r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Wed, 30 Nov 2022 04:23:45 GMT
Date: Wed, 30 Nov 2022 03:44:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21000
Expires: Wed, 30 Nov 2022 09:34:47 GMT
Date: Wed, 30 Nov 2022 03:44:47 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5099
Cache-Control: max-age=115883
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:47 GMT
Etag: "6385df6f-1d7"
Expires: Thu, 01 Dec 2022 11:56:10 GMT
Last-Modified: Tue, 29 Nov 2022 10:31:11 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ixfDp7XjqGGr7Lm1EViyCQEYcUn8L8yzDeOu14LVWDiDX8pyo3slXdXe46piQzH745aawesNExo=
x-amz-request-id: X6TTPD2THQ5MQMJ6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 02:45:42 GMT
age: 3545
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
caringforpoor.com/
198.54.116.190301 Moved Permanently 707 B IP 198.54.116.190:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Wed, 30 Nov 2022 03:44:47 GMT
server: LiteSpeed
location: https://caringforpoor.com/
x-turbo-charged-by: LiteSpeed
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 03:19:39 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1508
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 03:44:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 03:08:56 GMT
cache-control: public,max-age=3600
age: 2151
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5099
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:47 GMT
Last-Modified: Wed, 30 Nov 2022 02:19:48 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash d50e67ae4e07c0788bef0263d712ecf8
b47a2f20cbf3e9ce84bdae9e79d575be6c3fea4c
b2387b250706b0cfef5e971099846be1031ca5f0dff6b4bcd751f8fd1aae8c74
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 03:44:47 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 07:28:02 GMT
Expires: Tue, 06 Dec 2022 07:28:01 GMT
Etag: "b47a2f20cbf3e9ce84bdae9e79d575be6c3fea4c"
Cache-Control: max-age=531193,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 772096295a771c06-OSL
push.services.mozilla.com/
34.216.88.5101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.88.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QXqXmuH/IC7nTaCrAdsJig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BujzwJJ2S4Q4iTzDFb/RZn1emMs=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07b8296613be09905e34b09dce4a203f
c97c67e8c4b1247423d089c028c31e05734f124e
c8c7b7cd00d5818bbe4a4ddb1b734a1b766dc6474cce300171bd5a0947adc6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
caringforpoor.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.8.5
198.54.116.190200 OK 7.7 kB URL HTTP/2 caringforpoor.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.8.5
IP 198.54.116.190:0
File type ASCII text, with very long lines (37905)
Hash 5fd158bd8be8b4f2c8c0688f59acfeae
2c030d9b416562f676255e0ae3f344edddda7cc2
b2b3564d0fa829e8d086c662ac44b527c5dd4fcd4aeebaf6acc23c33b6a1a09d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.8.5 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7664
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/themes/astra/assets/css/minified/menu-animation.min.css?ver=3.8.5
198.54.116.190200 OK 339 B URL HTTP/2 caringforpoor.com/wp-content/themes/astra/assets/css/minified/menu-animation.min.css?ver=3.8.5
IP 198.54.116.190:0
File type ASCII text, with very long lines (3412), with no line terminators
Hash 17e52cb1e1361b36070223738844c2ee
ea041a6a8d3f94395829afac5d34029b366a48a7
96ff24d2f87c6cb19f4cb23b83c457168927eb161ff8c06292d08de6aa1dc3c0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/css/minified/menu-animation.min.css?ver=3.8.5 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 339
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
198.54.116.190200 OK 12 kB URL HTTP/2 caringforpoor.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 07:04:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11616
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/css/dist/components/style.min.css?ver=6.1.1
198.54.116.190200 OK 11 kB URL HTTP/2 caringforpoor.com/wp-includes/css/dist/components/style.min.css?ver=6.1.1
IP 198.54.116.190:0
File type Unicode text, UTF-8 text, with very long lines (64759)
Hash 10fd2eee375bada40b5ddffdc4ac34de
ed573258484dcf13e1d332718de2c3f3dabc59ee
10023af826bac6b01489e4cad1b87033cd880504802224edb8e2298714a29538
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/components/style.min.css?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 01:13:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11293
