firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 17:47:05 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: e1dbW2QwYF3s8Ii-_ImTFwqKgotVzNm9mK1xv6Q1HWedI0jXSmCLFQ==
Age: 423
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6196
Expires: Tue, 04 Oct 2022 19:37:24 GMT
Date: Tue, 04 Oct 2022 17:54:08 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fnJAnwliR7Jgd2L9Xq8zurV4HSwfWSl2zuksluZW1h0Rm9j7eut_xw==
age: 44741
X-Firefox-Spdy: h2
mericadvisory.com/
23.94.191.226301 Moved Permanently 0 B IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Oct 2022 17:54:07 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Vary: Accept-Encoding,Cookie
X-Redirect-By: WordPress
Location: https://mericadvisory.com/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 17:54:08 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 04 Oct 2022 17:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 04 Oct 2022 18:21:41 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -tYLuGLiUh-BoSgOp4a6KjY3th1E3IIAK0bZz8ni2cWyvv5fgm8_kQ==
Age: 1475
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4d6b344f7e5123552495c56971708cef
efcf4bd4bdb6964b29ce0bc239ea32ab573dac3a
8092e24c3c24d08ffebca3781af0ec9574604e1ae4bd40d2c21865c3297f44bc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 17:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mericadvisory.com/
23.94.191.226404 Not Found 45 kB IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (20588), with CRLF, LF line terminators
Hash 6d1cfa2df2246fa9249010138418f02f
e3f3280966a3c398d66531f25a8c5138e7f4d567
ab412db18abfdd7fbfd904007317637660b20d42d29a5f56bb06d3e6381d446a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Date: Tue, 04 Oct 2022 17:54:08 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Vary: Accept-Encoding,Cookie
Cache-Control: max-age=3, must-revalidate
X-WP-Super-Cache: Served supercache file from PHP
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 17:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16ebfb2aa621547ecf581e26fc828a7d
f78993331f6f5b8af6409a9ad2fc50b77070f68a
0f81fd1d6be9ccc04b74f0348aafe642c7b9ab7dffb7e8a679b5d67cc2e5fac3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6268
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 17:54:08 GMT
Last-Modified: Tue, 04 Oct 2022 16:09:40 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
mericadvisory.com/wp-content/themes/savoy/assets/css/third-party/magnific-popup.css?ver=0.9.7
23.94.191.226200 OK 9.9 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/css/third-party/magnific-popup.css?ver=0.9.7
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with CRLF line terminators
Hash a188d724f7ee3f8e15132d6eac2b0815
30b96b3b73e05ef4cde2af81f54b391d97eead1c
6de6db6c2da6854284923909aaea714d8656aa0ceba85514d1cf816d209132d4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/css/third-party/magnific-popup.css?ver=0.9.7 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:08 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:12 GMT
Accept-Ranges: bytes
Content-Length: 9902
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
mericadvisory.com/wp-content/themes/savoy/assets/css/third-party/normalize.min.css?ver=3.0.2
23.94.191.226200 OK 2.0 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/css/third-party/normalize.min.css?ver=3.0.2
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (1921)
Hash 84aeab10a8a1c54e6163e33e0b6b24e2
5f13bd87b643f5a69c91a72a629f9ae93f99f4ac
cf8fabb96e5a723351b0e5553c0ca03519e737533ee45188b940ea819160be8e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/css/third-party/normalize.min.css?ver=3.0.2 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:08 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:12 GMT
Accept-Ranges: bytes
Content-Length: 1982
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
mericadvisory.com/wp-content/themes/savoy/assets/css/third-party/slick.css?ver=1.5.5
23.94.191.226200 OK 1.4 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/css/third-party/slick.css?ver=1.5.5
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with CRLF line terminators
Hash c5176e359d61bf36c71808a104edd466
3bc8792aceb952676bd05b65448bca8bf642632c
df4ab46adc614c7ab82d21f137ea47b90591fe5b4000f78f55ed64088b2b8ee5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/css/third-party/slick.css?ver=1.5.5 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:08 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:15 GMT
Accept-Ranges: bytes
Content-Length: 1357
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
mericadvisory.com/wp-content/themes/savoy/assets/css/third-party/slick-theme.css?ver=1.5.5
23.94.191.226200 OK 4.2 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/css/third-party/slick-theme.css?ver=1.5.5
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with CRLF line terminators
