r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 37284a837312d6586460a3b86bbe7bd0
6ac0847abd48eb8607597218aaa2cb2d434c012b
6a0e11bb042555d72b397ae0cc3d5e242d3a3fe04418e28ffd222decca7d16ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A0E11BB042555D72B397AE0CC3D5E242D3A3FE04418E28FFD222DECCA7D16CA"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16374
Expires: Sat, 21 Jan 2023 00:51:21 GMT
Date: Fri, 20 Jan 2023 20:18:27 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8a5e416451617846248067d72b675125
995b0346adefaf5f2e167d1b81e60cc9afc4f19e
c5fafb9127b71cbd4f7b1a44f755fc4aa0e2f47bbc50de4b15c870a22bf160d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5FAFB9127B71CBD4F7B1A44F755FC4AA0E2F47BBC50DE4B15C870A22BF160D9"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3952
Expires: Fri, 20 Jan 2023 21:24:19 GMT
Date: Fri, 20 Jan 2023 20:18:27 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7afaa97fbfa9baa1485c892eac8e114d
8c17c707c218e28ac14197ce8e5eef873207a732
59db16baacb452453dbf44fc2a24f25ab09c4dbaec3a9271fda84230d8f11925
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59DB16BAACB452453DBF44FC2A24F25AB09C4DBAEC3A9271FDA84230D8F11925"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14792
Expires: Sat, 21 Jan 2023 00:24:59 GMT
Date: Fri, 20 Jan 2023 20:18:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 20 Jan 2023 19:49:34 GMT
content-type: application/json
age: 1733
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ei9BQlxCnokCLNXVJw6t8rbOjReeGFtp0f0UP3T/SgtgwnuOQ36zIUj8hgmvQeddMYQtbBwr7II=
x-amz-request-id: 9M94QESCXXXF7WSM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 20 Jan 2023 20:17:44 GMT
age: 43
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
200 OK 1.2 kB URL HTTP/1.1 www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2680)
Hash 90f50e466cc04da3664f3fdbb640c93c
aa34c8c763f17bca21704bb66fa52496966a797e
57aaee640271c2f725f4ed8235574ab83d1c6266158588d882457df42fdffbdb
GET /x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
set-cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="; Max-Age=300; Path=/; HttpOnly; SameSite=Lax
cache-control: private
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pKkr%2BBYGIh1DffuoNuk6De%2F%2FXxhBRwEPwQPNKh1bxYcF2BiLDuNqkQHcEHKxsvY%2BuW2lyKoh3LlmZmYZOyB%2FvCFxNy%2Fzv0qCe79YfRb4idhPocTw1AOnSrqDJSqbaIK8po5dxURmow%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78ca7fd92ef1b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 20 Jan 2023 20:18:27 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.secretswipes.com/js/app.js
200 OK 674 B URL HTTP/1.1 www.secretswipes.com/js/app.js
IP
Hash 061b68d44cfa4a131cd8596ad94ff02c
e25d045fd5ea13cea15575bb2d5643ce2c891e3a
8d28da6f804ba1b617c264575118684fbb63423e54eb4950946635b4dec96dc2
Analyzer Verdict Alert fortinet Phishing
GET /js/app.js HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:27 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sat, 17 Sep 2022 17:19:51 GMT
vary: Accept-Encoding
etag: W/"632601b7-504"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
cache-control: private
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCMP3J5p86k2p8BT5D0LSPi1R9LZbQTAc4P66RTwD6aH875bE9XBpNWgLf5zY17wHIWEnlSM8kB6PNLp3JdUTtzCyqRH6vBP5qj%2F%2Fa%2FRY14I8cTWKz3XiRQt10CzdwKV0vQ0TcROAg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78ca7fdbdcdb1c0e-OSL
alt-svc: h2=":443"; ma=60
www.secretswipes.com/x/wjkl218xf/files/style.css
200 OK 2.7 kB URL HTTP/1.1 www.secretswipes.com/x/wjkl218xf/files/style.css
IP
Hash dadb6083611bbf95563c4103687dad06
0b84882b4ca006b9018bb85d5c087dd6bf017faf
21bbcbb17ac2f28d3925b192dc5510e8982187f43ed55de59c9a2e376f18e09e
GET /x/wjkl218xf/files/style.css HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:28 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 25 May 2022 19:38:42 GMT
vary: Accept-Encoding
etag: W/"628e85c2-3064"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
cache-control: private