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/css/dist/block-editor/style.min.css?ver=6.1.1
198.54.116.190200 OK 15 kB URL HTTP/2 caringforpoor.com/wp-includes/css/dist/block-editor/style.min.css?ver=6.1.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5440a85aec11d5c12bbaeea3c088526b
a692d268b70ef0c2e5835c8bafcbdd79e0283b97
bcd1016fde66b03d7a78207d35fe71bf88770a6c70f94d2841843b3fe794c68d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-editor/style.min.css?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 07:04:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 15113
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/css/dist/nux/style.min.css?ver=6.1.1
198.54.116.190200 OK 681 B URL HTTP/2 caringforpoor.com/wp-includes/css/dist/nux/style.min.css?ver=6.1.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (2210)
Hash 6082c81a40c4b513311b7e71b3c1c506
d5d5eb07756c6786a2b5b7883486888e7918b5a0
9736afd5afaf2e4e49a253a17107e1babba2bb3bfcdf99d40580b6f8d167c0e2
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/nux/style.min.css?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 01:13:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 681
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/css/dist/reusable-blocks/style.min.css?ver=6.1.1
198.54.116.190200 OK 215 B URL HTTP/2 caringforpoor.com/wp-includes/css/dist/reusable-blocks/style.min.css?ver=6.1.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (522), with no line terminators
Hash a2912c9aa2777112caa23949b60c4cd6
c92212a24584baf28722978e421b16f074ba023c
9af4d5ac1032ca6a4f07f8508fdc7002dbefad45b8a162a1bf99d06efce282cd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/reusable-blocks/style.min.css?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Tue, 09 Nov 2021 00:59:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 215
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/css/dist/editor/style.min.css?ver=6.1.1
198.54.116.190200 OK 3.4 kB URL HTTP/2 caringforpoor.com/wp-includes/css/dist/editor/style.min.css?ver=6.1.1
IP 198.54.116.190:0
File type Unicode text, UTF-8 text, with very long lines (18793), with no line terminators
Hash a9ea0441ead0da3a0bf057ff1126e9e1
17add5a09ecdc618c953afa58b93f3f1a9eef426
eb603c3cc83a4254235dc45a6772f29490540e2f882c31b010e8a5b190071bfa
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/editor/style.min.css?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 01:13:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3430
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/chaty/css/chaty-front.min.css?ver=1647379114
198.54.116.190200 OK 4.5 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/chaty/css/chaty-front.min.css?ver=1647379114
IP 198.54.116.190:0
File type ASCII text, with very long lines (20627), with no line terminators
Hash 93c0520598cc431839e8dfc295f3e80e
5b3c31dc00f563b3ae9f6d67d903c0254a09dd8b
c942e9302c4354523b522a69181fead2ebe865e99b2eedaea13b834e0849ee0d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/chaty/css/chaty-front.min.css?ver=1647379114 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 20 Jul 2022 07:48:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4456
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/robo-gallery/includes/extensions/block/dist/blocks.style.build.css?ver=3.2.1
198.54.116.190200 OK 0 B URL HTTP/2 caringforpoor.com/wp-content/plugins/robo-gallery/includes/extensions/block/dist/blocks.style.build.css?ver=3.2.1
IP 198.54.116.190:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/robo-gallery/includes/extensions/block/dist/blocks.style.build.css?ver=3.2.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:38 GMT
accept-ranges: bytes
content-length: 0
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
198.54.116.190200 OK 848 B URL HTTP/2 caringforpoor.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
IP 198.54.116.190:0
Hash c962ba8e7d42ff9da18392b41dad5151
7b89bc5e6ad161df2e6d7f7fb3ad894aa04b827f
322a4949c5bdd82eb80c13bbbd407ce30a7ad226685c54270d246cb6960e524e
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Sat, 01 Oct 2022 07:34:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 848
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.8.5
198.54.116.190200 OK 334 B URL HTTP/2 caringforpoor.com/wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.8.5
IP 198.54.116.190:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 2c050b2ab2a3224dfdef5da481224d3c