Hash 56e097618a83a005b7c96499c8aef57f
c56aaf4dbfad2cd8b1690f23ec799f978ac76d34
66b7d90c49ce2dc839af7cc9f7a560951fa9571b7d504d2c33ab2696d0edaa4e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/css/third-party/slick-theme.css?ver=1.5.5 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:08 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:15 GMT
Accept-Ranges: bytes
Content-Length: 4160
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
mericadvisory.com/wp-content/themes/savoy/assets/css/visual-composer/nm-js_composer.css?ver=2.4.10
23.94.191.226200 OK 32 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/css/visual-composer/nm-js_composer.css?ver=2.4.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with CRLF line terminators
Hash 6699b9bdd116dd465bc872936a504488
41ebfea72c38ae5b866bfd6e833b1322de4f9021
df8822774e39ffce5cb20e3e4ffb739278c353daf2ef540c7d01f27f11828bcc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/css/visual-composer/nm-js_composer.css?ver=2.4.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:08 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:15 GMT
Accept-Ranges: bytes
Content-Length: 31549
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
push.services.mozilla.com/
35.81.125.88101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.81.125.88:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RIzT+RJYup3J+suAVO+Dsg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YVSgqYAi+f7cKH5IVvnm10Ij+c0=
mericadvisory.com/wp-includes/css/dist/block-library/style.min.css?ver=5.5.10
23.94.191.226200 OK 54 kB URL HTTP/1.1 mericadvisory.com/wp-includes/css/dist/block-library/style.min.css?ver=5.5.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (27100)
Hash 2e7e1d1c1d4d446a1b6b63295757d859
27a1d9dcbdc4aff486016b5c9f3ece6ad0c028c1
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.5.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:08 GMT
Server: Apache
Last-Modified: Thu, 27 Aug 2020 22:30:38 GMT
Accept-Ranges: bytes
Content-Length: 53907
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
mericadvisory.com/wp-content/themes/savoy/assets/css/grid.css?ver=2.4.10
23.94.191.226200 OK 34 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/css/grid.css?ver=2.4.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (540), with CRLF line terminators
Hash 814161e466adc5c5909054f34266b88a
3e2a5acbe249ca5f73c987f8dc4c7040860ed15d
6167f4c81e84f8b2de05442e95d4ea070b59276375605703a8cf4806e7fa9d20
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/css/grid.css?ver=2.4.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:43:15 GMT
Accept-Ranges: bytes
Content-Length: 33952
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
mericadvisory.com/wp-content/themes/savoy/assets/css/elements.css?ver=2.4.10
23.94.191.226200 OK 56 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/css/elements.css?ver=2.4.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with CRLF line terminators
Hash 5c5d75908d5e0ff07d46ee51c4a6a053
f094ab7a49ef9f568b2fc2ea44531cc92481e170
52f7847fb7cc7154bc35e886312c097e252d121f53a01b0b8e28e92ac7c1f5e5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/css/elements.css?ver=2.4.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:43:15 GMT
Accept-Ranges: bytes
Content-Length: 55844
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
mericadvisory.com/wp-content/themes/savoy/assets/js/visual-composer/nm-js_composer_front.min.js?ver=2.4.10
23.94.191.226200 OK 6.0 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/js/visual-composer/nm-js_composer_front.min.js?ver=2.4.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (523), with CRLF line terminators
Hash b176ed209565ab379aed00ff34759a9e
4c6fdc330dbb72a2abfc833f529f0f79062caa9d
556e4011a8f2dee4fe781d30b13d50474a5a35ef987b734f8bf9f6beed1d07a6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/js/visual-composer/nm-js_composer_front.min.js?ver=2.4.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:30 GMT
Accept-Ranges: bytes
Content-Length: 5987
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
mericadvisory.com/wp-includes/js/wp-emoji-release.min.js?ver=5.5.10
23.94.191.226200 OK 14 kB URL HTTP/1.1 mericadvisory.com/wp-includes/js/wp-emoji-release.min.js?ver=5.5.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (11272)
Hash 878184c5d285d4d52d926d36ef19b718
dd260ffe0f8e3f38f58efd23cac8a1e5c788dad9
07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.5.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 06:06:49 GMT
Accept-Ranges: bytes
Content-Length: 14229
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
mericadvisory.com/wp-content/themes/savoy/assets/css/font-icons/theme-icons/theme-icons.css?ver=2.4.10
23.94.191.226200 OK 8.6 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/css/font-icons/theme-icons/theme-icons.css?ver=2.4.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with CRLF line terminators