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WDNnvFsjSRFnQUbGBRRsnB%2Fd%2BS3%2F5ndNATRjbB2cfCuIEZBvCvRvUkI1cux7ZfZZO0%2B0OXe%2FgxCKJ3e%2BJ4xr8rNEUdQl86gyqDpRDam3XnvBxqhKkX%2BoCqY5dGyKahdXoXxdynguQg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78ca7fdbca6eb509-OSL
alt-svc: h2=":443"; ma=60
www.secretswipes.com/x/wjkl218xf/files/showHide.js
200 OK 819 B URL HTTP/1.1 www.secretswipes.com/x/wjkl218xf/files/showHide.js
IP
Hash bbeeb9af20a5aa0679ebf33aa8ec755b
0b3aace7c48d8b158fe6cf0a41b46a1c8a401660
205eec9e45f54598bdfa78a52f51b761b1fb320d4b510ea393062a6380c8676c
Analyzer Verdict Alert fortinet Phishing
GET /x/wjkl218xf/files/showHide.js HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:28 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 25 May 2022 19:38:42 GMT
vary: Accept-Encoding
etag: W/"628e85c2-872"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
cache-control: private
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UsOetMrTYW2Pi%2FB3Nmpt9zwNvth%2FpkPOHkL9JzP8OhwVtfbxXSxB3j%2BgOuphpw8FylsDC2luTKGy%2B4CTbNXLbMA5KgwxqWTlnEH8jAwc%2FTZ5IAdXgdoq8HLyxvlvAau77w582210xw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78ca7fdbcf02fab8-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 20:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 20:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.secretswipes.com/x/wjkl218xf/files/jquery.js
200 OK 24 kB URL HTTP/1.1 www.secretswipes.com/x/wjkl218xf/files/jquery.js
IP
File type ASCII text, with very long lines (520)
Hash fbc37aeb10b28048527dddbf2ba8b364
53992a3c0012a14b7a961de466b23d87a469e4ee
98ff22f021a51b684149f003797b805e19e19e62386a9124f31a80d9ab19974e
Analyzer Verdict Alert fortinet Phishing
GET /x/wjkl218xf/files/jquery.js HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:28 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Wed, 25 May 2022 19:38:42 GMT
vary: Accept-Encoding
etag: W/"628e85c2-18391"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
cache-control: private
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o2EB%2FmIN5dKDGQPy6OkO4I53Kq6ZDqc2muHh5E%2BxRlfxO6jzlVKTsXykNWo4JkZGcKeATs2GA7vTj1xvMPT7cNLCZPwdNlxQDlPfRfIBLYN7c988TiN7RGrHmS50CC506i9R3PkY2A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78ca7fdbcd00b4ee-OSL
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css2?family=Montserrat&display=swap
200 OK 841 B URL HTTP/2 fonts.googleapis.com/css2?family=Montserrat&display=swap
IP
Hash 058b43bea775edb5545edbf66e8f37b4
20fc6b7fb2f589d90ce278d34d506b1666b614bc
4917e7e4e2a9510f3841c6f7ddd50820c0d87262fe89cb3267e6959bf2164df8
GET /css2?family=Montserrat&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 20 Jan 2023 20:18:28 GMT
date: Fri, 20 Jan 2023 20:18:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 20:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 0931d5e4b9f406894a6c480e4df3c85a
2f88f42c3ed904c6baeceb4f23617bef3a1d5052
6eba9074f838d0fe873a7ed8893447be3b2bc5f634cc8d848dc0e8639e980d93
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6EBA9074F838D0FE873A7ED8893447BE3B2BC5F634CC8D848DC0E8639E980D93"
Last-Modified: Wed, 18 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Sat, 21 Jan 2023 02:18:19 GMT
Date: Fri, 20 Jan 2023 20:18:28 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 61162a42e6bf5415f3d80ceac5e25ad2
2c2a987ab75a008682a5defd50d20be737912b23
4260bef1cd37c1f0372c9a5aae4ca0a6564c6473f68a4f4181ed83ed3d6b2d48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 20:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 61162a42e6bf5415f3d80ceac5e25ad2
2c2a987ab75a008682a5defd50d20be737912b23
4260bef1cd37c1f0372c9a5aae4ca0a6564c6473f68a4f4181ed83ed3d6b2d48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 20:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/notable/v14/gNMEW3N_SIqx-WX9yHQiFQ.woff2
200 OK 14 kB URL HTTP/2 fonts.gstatic.com/s/notable/v14/gNMEW3N_SIqx-WX9yHQiFQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 13844, version 1.0\012- data