1b7f0ef5dabd3c51ff834d1c6b8add92de38d97b
9af607f84b802615b08b4b25c9d38a922fa86fca149a8531d46ca45b507ef96f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/css/minified/compatibility/contact-form-7-main.min.css?ver=3.8.5 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 334
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css?ver=6.1.1
198.54.116.190200 OK 96 B URL HTTP/2 caringforpoor.com/wp-content/plugins/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css?ver=6.1.1
IP 198.54.116.190:0
File type ASCII text, with CRLF, CR line terminators
Hash 6510ecad4ef6a328cabe2d4aa884c797
84caa6684e78b6dec70787f6764e1908f82c6966
4e0034001f2578d4a60ec43d8bbbef16c4f6b4b4275cf8b0ff62e4b76d48e24b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpcf7-redirect/build/css/wpcf7-redirect-frontend.min.css?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 96
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/give/assets/dist/css/give.css?ver=2.21.4
198.54.116.190200 OK 13 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/give/assets/dist/css/give.css?ver=2.21.4
IP 198.54.116.190:0
File type ASCII text, with very long lines (57886)
Hash 3355ec1a2d7c2643807d2c30665c3fe3
4ba93b1f39de5a2a02b145eab13964bea5a082ee
cf7c78a01a4c724c383fa40f3c1ba04bcd54313a45854136c3126e0cff27c2a1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/give/assets/dist/css/give.css?ver=2.21.4 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 20 Jul 2022 07:51:53 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 13357
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/give/assets/dist/css/give-donation-summary.css?ver=2.21.4
198.54.116.190200 OK 465 B URL HTTP/2 caringforpoor.com/wp-content/plugins/give/assets/dist/css/give-donation-summary.css?ver=2.21.4
IP 198.54.116.190:0
File type ASCII text, with very long lines (2040), with no line terminators
Hash 185f1e97cc39471d061069c390549731
efa811a604fed550eddb8a632ac1c1f0b778a420
45db2851c98e3f6e401fcda75015c95f2ce4886889b1ce23f94385d266b819d9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/give/assets/dist/css/give-donation-summary.css?ver=2.21.4 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 20 Jul 2022 07:51:53 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 465
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
198.54.116.190200 OK 3.6 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
IP 198.54.116.190:0
File type ASCII text, with very long lines (19082)
Hash c54194973223c8fb2d65ff2f82892361
5eb520a61c4848ce45e75ae155b9c1c06450dfce
fd060c3033814417ed00d38431de738a353b3af24b3774afb848c157827c13b1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3603
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 24cd9172256d4dd9c7033c9e4233162e
121caa20567fd40f11394351025e4a72b54bc426
7ef86cef14d6eeae538e322d9b23412d9a0212bf53f5f13ecaa12a2f0f637b22
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 03:44:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 01:53:52 GMT
Expires: Wed, 07 Dec 2022 01:53:51 GMT
Etag: "121caa20567fd40f11394351025e4a72b54bc426"
Cache-Control: max-age=597542,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77209630ac131c06-OSL
caringforpoor.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.7
198.54.116.190200 OK 13 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.7
IP 198.54.116.190:0
File type ASCII text, with very long lines (65497)
Hash e5b7a38c70333a112e8eafea9f0b9a6a
b5e143591d76c6ecb03ed8dcb7de0ada826d42cd
0f9f1ddc0289aa667089e51230d030b5fe6f5697fcfe2e127dca7bad1159b75d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.6.7 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12890
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/elementor/css/global.css?ver=1654888807
198.54.116.190200 OK 756 B URL HTTP/2 caringforpoor.com/wp-content/uploads/elementor/css/global.css?ver=1654888807
IP 198.54.116.190:0
File type ASCII text, with very long lines (6697)
Hash 8279d3577a82c8463dfc3cf01541839a
7e502015d5e7b447c9e52fc84628ecccb3cfae8b
23a28162517834a628d34673fd29e47d61c5580d30a2bf7df91cec8eb3672562
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/global.css?ver=1654888807 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 756
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
198.54.116.190200 OK 2.4 kB URL HTTP/2 caringforpoor.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
IP 198.54.116.190:0
File type ASCII text, with very long lines (11256), with no line terminators
