlLb2K5O6D0aflxBpkGZQ==
age: 71677
X-Firefox-Spdy: h2