Hash 8c0c57288307c3d5a40b69ada28acac1
9fe4553f0ab23891868afff0d0e8a2f3504219ca
7e9317290444a64d831ecd96e831c591ee123577891b2f8f324be536a0e0754d
GET /s/notable/v14/gNMEW3N_SIqx-WX9yHQiFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.secretswipes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 16 Jan 2023 21:27:10 GMT
expires: Tue, 16 Jan 2024 21:27:10 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 09 May 2022 18:39:14 GMT
content-type: font/woff2
age: 341478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.secretswipes.com/x/wjkl218xf/files/pixel.png
200 OK 2.0 kB URL HTTP/1.1 www.secretswipes.com/x/wjkl218xf/files/pixel.png
IP
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 41408e4a845ca7a72c078eeb2a43fe09
013ed25eb9382be960300b16b4656a3aa665c085
1e138634d66e391c220f3485c87fdce6d042a7dacf34852632195bd6f1853f3a
GET /x/wjkl218xf/files/pixel.png HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:28 GMT
Content-Type: image/png
Content-Length: 1953
Connection: keep-alive
last-modified: Wed, 25 May 2022 19:38:42 GMT
etag: "628e85c2-7a1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: private
CF-Cache-Status: BYPASS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LtR6Nj%2F8z6g7Tu%2FyGlbVRnn7pr2CccHVNnfWvKDDEhF1ft9Az5qruzE2dmddVruDuEufIwlJOFi%2BjLIIsT234KsEd%2Bdpe7IuuETfesyoJSTSfgZxIc3hjSgkdwxOlfk4dMXu1Ebu%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ca7fddf861fab8-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 12708, version 1.0\012- data
Hash b4a68b1e743ee317eaaf0bbadd131571
f24f7823d4e3830c7cfa5bcb33733d2897c00f13
ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.secretswipes.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jan 2023 07:46:37 GMT
expires: Fri, 19 Jan 2024 07:46:37 GMT
cache-control: public, max-age=31536000
age: 131511
last-modified: Mon, 11 Jul 2022 18:55:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tag.swpush.com/action-track
204 No Content 0 B URL HTTP/2 tag.swpush.com/action-track
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /action-track HTTP/1.1
Host: tag.swpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-referer
Referer: http://www.secretswipes.com/
Origin: http://www.secretswipes.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 20 Jan 2023 20:18:28 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type,x-referer
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kZzCZft%2FFJ18mgsf2vyTFQs3jqvPTpVDix%2BjQhNxmNZ7mnBxNq%2FtN05ASK9MXqjbzx18Oq2FAZxBpKK5Ubf14HGxnJ5w9XB0MgbcuZYXwbC3ZbYgBCZJWD%2B%2FGkN7yQQodg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fdedc58b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tag.swpush.com/action-track
204 No Content 0 B URL HTTP/2 tag.swpush.com/action-track
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /action-track HTTP/1.1
Host: tag.swpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-referer
Referer: http://www.secretswipes.com/
Origin: http://www.secretswipes.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 20 Jan 2023 20:18:28 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type,x-referer
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZA40ReJ6Xf16nKeR7NUBJW5JFqbwuLQTk0i%2BeFU%2F10qaGcybdu2tOwGJrfOEzb39gte5HXXJAEbkeprKZUTkw8Rjf0B5tUZaFGJG1RRT0r8gypCvILbUOb2xCcD6f9dO4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fdedc52b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash bdb8a13dfce39d6e151a9ef185a772a1
037a680510f9dbce3c7cc3c0f9115fd587dbcd1d
98c8b7f269b9aad73b73fd946788ebfd7a4d7afbdd5347b56c67f73b947f5ff6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2023
Cache-Control: max-age=134530
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 20:18:28 GMT
Etag: "63ca59af-1d7"
Expires: Sun, 22 Jan 2023 09:40:38 GMT
Last-Modified: Fri, 20 Jan 2023 09:06:55 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 61162a42e6bf5415f3d80ceac5e25ad2
2c2a987ab75a008682a5defd50d20be737912b23