Hash ce94f62588d05264ac0148712111cb11
518bcd922f54169aeb199c0ccbc5877165ac218e
84ab658a69c39f424be0b27f61d612447d01606fce33beb962cbea53627d8c81
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 30 Sep 2020 01:23:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2394
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
198.54.116.190200 OK 982 B URL HTTP/2 caringforpoor.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (4186), with no line terminators
Hash 24f4d7f425e792ab35adaab50816e54a
9e25bf79b674ddb7ba09ad7f118c50ec473c02c8
1c78bfb4d523785a4ebd37bb1f79f214f9bdb16673f7cc50805f7f1a26ad7f83
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Sat, 08 Jun 2019 06:15:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 982
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
198.54.116.190200 OK 12 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 198.54.116.190:0
File type ASCII text, with very long lines (57726)
Hash f463afd8661ddc733305df1f0cbdaff2
77262f0209e75e340eb7014aba9cd8d69966032f
c4b6541be58a0ca61549cd4562850315077880c459c019f01e835cf2d7b764de
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12133
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
198.54.116.190200 OK 30 kB URL HTTP/2 caringforpoor.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Mon, 19 Sep 2022 23:46:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30324
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
charity.caringforpoor.com/wp-content/uploads/2021/12/b79b5555ba2cadcff80c7896c3423f73.logofinaldf-e1521645906180.png
198.54.116.190200 OK 2.6 kB URL HTTP/2 charity.caringforpoor.com/wp-content/uploads/2021/12/b79b5555ba2cadcff80c7896c3423f73.logofinaldf-e1521645906180.png
IP 198.54.116.190:0
File type PNG image data, 182 x 85, 8-bit colormap, non-interlaced\012- data
Hash 6dd14bd1906cd231cb083faa51080680
7186dfa2be9c3d8d8a8f9a1cc126303aec885b71
0abdaccfa00110418f0a84dba827b38b29c0eb2217975ec045cd555714590dfb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2021/12/b79b5555ba2cadcff80c7896c3423f73.logofinaldf-e1521645906180.png HTTP/1.1
Host: charity.caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Thu, 30 Nov 2023 03:44:48 GMT
content-type: image/png
last-modified: Wed, 22 Dec 2021 09:20:09 GMT
etag: "a37-61c2edc9-0;;;"
accept-ranges: bytes
content-length: 2615
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
referrer-policy: no-referrer-when-downgrade
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/chaty/js/cht-front-script.min.js?ver=1647379114
198.54.116.190200 OK 14 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/chaty/js/cht-front-script.min.js?ver=1647379114
IP 198.54.116.190:0
File type ASCII text, with very long lines (55160), with no line terminators
Hash 2e03fe1aa50cde3440fd557cfc1baaa1
e01d39e1484dc030bf99038f7e2d8574adcd14d3
ba22a21f4163041da68ea2c8b266910ce99d45874aa8d3a3fe75c7cb51d6e7dd
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/chaty/js/cht-front-script.min.js?ver=1647379114 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:48:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 13590
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/country-state-city-auto-dropdown/assets/js/script.js?ver=6.1.1
198.54.116.190200 OK 683 B URL HTTP/2 caringforpoor.com/wp-content/plugins/country-state-city-auto-dropdown/assets/js/script.js?ver=6.1.1
IP 198.54.116.190:0
File type ASCII text, with CRLF line terminators
Hash 5adc2aacfd2347d00da19ceb23818db6
7c287c08f39d32c7cc313c0d8c2476d4ca1fa1df
261a4a357d22974c52864c4d8270710c386b4a2205f8ce41cdeb343dd2e535c1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/country-state-city-auto-dropdown/assets/js/script.js?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 683
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
198.54.116.190200 OK 2.4 kB URL HTTP/2 caringforpoor.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP 198.54.116.190:0
File type ASCII text, with very long lines (6475), with no line terminators
Hash 4e773d7cec56bacab6d2db420be6f262
c95573d884c1caec0ec9c6f3e2a8c0fbf28d939a
5c8839d0b02f21e8d83d856bbf85a6b87fbedf9ba0b70711b11a1c378d5443e7
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 21:34:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2354
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
198.54.116.190200 OK 6.3 kB URL HTTP/2 caringforpoor.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 198.54.116.190:0