Hash ea31e4977a62d901fb2f6577592a88ab
765dff80878dc7072d11c22906fef3e075c2cf86
d0e86661574d0a4c827695a413eb9752e3a77129a4ee92cbc223a28df7e581ed
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/css/font-icons/theme-icons/theme-icons.css?ver=2.4.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:14 GMT
Accept-Ranges: bytes
Content-Length: 8603
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
mericadvisory.com/wp-content/themes/savoy/style.css?ver=2.4.10
23.94.191.226200 OK 131 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/style.css?ver=2.4.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (539), with CRLF line terminators
Size 131 kB (130616 bytes)
Hash ef37d8b0140b4062725bac50b0303092
98a56519ee3061c8a05f5fa633f80d5a11bb78bb
c835dd636930a11a7e624350d8ab7956854dfbf7a963aedaa450bd1aac9bb9d2
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/style.css?ver=2.4.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:43:14 GMT
Accept-Ranges: bytes
Content-Length: 130616
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
mericadvisory.com/wp-content/themes/savoy/assets/js/plugins/slick.min.js?ver=1.5.5
23.94.191.226200 OK 37 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/js/plugins/slick.min.js?ver=1.5.5
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (32178)
Hash f75e5735ae8fe0f1e033e9205d2523f5
dabe28f2695a445be9e1b6a6db2b016b84fb3aad
21b8a788be3b5750a416db298f10052985f72df78861746b134d8537dbdf341a
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/js/plugins/slick.min.js?ver=1.5.5 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:30 GMT
Accept-Ranges: bytes
Content-Length: 36593
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
mericadvisory.com/wp-content/themes/savoy/assets/js/plugins/modernizr.min.js?ver=2.8.3
23.94.191.226200 OK 3.3 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/js/plugins/modernizr.min.js?ver=2.8.3
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type HTML document, ASCII text, with very long lines (3154), with CRLF line terminators
Hash 3ede941080f7f0f47b92f7f480f85e38
70aab97d60682d3823641dcda3d8e18dfc59c612
2c766aa3c79a45de31e1d55c25ebea682c1138e9029be4a2de3f52aa7f0dbbf4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/js/plugins/modernizr.min.js?ver=2.8.3 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:30 GMT
Accept-Ranges: bytes
Content-Length: 3329
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
mericadvisory.com/wp-content/themes/savoy/assets/js/nm-blog.min.js?ver=2.4.10
23.94.191.226200 OK 2.1 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/js/nm-blog.min.js?ver=2.4.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (526), with CRLF line terminators
Hash af041171769ac044e5c152cd4ec4bf8d
8a5d13e93b23de4023c81a1d508b90da66d20856
9f17640b6fa759b5150dfd5d7d5b868400c6dcb931ee0abceafe89d77d592fce
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/js/nm-blog.min.js?ver=2.4.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:43:16 GMT
Accept-Ranges: bytes
Content-Length: 2086
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
mericadvisory.com/wp-content/themes/savoy/assets/js/nm-core.min.js?ver=2.4.10
23.94.191.226200 OK 20 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/js/nm-core.min.js?ver=2.4.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (581), with CRLF line terminators
Hash b8a83c9bf6d8062ef4ccaf8a9af4a960
68a23c064c0de0a1d285c3204b306ab0b811b8db
2b0eea44500b04de60f0b9e59b89ec8f64cf101682fbb7a032b21e2ab70fe0e6
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/js/nm-core.min.js?ver=2.4.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:43:16 GMT
Accept-Ranges: bytes
Content-Length: 19494
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
mericadvisory.com/wp-content/themes/savoy/assets/js/plugins/jquery.magnific-popup.min.js?ver=0.9.9
23.94.191.226200 OK 21 kB URL HTTP/1.1 mericadvisory.com/wp-content/themes/savoy/assets/js/plugins/jquery.magnific-popup.min.js?ver=0.9.9
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (21014)
Hash be3333626c57af03599abcb59b325e09
3824067348f6485d6b07d3a43660804e3731b21a
ecbef0f33e8ccedd2c605816e052cfff778abcc0e30a80b874c097a5fddd24fc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/savoy/assets/js/plugins/jquery.magnific-popup.min.js?ver=0.9.9 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Sun, 29 Nov 2020 21:44:15 GMT
Accept-Ranges: bytes
Content-Length: 21143
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
mericadvisory.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
23.94.191.226200 OK 97 kB URL HTTP/1.1 mericadvisory.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (31997)
Hash 49edccea2e7ba985cadc9ba0531cbed1
f8747f8ee704d9af31d0950015e01d3f9635b070
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Fri, 17 May 2019 08:55:54 GMT