4260bef1cd37c1f0372c9a5aae4ca0a6564c6473f68a4f4181ed83ed3d6b2d48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 20 Jan 2023 20:18:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
app.api-push.com/get-keys
204 No Content 0 B URL HTTP/2 app.api-push.com/get-keys
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /get-keys HTTP/1.1
Host: app.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-referer
Referer: http://www.secretswipes.com/
Origin: http://www.secretswipes.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 20 Jan 2023 20:18:28 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type,x-referer
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uPfhL1BGwG0ChgtZ2r%2BYZYviE3UljshUzFPECJGmFxhBNvxmI8%2FVQG10CPEQ%2FvFRw09Py%2BtxWi%2B1LAMRUkxdI%2FNqZoAVANecQ6MXMMrkcQnMYVFIQh9EXQIFlU5WPBNiWYGB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fdf4f2c7583-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tag.swpush.com/action-track
400 Bad Request 41 B URL HTTP/2 tag.swpush.com/action-track
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 2b3d1dfa17a6e2be3f51bc4daf604435
374418a2d177a4012685476a2c1643e15e546e64
6bfccd30af11322070311b7f99ff7682ae00513fade6ecec5bf5bd10c34e2d1d
POST /action-track HTTP/1.1
Host: tag.swpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Content-Length: 64
Origin: http://www.secretswipes.com
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 400 Bad Request
date: Fri, 20 Jan 2023 20:18:28 GMT
content-type: application/json; charset=utf-8
content-length: 41
vary: Origin
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VKyoFD1vdPiuUitbgk4WlU0VIDzfThfTRqkzuPXzZ9xv%2FL0s3gEiC8XrmbyCdXuAWziZPWjv6tFLJ8oFv8bb5ZAtiEb9gkrYqG1KNJg2z7a84AUXvYoghDXO%2Bk2%2FrJhHqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fdf8d47b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tag.swpush.com/action-track
400 Bad Request 41 B URL HTTP/2 tag.swpush.com/action-track
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 2b3d1dfa17a6e2be3f51bc4daf604435
374418a2d177a4012685476a2c1643e15e546e64
6bfccd30af11322070311b7f99ff7682ae00513fade6ecec5bf5bd10c34e2d1d
POST /action-track HTTP/1.1
Host: tag.swpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Content-Length: 64
Origin: http://www.secretswipes.com
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 400 Bad Request
date: Fri, 20 Jan 2023 20:18:28 GMT
content-type: application/json; charset=utf-8
content-length: 41
vary: Origin
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nLVMnjkMhc1gM4tubilVicQB1iOYNrO32%2F2GqzDMQT4ig%2Fi9V8fYk5nOZGMODNoke6vxKaRdn3W88hs6v%2F2W69%2BcpFl4Z0TJ4pcakjJuf2dCVKBxTnH97zOR8vuUk726sg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fdf8d48b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 0931d5e4b9f406894a6c480e4df3c85a
2f88f42c3ed904c6baeceb4f23617bef3a1d5052
6eba9074f838d0fe873a7ed8893447be3b2bc5f634cc8d848dc0e8639e980d93
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6EBA9074F838D0FE873A7ED8893447BE3B2BC5F634CC8D848DC0E8639E980D93"
Last-Modified: Wed, 18 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Sat, 21 Jan 2023 02:18:19 GMT
Date: Fri, 20 Jan 2023 20:18:28 GMT
Connection: keep-alive
www.secretswipes.com/x/wjkl218xf/files/bg1.jpg
200 OK 26 kB URL HTTP/1.1 www.secretswipes.com/x/wjkl218xf/files/bg1.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1366x768, components 3\012- data
Hash 7f7faa656f2584e53f15a6a0e9cbd950
38f02c7166bfa7dfa821517f566ec9e4066dabe1
1682985b6f30ae73560be8b815844ab5d40b7b524599995135a56c1596f5769d
GET /x/wjkl218xf/files/bg1.jpg HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.secretswipes.com/x/wjkl218xf/files/style.css
Cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:28 GMT
Content-Type: image/jpeg
Content-Length: 25831
Connection: keep-alive
last-modified: Wed, 25 May 2022 19:38:42 GMT
etag: "628e85c2-64e7"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: private