File type Unicode text, UTF-8 text, with very long lines (17819), with no line terminators
Hash fecbc00e8af71d8cfb678cd811c7cb2e
44e5dd77f62cb5c67271442b75cdff10d45f2f8d
d6f03fb4728d0c23251451df8d66b5107d3c87458dc624aacfbad437e99d01f1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 01:13:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6335
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
198.54.116.190200 OK 1.6 kB URL HTTP/2 caringforpoor.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
IP 198.54.116.190:0
File type ASCII text, with very long lines (4875)
Hash 06a8ac0e71976bc143cfa7861a31169d
def6031fe13259bf17752661832d815e37068bf2
e6f42d97e7299522bbb002364128fdf72cd22263ca72c5edc41dcd8f4672cd33
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Mon, 11 Apr 2022 21:34:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1575
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
198.54.116.190200 OK 3.7 kB URL HTTP/2 caringforpoor.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
IP 198.54.116.190:0
Hash f7acc55c5b34188d3e66c5f2ecf3ba80
802270f7a221e406af63d622d364b119d912c15b
826c4e13764f5bf1bd0a17f2e693d943f8605df1024815f67f43694f4338b713
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Sat, 24 Sep 2022 05:25:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3717
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
198.54.116.190200 OK 286 B URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 198.54.116.190:0
File type ASCII text, with very long lines (483)
Hash 8828fa3c5bdcfa66615714a2b8c9d807
4f556d0b005ac7754af607418df445f8cf98e8b1
16950dcce60bc3ee2613b60439c99e7ed74d10245f59fe6f68346b7e72dd95e7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 286
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/elementor/css/post-7.css?ver=1668825475
198.54.116.190200 OK 1.7 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/elementor/css/post-7.css?ver=1668825475
IP 198.54.116.190:0
File type ASCII text, with very long lines (21652), with no line terminators
Hash 051eaae68f9af3e3ac84951c45a95803
ce82c3ee0962097f663468fe6321f6ca9abd2a3d
e64e84cabdd2679977a52fc8d56975f9357d6a7fc04232c42a52d1d58180dec0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-7.css?ver=1668825475 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Sat, 19 Nov 2022 02:37:55 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1701
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
198.54.116.190200 OK 4.6 kB URL HTTP/2 caringforpoor.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Tue, 12 Apr 2022 15:26:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/elementor/css/post-5.css?ver=1654888807
198.54.116.190200 OK 340 B URL HTTP/2 caringforpoor.com/wp-content/uploads/elementor/css/post-5.css?ver=1654888807
IP 198.54.116.190:0
File type ASCII text, with very long lines (1292), with no line terminators
Hash 282b6c78fcbc5f8ff2ccc8769d18c4a5
9976f572e591a9bb2140ee6fe7fc1b0607ab0f6f
d18a328c29374a279ee5c1c752597426a7ad31f92b5b767f3b7f1cfefe49c027
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/elementor/css/post-5.css?ver=1654888807 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 340
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/wpcf7-redirect/build/js/wpcf7r-fe.js?ver=1.1
198.54.116.190200 OK 1.5 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/wpcf7-redirect/build/js/wpcf7r-fe.js?ver=1.1
IP 198.54.116.190:0
Hash 1dc80a70d7f75f57a900bdd70b0f7bd1
0f908d59bed54bce38cc0ede198ce93060dfff08
6783955ffbbbf01c4e4787b25cb01d3d925d8f04f0bcea548cdd0895e8504387
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/wpcf7-redirect/build/js/wpcf7r-fe.js?ver=1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Fri, 01 Jul 2022 06:57:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1495
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2021/12/b79b5555ba2cadcff80c7896c3423f73.logofinaldf-e1521645906180.png
198.54.116.190200 OK 2.6 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2021/12/b79b5555ba2cadcff80c7896c3423f73.logofinaldf-e1521645906180.png
IP 198.54.116.190:0
File type PNG image data, 182 x 85, 8-bit colormap, non-interlaced\012- data
Hash 6dd14bd1906cd231cb083faa51080680
7186dfa2be9c3d8d8a8f9a1cc126303aec885b71
0abdaccfa00110418f0a84dba827b38b29c0eb2217975ec045cd555714590dfb
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2021/12/b79b5555ba2cadcff80c7896c3423f73.logofinaldf-e1521645906180.png HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: image/png