Accept-Ranges: bytes
Content-Length: 96873
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
mericadvisory.com/wp-includes/js/wp-embed.min.js?ver=5.5.10
23.94.191.226200 OK 1.4 kB URL HTTP/1.1 mericadvisory.com/wp-includes/js/wp-embed.min.js?ver=5.5.10
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (1391)
Hash 905225d5711b559d3092387d5ffbedbd
6f6c39075263bafb9e8c10f1b34a1a0f7ee03c9d
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-embed.min.js?ver=5.5.10 HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 06:06:49 GMT
Accept-Ranges: bytes
Content-Length: 1426
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 17:54:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mericadvisory.com/wp-content/uploads/2020/11/mericsss.png
23.94.191.226200 OK 2.5 kB URL HTTP/1.1 mericadvisory.com/wp-content/uploads/2020/11/mericsss.png
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type PNG image data, 100 x 99, 8-bit/color RGBA, non-interlaced\012- data
Hash 640557f6b77eeee83164e200c075f319
06b3c6bfd2882759e0f4b17d523775dc7b6c0da5
9483caa53b635cc06acd1da256d8917ac8cbf0842e30ea14d3d2e51bfcf89b8f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/11/mericsss.png HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:09 GMT
Server: Apache
Last-Modified: Mon, 30 Nov 2020 19:07:00 GMT
Accept-Ranges: bytes
Content-Length: 2458
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 17:54:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 17:54:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
216.58.207.195200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 35764, version 1.0\012- data
Hash 60f23230f1a8d5c3b7d25b73f5b5ce23
ed08ada85d017893b9bcb8224e99154c6708f5d2
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
GET /s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mericadvisory.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35764
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 21:14:36 GMT
expires: Tue, 03 Oct 2023 21:14:36 GMT
cache-control: public, max-age=31536000
age: 74373
last-modified: Mon, 18 Jul 2022 19:06:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/karla/v23/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2
216.58.207.195200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/karla/v23/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 21248, version 1.0\012- data
Hash 481105857aba99f91faa3cd9a360e8e1
a2d8dcb59555878d359c2bebbc8be6985d26d7d2
f8c2240958cb1fff47d921ca0f3097f9e7403ada01af2382477ef42c404c38d4
GET /s/karla/v23/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mericadvisory.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 17:06:49 GMT
expires: Fri, 29 Sep 2023 17:06:49 GMT
cache-control: public, max-age=31536000
age: 434841
last-modified: Mon, 11 Jul 2022 20:38:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 17:54:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mericadvisory.com/wp-content/uploads/2020/11/mericsssd.png
23.94.191.226200 OK 1.1 kB URL HTTP/1.1 mericadvisory.com/wp-content/uploads/2020/11/mericsssd.png
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type PNG image data, 100 x 99, 8-bit/color RGBA, non-interlaced\012- data
Hash 27cf22ae874b836c0a926dbfc20fd24d
d5b97b7f6d9da050ca16a95f4fbc911769ab4a23
3739d43269bdf0b6c4e559e390e876d2e2f1c1d75fd5002d0e07c0c66efaad33
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/11/mericsssd.png HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:10 GMT
Server: Apache
Last-Modified: Mon, 30 Nov 2020 19:34:37 GMT
Accept-Ranges: bytes
Content-Length: 1087
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
mericadvisory.com/wp-content/uploads/2020/11/lady-justice-2388500_1280swef.jpg
23.94.191.226200 OK 236 kB URL HTTP/1.1 mericadvisory.com/wp-content/uploads/2020/11/lady-justice-2388500_1280swef.jpg
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 697x802, components 3\012- data
Size 236 kB (235454 bytes)
Hash 2fd7a4db714dc31c1f6eb5bcefe6b6ae
c733dc6e97edc28914802d536bde3a527f9d422b
a1abcadd55d2a87632c9a0dda95e550911e09093f12891c5cc0b576e8203fe06
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2020/11/lady-justice-2388500_1280swef.jpg HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:10 GMT
Server: Apache
Last-Modified: Mon, 30 Nov 2020 20:29:16 GMT
Accept-Ranges: bytes
Content-Length: 235454
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16961
Expires: Tue, 04 Oct 2022 22:36:51 GMT
Date: Tue, 04 Oct 2022 17:54:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16961
Expires: Tue, 04 Oct 2022 22:36:51 GMT
Date: Tue, 04 Oct 2022 17:54:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16961
Expires: Tue, 04 Oct 2022 22:36:51 GMT
Date: Tue, 04 Oct 2022 17:54:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16961
Expires: Tue, 04 Oct 2022 22:36:51 GMT