CF-Cache-Status: BYPASS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QCHNqjcCQz6816B7RhBk8cvAg3hBPWGFXyDhE5nCphKYSRUoY3pZkeWENK3g7nDBXTwEVnwz9yO8Q%2FlGihRq1OhD3Ag%2BJ9FtKs9awYrH3hmkoLPe%2FjZfqloBTszms9E3pXv0447DvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ca7fded951b4ee-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: W266J2CT8mlrh6LQVhXNGg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GWvBNwpsxWTnWZT0R6rhy/BohOU=
subscribe.api-push.com/subscriber/null/c0251034-ed66-4440-b1ba-53c0104c9af8
204 No Content 0 B URL HTTP/2 subscribe.api-push.com/subscriber/null/c0251034-ed66-4440-b1ba-53c0104c9af8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /subscriber/null/c0251034-ed66-4440-b1ba-53c0104c9af8 HTTP/1.1
Host: subscribe.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,x-referer
Referer: http://www.secretswipes.com/
Origin: http://www.secretswipes.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 20 Jan 2023 20:18:28 GMT
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type,x-referer
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ur63LwaF7k125R0iRj1g63XhKCEt7PQp1V4YdkiIjZT0jYTto5dQTR40OfTplRRy4jbpS2c0RrV%2FZe6G6DdEyD2AwYe8MbaBJco591C29tnKwHWU9%2BNyyLrLg96t9mVqc64lL44NPiq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fe10a987583-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.secretswipes.com/x/wjkl218xf/files/l1.png
200 OK 142 kB URL HTTP/1.1 www.secretswipes.com/x/wjkl218xf/files/l1.png
IP
File type PNG image data, 624 x 614, 8-bit/color RGBA, non-interlaced\012- data
Size 142 kB (142394 bytes)
Hash 0baa3afb19d14a7e9e1788ec790b96e6
2769f4c3753ff295bbe56803a91d2c0e142255af
8a67f09a3157c90e569540caa18dc711ce36c67e6e3394b3b96f0ef63a2620f4
GET /x/wjkl218xf/files/l1.png HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.secretswipes.com/x/wjkl218xf/files/style.css
Cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:28 GMT
Content-Type: image/png
Content-Length: 142394
Connection: keep-alive
last-modified: Wed, 25 May 2022 19:38:42 GMT
etag: "628e85c2-22c3a"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: private
CF-Cache-Status: BYPASS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JpFx3PY1O8xwsaDziTMd2Y%2BilS8KIrTpyvREEzC96yT2k9ZEDF9DVRq%2F40QymrXsjAV9ogDAhgvj5o6reWIxqLjyZLJgVNQltKe2mvH8KxMkSAtAujHICeLQmwkrDzMjMlMk9mK0DA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ca7fdeef38b509-OSL
alt-svc: h2=":443"; ma=60
subscribe.api-push.com/subscriber/null/c0251034-ed66-4440-b1ba-53c0104c9af8
200 OK 5 B URL HTTP/2 subscribe.api-push.com/subscriber/null/c0251034-ed66-4440-b1ba-53c0104c9af8
IP
File type ASCII text, with no line terminators
Hash 68934a3e9455fa72420237eb05902327
7cb6efb98ba5972a9b5090dc2e517fe14d12cb04
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
GET /subscriber/null/c0251034-ed66-4440-b1ba-53c0104c9af8 HTTP/1.1
Host: subscribe.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Origin: http://www.secretswipes.com
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 20:18:28 GMT
content-type: application/json; charset=utf-8
content-length: 5
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfHya2V9xTwJYvH%2FYwT7jfvpMrLS60VaRTXF0Y6xaoNhufrzJPvJxBXIL%2BjqiliJeTYpoIe5tQ4XGnB5sVhUc%2FwW1Eq4tEKtXTARxxuPJjLVX10XHsxGmf0%2BTj8xXf4Oxy6TSdQzfJDV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fe1fc217583-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.secretswipes.com/x/wjkl218xf/files/16.webp
200 OK 789 kB URL HTTP/1.1 www.secretswipes.com/x/wjkl218xf/files/16.webp
IP
File type RIFF (little-endian) data, Web/P image\012- data
Size 789 kB (789192 bytes)
Hash 1f50c35b46ceb5868b9094dd580776d3
3f77508618968ff185958aad651d3c41d9dc792a
bf23786f23f08af388e7a6ca79d1c6bf4b2593a91f35ef44f8f889dd65e9975b
Analyzer Verdict Alert fortinet Phishing
GET /x/wjkl218xf/files/16.webp HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.secretswipes.com/x/wjkl218xf/files/style.css
Cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:28 GMT
Content-Type: image/webp
Content-Length: 789192
Connection: keep-alive