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 2615
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12743
Expires: Wed, 30 Nov 2022 07:17:12 GMT
Date: Wed, 30 Nov 2022 03:44:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6bad627-8bb4-4de1-a2da-92da8f9ec614.webp
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6bad627-8bb4-4de1-a2da-92da8f9ec614.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 536cd283dee06cf1ceb9e15e4850db92
47aafca572d34f9726a0174ac902178556e581d8
63a5acf87962da6656f828422545af0ccc0888f0a2a15ebd2160ffb3714e6241
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6bad627-8bb4-4de1-a2da-92da8f9ec614.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7658
x-amzn-requestid: e729e5b6-0c92-4ed3-b449-4a30d5bb4b89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEyEQSIAMFWsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1e-1bba7e9a2d15d66779b1896c;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AuN9hTb4YydNZjvpnTGyE313wl-O3F_p4jC_NUSe8kr3RB_4AjOEMw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 20904
etag: "47aafca572d34f9726a0174ac902178556e581d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffcc0013-bfb7-45fa-bdf2-4b7a90daae54.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffcc0013-bfb7-45fa-bdf2-4b7a90daae54.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7c72c70f2b8be44dd384abb4b4a6fdd
eed94c5cb2a5810e985894af5d5f73238a83e136
49a560a81471ad567067dfa4be4bc02d592eeac9ac5bf5376e67f8c93d2ef0d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffcc0013-bfb7-45fa-bdf2-4b7a90daae54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8953
x-amzn-requestid: 65d5d2d4-62aa-4d5b-abd4-1aa52eb3550f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhXeFPgoAMFojw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c2f-6eaf6ebe4bb408d51abe0660;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:39:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: eaHewme8XoihwsQG6A7wFXSZDwd_hUXQmBgpUJj85lr55x5UdaIUgQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:52:51 GMT
age: 21118
etag: "eed94c5cb2a5810e985894af5d5f73238a83e136"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F265a94d3-cdf4-4682-bcea-7cb1b79bc860.png
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F265a94d3-cdf4-4682-bcea-7cb1b79bc860.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9fb14804c284e300f976848e30396e9c
6004b4b7afd22dded903f026d245bc90a6706767
1cf96b0b6c83f182d018fa4ffb9924038bf282755091e7bacff2a624220260d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F265a94d3-cdf4-4682-bcea-7cb1b79bc860.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13195
x-amzn-requestid: 1303b72c-fe18-46a3-b3c1-06f3b8550d90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvHW6oAMFxgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1b3dbbb005a238117076d1f3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pw2Wm8mI8MxRAOVsdvvWLEuxPN5ffcgWBZ_KecuuS5stoTHF4hxECg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:08:33 GMT
age: 20176
etag: "6004b4b7afd22dded903f026d245bc90a6706767"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05196ec43964cf559caa0c0279148d62
6170d6776615503e3e29f86783febc3e3e78ca66
47f3a5cde661987e3496ce110a0170b10087dd9ba8d4fd691c4830587ba3fa3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2730750-552d-4852-8ce1-503874565f75.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9051
x-amzn-requestid: 1032dd9c-a15e-4e8a-9c81-07419e8caf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhGvEMNIAMFaKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bc4-1005c20a33320dbf6567ca31;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: IMaVlQblNnh9mFKwb2LG7hw7h_f1_nVYqO4aEUqY01a2HofnnQqcFQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:31 GMT
age: 21318
etag: "6170d6776615503e3e29f86783febc3e3e78ca66"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87a30da8-85ab-41b8-bac9-b9c57f447d6a.webp
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87a30da8-85ab-41b8-bac9-b9c57f447d6a.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 33ee67e62c49fc8d51f18df313002aac
3d8c927b6945d880f92d4e7a686cad5a9985e8ad
ba6e66e07cd93219926927fd2b468a92b8d02cc9bf1da0b3b9a3c48da160bbdc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87a30da8-85ab-41b8-bac9-b9c57f447d6a.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9670