Date: Tue, 04 Oct 2022 17:54:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16961
Expires: Tue, 04 Oct 2022 22:36:51 GMT
Date: Tue, 04 Oct 2022 17:54:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MiSh_FjAciKCaOakY2mM_EHBN1Z6GIDYIP8mwS4ikkrToQN3Ktsv2g==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:56:46 GMT
age: 71844
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 54b3ef7aa50273b78b59c24511b0c1f9
e2ea2ef6805e391c497e62e101e76a0bdecfce64
296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tJwzKfs7HnQ7dVcINwnlzxTChXiEi4JPj8jrS8p5KhurRx_o3ZVOZQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
content-type: image/jpeg
age: 70991
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Ovm2wuk28PygH4EZNEUoPchoHQggWCyXbYHOjMV1tZmfyDrL6PjPZA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:29:19 GMT
age: 69891
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 71896
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2287c489794dab0e9ba923a2057988f
2b9f6828a38da81b40dcad033572e48b4c5896db
e853fa2acf2425d14cb9746e8bbd45c8765598d2bb630859086b4668182dbf6c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8534
x-amzn-requestid: 8ae51cd3-697b-47ed-8493-8f83e2bc7469
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuHlXoAMFucg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-165d72034440cf810d42f3bd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LPt8LUVoKhXjfz-jZHLmnWD15tQgSLRaxl-Bsl0UU83G7wm3jj7_mg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:37:24 GMT
age: 69406
etag: "2b9f6828a38da81b40dcad033572e48b4c5896db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0881edd-e0e9-466c-b336-8ab1cddabd13.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0881edd-e0e9-466c-b336-8ab1cddabd13.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 363780f6c5cd25605ef91528dbc9dca6
af24a2bc892fee0ddc420ecb9ae6a20c4467721a
232e78b64f79f5e79a1d1f3be972e7757136b55b8d29728dc38b4d5e3a426466
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0881edd-e0e9-466c-b336-8ab1cddabd13.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6327
x-amzn-requestid: 88075140-b88b-42fc-8f44-931786b997ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMLAAEwqoAMFqcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334becc-5930f80c649b9f6742c9c662;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:38:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _iIDwbNPuaLmYjZ-mF6yJLmNznn5VlrK8YrGn609mm9OFCKtRX74rQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 07:17:11 GMT
age: 38219
etag: "af24a2bc892fee0ddc420ecb9ae6a20c4467721a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mericadvisory.com/favicon.ico
23.94.191.226302 Found 0 B URL HTTP/1.1 mericadvisory.com/favicon.ico
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Date: Tue, 04 Oct 2022 17:54:10 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Vary: Accept-Encoding,Cookie
Link: <https://mericadvisory.com/wp-json/>; rel="https://api.w.org/"
X-Redirect-By: WordPress
Location: https://mericadvisory.com/wp-includes/images/w-logo-blue-white-bg.png
Content-Length: 0
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mericadvisory.com/wp-includes/images/w-logo-blue-white-bg.png
23.94.191.226200 OK 4.1 kB URL HTTP/1.1 mericadvisory.com/wp-includes/images/w-logo-blue-white-bg.png
IP 23.94.191.226:0
ASN #36352 AS-COLOCROSSING
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: mericadvisory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mericadvisory.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 17:54:10 GMT
Server: Apache
Last-Modified: Thu, 21 May 2020 13:40:12 GMT
Accept-Ranges: bytes
Content-Length: 4119
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
fonts.googleapis.com/css?family=Karla%3A400%2C700%2C400italic%2C700italic%7CPlayfair+Display%3A400%2C700%2C900%2C400italic%2C700italic%2C900italic&ver=1606769701
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Karla%3A400%2C700%2C400italic%2C700italic%7CPlayfair+Display%3A400%2C700%2C900%2C400italic%2C700italic%2C900italic&ver=1606769701
IP 142.250.74.10:0
GET /css?family=Karla%3A400%2C700%2C400italic%2C700italic%7CPlayfair+Display%3A400%2C700%2C900%2C400italic%2C700italic%2C900italic&ver=1606769701 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 17:54:08 GMT
date: Tue, 04 Oct 2022 17:54:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Playfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic&ver=6.4.1
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Playfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic&ver=6.4.1
IP 142.250.74.10:0
GET /css?family=Playfair+Display%3Aregular%2Citalic%2C700%2C700italic%2C900%2C900italic&ver=6.4.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mericadvisory.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 17:54:08 GMT
date: Tue, 04 Oct 2022 17:54:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2