last-modified: Wed, 25 May 2022 19:38:42 GMT
etag: "628e85c2-c0ac8"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: private
CF-Cache-Status: BYPASS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bo8GRYTkl5GQwc0WfNpqfDe4N82MfBB2EBj0Th8W8TbC8wxLRNZnzn%2BsEiNKzZLKnXqAPgqiiUCp8YNEaFhKRtem7mlLAdi%2B9lTpTvFtYCkyxHwo%2BpOaZdyV8jwqOKHxT9nG%2BZbNCA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78ca7fdeefed1c0e-OSL
alt-svc: h2=":443"; ma=60
www.secretswipes.com/favicon.ico
200 OK 3.5 kB URL HTTP/1.1 www.secretswipes.com/favicon.ico
IP
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 1afd0490a7c54f3762f6d69a39fda96f
60ff08ef286f291f51397f5f64265b5785255f3e
acb0653f24a2eb7cadc905929864bb742896201ad86d5899c4ca44b77f14e96d
GET /favicon.ico HTTP/1.1
Host: www.secretswipes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Cookie: DO-LB="MTAuMTM2LjAuMzo4MA=="
HTTP/1.1 200 OK
Date: Fri, 20 Jan 2023 20:18:29 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Sun, 10 Oct 2021 05:17:00 GMT
vary: Accept-Encoding
etag: W/"6162774c-d90"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: gzip
cache-control: private
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XlaxoWHEg0J9Ir6d0aKBVyqGt1Q8YX0gMOchFhQVm327dM8xU6JGVqImQ%2Bzi3YG2zSMtDV8aywOn%2FbVEUTSxtZuuGS4zhs3Ewe9b%2Bwi0ipx2u9tluoavYdTan9QhUYf1nmIS3lSBTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 78ca7fe35f71b4ee-OSL
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css2?family=Notable&display=swap
200 OK 783 B URL HTTP/2 fonts.googleapis.com/css2?family=Notable&display=swap
IP
Hash dfb82f4aa81646fb068ff3fc752ba0d9
705b50d6a31481d2bbc217c1ca9e72d78a6c553d
684c8d59a1961c0b279455397dbf2e1213069f50fa5c12d109afa382e7194fef
GET /css2?family=Notable&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 20 Jan 2023 20:18:28 GMT
date: Fri, 20 Jan 2023 20:18:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8125
Expires: Fri, 20 Jan 2023 22:33:54 GMT
Date: Fri, 20 Jan 2023 20:18:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8125
Expires: Fri, 20 Jan 2023 22:33:54 GMT
Date: Fri, 20 Jan 2023 20:18:29 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 89055b1f42119cc1e7a33ce2fc364e76
20550fd56bf49a8aa30e18a923be22cda3f2ba7b
7698e9bb59f46011dbd3b6b74fc5784ac60d64c9d8403e8fe3aa18a60c17393d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7698E9BB59F46011DBD3B6B74FC5784AC60D64C9D8403E8FE3AA18A60C17393D"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8125
Expires: Fri, 20 Jan 2023 22:33:54 GMT
Date: Fri, 20 Jan 2023 20:18:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3638dc76d0638625ac9a31c038df3a44
deff1903d591273a96d538ae77988d8a080e228c
8382af3843ebeca8e5c13fdd60f7fb92b479915416f36686fce40566fd87ce68
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbb60a79-f6ba-46cb-8679-5da65b53c107.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10867
x-amzn-requestid: 8d882e21-d4c5-49ac-b76a-198cec065377
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnVTEfpoAMFgJA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8ee-6579537e6a82269f4bc99395;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:41:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 83ssVBkpe4gl1kI8bKYu90Vee3r32V_IiqQxtvt_TfAFk6DsDfyoTw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:09:52 GMT
age: 79717
etag: "deff1903d591273a96d538ae77988d8a080e228c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5195ac5d83278bed049661c0d1aaa4a
74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e
30af8f591b2d4f7c8de7d52ea53bb170ca426ef0550001c7802a7f993a6344df
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1122c75-908d-4e51-8a61-b64f7ab77c76.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7111
x-amzn-requestid: d9b5e6b0-3995-4c70-be84-0b1b457b7143
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmRlHtkIAMFiGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b73d-37d253ee68fe1b7e483097dd;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 86-hgCgiYN-PYLZgXJO79kM9Vm6DIiRixaz-kQZFaY0m5481x8GWlw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:54 GMT