x-amzn-requestid: d9a529ac-9dc6-4e12-80c5-3250dc97e7bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcFiAoAMF0nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-116ddf09265d51523c3638b3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5BnByLndiK0korBr44MDgK6sgRBPooy2LE_2NjVIQhiTfmAdLupnZw==
via: 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:49:34 GMT
age: 21315
etag: "3d8c927b6945d880f92d4e7a686cad5a9985e8ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e00769bd1391b8f4f5b8ab128a825355
e4ddf955e8ac1986045ed55880c43c69e588a021
81ca4d20c28fed8fd3135515daadc1fdbfb4198535d7c46021b418b8b98e59a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bb1888-5971-4b4a-923b-dc9d4050182b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7298
x-amzn-requestid: 381e55bb-876b-46ad-84b6-1ddf9f876f56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDcE3poAMFaAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-7c12394600900afc7281e858;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8heT2eN5oLbO14R9qLq78Vma_TkteufTyKM5i3K2XoJYXfWNwLMEwQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:25 GMT
age: 20904
etag: "e4ddf955e8ac1986045ed55880c43c69e588a021"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1
198.54.116.190200 OK 479 B URL HTTP/2 caringforpoor.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (1191), with no line terminators
Hash 62b3593ce258f7488f936d31b1ab1b6e
34c14a9bf90463e4456add8d8d039453b8bb8b8e
be4b9efdf77f14940f6b8aa22e7287411cf0377f99009d49276b5cfa47c4f3ad
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Sat, 09 Apr 2022 05:37:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 479
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
198.54.116.190200 OK 6.8 kB URL HTTP/2 caringforpoor.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 198.54.116.190:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 3d0ff0f6731d9cef860af9a5a0e3ce62
13aed444304d782039e261475c8b4450b83e743e
e8d05db77732c71843ced6f386ea82eb32243ac36e7ca3e071cb7f53e2ffbce5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Sat, 24 Sep 2022 05:25:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6800
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/robo-gallery/css/gallery.css?ver=3.2.1
198.54.116.190200 OK 12 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/robo-gallery/css/gallery.css?ver=3.2.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (4685)
Hash db7855bca5fe27f6c9a4b0b7fd17b536
cbb871429db861206d73cf944766788079a5f5a6
2e2911b9815891dec99103265c72ee198d0cab3a63fb04754055e458dfce38d6
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/robo-gallery/css/gallery.css?ver=3.2.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11515
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.8.5
198.54.116.190200 OK 3.8 kB URL HTTP/2 caringforpoor.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.8.5
IP 198.54.116.190:0
File type ASCII text, with very long lines (16732), with no line terminators
Hash 5cbb7495ecce9078ffc45fb8beda6814
b4452eea5f385bb96556031f9d5449e2cc2bd456
dbcdfc0f92303b04e9e1e826854ba34a0781b6b6a11b89317e48442ef830739b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.8.5 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Fri, 01 Jul 2022 06:57:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3786
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/css/widget-icon-box.min.css
198.54.116.190200 OK 755 B URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/css/widget-icon-box.min.css
IP 198.54.116.190:0
File type ASCII text, with very long lines (12953)
Hash 34b682b34fb9aea1324070b5c7d84665
4a32182b7636aa32f37f1b940811062e1f096c60
422998629b33a022235eb4c508e9358cf2199ebb4f6640385e63b5207e020b1a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/css/widget-icon-box.min.css HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 755
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.7
198.54.116.190200 OK 2.4 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.7
IP 198.54.116.190:0
File type ASCII text, with very long lines (10019)
Hash d2db71c82a8f672aea59a3e050cd8cd7
af626566f94b3164e4310288cfb142431e8349a6
bcd2c9c2ba22a48a8fabf9fbe5e947deb6404367e4be24f48326e302aead1180
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.6.7 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2442
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
198.54.116.190200 OK 3.7 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP 198.54.116.190:0
File type HTML document, ASCII text, with very long lines (12211), with no line terminators
Hash b3777786fbf0ac18aa59c687154a9db8