etag: "74b3e81e1dfc9f0a50aa936ba02b357c0df3aa9e"
content-type: image/jpeg
age: 79535
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg
200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5553b06c7dde4dc377f9f4e65bc8ace7
9dca5486485416d1aef199be08a50abd717addc7
33a5d1a21738218e0a6fe16d79045bd390af2e84073330a0a94c03812e1ba3ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0c09209-bc9e-43f8-ace4-c90a39c75c63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 70710215-b8fd-44eb-8b50-f0948f98366c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAmQWFNvoAMF3ZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b735-19e7e3865ce991cb5447f0f2;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:33:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Fc9dIiT5QQaTowAA6lp8ffJl4Niq3i_iVe54lYhAV52kJ8Q98EMJqQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:04:44 GMT
age: 80025
etag: "9dca5486485416d1aef199be08a50abd717addc7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72cb731e-e923-4be7-9dd2-8274ec9adc4f.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72cb731e-e923-4be7-9dd2-8274ec9adc4f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 865f3b7fce94742b22851118e29491a2
24d8d638eb39f3ff6a6a8f2337d77f3852a99dba
1b3bb3b03e787aa7b1f60f61c4adf6463a3586399d47c5ec5a2aec7b0aaa03ba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72cb731e-e923-4be7-9dd2-8274ec9adc4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11675
x-amzn-requestid: 718b88d6-5f97-42b0-8e9d-1cd6e646690a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7UihGrpIAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79adc-03cdafe06c8871bb63cbbd6a;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:08:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ARzXtlV41pRcNijtEI0YObkrDQA63q4DZLg2w4yz5W1CsBsvQJ7zaQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 06:26:15 GMT
age: 49934
etag: "24d8d638eb39f3ff6a6a8f2337d77f3852a99dba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1eff6cdee4c98a6f806c5b417b12cdf2
4b4b817055dc2c0699c6e01d85841638e63d9c0e
2f2fdd1e829e4175e8cf915794ffc16e24dac72ab425448cd0ac5165b1b87b2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F03285c30-851a-4892-8ad6-994296dfce51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5351
x-amzn-requestid: 86ba43bc-0b0f-40ba-9015-463371baf673
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foQFg_IAMFSZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61301-0c1461622a361a5d0ab35cbb;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XH59pHdrdzBmByq_DN9OlVh-Y3MGiR-V9KzWnaR9QR_7evQt--UOdA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 07:09:42 GMT
age: 47327
etag: "4b4b817055dc2c0699c6e01d85841638e63d9c0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6889019ec9c1155e9e4b4eeb6a86760d
59c6f3a313efba4a67a63c9ae725db8d17c08c03
378510ecdbbb2b6248391195eace1dc3120d18b6f13e52033a3e88024592cac4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F035e7b24-d861-44e8-ac81-1dcc5e3a0e2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5588
x-amzn-requestid: c9d6f09b-2cd9-4137-9369-0295836e06e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fAnT0FkNIAMF7Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9b8e5-5c6360c025826ed06525c67e;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 21:40:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ruj2jeo2zhuDhIPufqckFmqP0Cx7ECNYRyxBYgQbHhkWH4o3m1L-OQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 19 Jan 2023 22:12:29 GMT
age: 79560
etag: "59c6f3a313efba4a67a63c9ae725db8d17c08c03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn-dt.fcdn.info/cal2.min.js?_=1
200 OK 0 B URL HTTP/2 cdn-dt.fcdn.info/cal2.min.js?_=1
IP
GET /cal2.min.js?_=1 HTTP/1.1
Host: cdn-dt.fcdn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 20 Jan 2023 20:18:27 GMT
content-type: application/javascript
last-modified: Wed, 10 Feb 2021 18:52:34 GMT
etag: W/"60242b72-18e8"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 3429
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LhRRHouGoXw%2Bhk%2FAK1xYBsY%2BbC9inI7u%2ByPGcl5CFdAPa7as9nYcDMn4KOoVIU56chTAVTgOu7VtG0i6PuK3JFPnEzDfltvEGPF%2B%2B6htEBmJj%2FalTULKXeLPKScknhVVr2q4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ca7fdc3a0f776b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn-dt.fcdn.info/swpush.min.js
200 OK 0 B URL HTTP/2 cdn-dt.fcdn.info/swpush.min.js
IP
GET /swpush.min.js HTTP/1.1
Host: cdn-dt.fcdn.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 20 Jan 2023 20:18:27 GMT
content-type: application/javascript
last-modified: Sat, 07 May 2022 08:23:17 GMT
etag: W/"62762c75-8692"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 206992
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lz7EOecGMUf2%2BhOmyJqw1jWnS5waEwTD8agYh5%2BM9Iya4SXPqAqEBQPHJdsqGCa9TLj9pfHITZnbp7i2NUa5iV6UYO8rl4KCXqeoAg0I6joz33X0fVxagorvTW4IVIF5NNCJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78ca7fdc3a1d776b-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjam.com/cdn/sdialog.min.css?_=4
200 OK 0 B URL HTTP/2 cdnjam.com/cdn/sdialog.min.css?_=4
IP
GET /cdn/sdialog.min.css?_=4 HTTP/1.1
Host: cdnjam.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 20 Jan 2023 20:18:30 GMT
content-type: text/css
content-security-policy: block-all-mixed-content
etag: W/"1d16caacad4ad6c40a99319a5d183947"
last-modified: Mon, 22 Nov 2021 08:00:52 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin, Accept-Encoding
x-amz-request-id: 16F5E342988C7B8C
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: HIT
age: 6232
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9E16GYzeq4nbNXq19mZIpnZq%2FhGAci2x58L6H1fu0dWshqbqENQYnHfsN5vv6KJvZaJqHCiDhoFpUmpGMFENbD4TXqXXIERF5VYBvLfTT25XJj67kZ3xVJ%2Fhdz4g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fe98e8fb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
app.api-push.com/get-keys
200 OK 0 B URL HTTP/2 app.api-push.com/get-keys
IP
POST /get-keys HTTP/1.1
Host: app.api-push.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-referer: http://www.secretswipes.com/x/wjkl218xf/?cep=bu1JescOVft55qabnG2HC68vJZDKnEn60BQGY6eXMxo0sZ9m-hGJElrVGvlANFN7O-MnzEVWo4OSJSs26h94WfbWtxVqeroIFVjx7lp1lTT_eo3gU5U7b446gzMdvixYspOjBKFVkG_o5LcjhbAheE7ajYvN2l6LKb1A7JWeiCi0jNB54YSBPH8HmpOkpuwUjGcfcF5CBjmUTTbsfZHiTCXMfyMOsTkmWDsPiqUxA29-nq2k2uSEEd2zmwnsookNKytkYziRpxYLZ5gt-U6XXM4tg_AWzQgm0waS_Pl2dZWEseESjpAvwHCj7icpeptRXjHZzkLtHMbum3vzC_W45YThZuPlzeLni9WXuqp5G6-hhSgyqq8N8D6rYpX1Ax1ZqpvXEIU--iwGX_n5ZCD2wvKtUJnlrlA-YkiGkEYzvWyU095nSf4H4JknjwvGMqGs6DqX1IsVsrdKlrOqF34s6g&lptoken=169a7418247a76ba908c&pub=9881&source=_us&externalid=863caf70222fb01.03306368&_ocid=w95drm2bek9g9s1m20i1rt50&autocamp=_US
Content-Length: 89
Origin: http://www.secretswipes.com
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 20 Jan 2023 20:18:28 GMT
content-type: application/json; charset=utf-8
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNgO%2FDnYreRJdjNNGYPicOrEUOcuMVBCOuH0liywEzX39o8m0UH32UO0Z5dAQ9qyXxWnIrnc1uz2yeJwcg7jHld9u4QTtOBMvezQSJCS3iS%2BcGFj4%2FoqVzOjcl0lCSG3Doad"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fdfe84e7583-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
theemforest.com/p/1
200 OK 0 B IP
GET /p/1 HTTP/1.1
Host: theemforest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.secretswipes.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 20 Jan 2023 20:18:28 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: no-cache, private
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDYQ%2BbJhBhRGAC0B6pDzHdL2Dhu7cGJPBiVxfZ3M8yn7VTmMcK0xxJ57QgKL%2Bk7MFoz0t0OjVRHNsDk%2FRnGIxq6zpDDHgy6CwmFtWv5VuZZPNIzTtKQ%2BsEueDcWV5KEDAB4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78ca7fdf2b16b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
188.114.96.1
34.117.237.239
23.36.76.226
104.21.234.87
93.184.220.29