3f24b0cfae49dc3e70f149edaf203a661cd59c88
8e3993f3b5eb33611a7c40d80d1cb048b4329ebb9ad0d9e8eb583e48fda70bb5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Sat, 01 Oct 2022 07:34:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3689
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/robo-gallery/css/gallery.font.css?ver=3.2.1
198.54.116.190200 OK 5.1 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/robo-gallery/css/gallery.font.css?ver=3.2.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (23557), with CRLF line terminators
Hash c96d917cb4b40c20b210e9f7803c0d42
e9844ffa8810b6e9a7f93bea863c5a2a2c7ce691
d35cbd8b17355aabcaf8c2acd1fc99ff1166da24ef94d0a78804fcda4eda2d88
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/robo-gallery/css/gallery.font.css?ver=3.2.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5121
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
198.54.116.190200 OK 2.8 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP 198.54.116.190:0
File type ASCII text, with very long lines (9680), with no line terminators
Hash 8a91034fce0e4a2464d2170d38d31382
f00c20cfcbd136ee9aa20d07085c10f470548fe4
1a8f0bcd2b76caf977b08ed30bdd29eb77405ca4c1fe2315b41f8fe2542f1528
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Sat, 01 Oct 2022 07:34:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2799
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/robo-gallery/cache/css/robo_gallery_css_id827_62aa21a402a83.css?ver=3.2.1
198.54.116.190200 OK 382 B URL HTTP/2 caringforpoor.com/wp-content/plugins/robo-gallery/cache/css/robo_gallery_css_id827_62aa21a402a83.css?ver=3.2.1
IP 198.54.116.190:0
Hash 27d792d48014552ca8ee5cd530750bf7
22aa2012847d780dc2cce540a4c157a5debb108f
8860368a1d0a6e15b2e9ebde109c5e8214cfa320dd0912f8b4e484761657f4d5
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/robo-gallery/cache/css/robo_gallery_css_id827_62aa21a402a83.css?ver=3.2.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: text/css
last-modified: Fri, 01 Jul 2022 06:57:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 382
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/give/assets/dist/js/give-donation-summary.js?ver=2.21.4
198.54.116.190200 OK 2.8 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/give/assets/dist/js/give-donation-summary.js?ver=2.21.4
IP 198.54.116.190:0
File type ASCII text, with very long lines (8455), with no line terminators
Hash f0e7e992f46e6bc78cf8bf42eb4088ae
78c5a9b855fe0b36772c43cd05f697245e3b9a1c
2b3d5d5696ab3666e08b84b4d1807fe9e940f1b43a2cabe7ffd399565d5a7dc0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/give/assets/dist/js/give-donation-summary.js?ver=2.21.4 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:51:53 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2817
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1
198.54.116.190200 OK 677 B URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1
IP 198.54.116.190:0
File type ASCII text, with very long lines (1801), with no line terminators
Hash db051acb4889a24419e22987f52524e0
9203ad9b9d24b786801743b1e007e52980d5bed1
09a2aeba1874512f5c34d52f523ac86bebb479dbc02f0875e7e1ba1d63783908
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 677
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1
198.54.116.190200 OK 392 B URL HTTP/2 caringforpoor.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1
IP 198.54.116.190:0
File type HTML document, ASCII text, with very long lines (906), with no line terminators
Hash 200d0ec78a54a35bb97450e75bddfe52
25a0c90e7c2a7f49b4d5abf3165eb2d03849c2cb
9555fae27002a4036ca476b62143a67552e3870a1ff46c5869611b5edbe1deac
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Thu, 21 Jan 2021 00:05:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 392
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.7
198.54.116.190200 OK 4.5 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.7
IP 198.54.116.190:0
File type ASCII text, with very long lines (14448)
Hash 85b41d38a05d2fbd570f18c349fc09ca
cb33cf6cf0701a2dd32703c30b1bfab7f0a76a8f
98a4724f05c19c151855e7dd5666f9988104421aac368502e03c2bfcdbf0c8c0
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.6.7 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4474
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
198.54.116.190200 OK 2.9 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 198.54.116.190:0
File type ASCII text, with very long lines (12198), with no line terminators
Hash 869caa171b68cbec9fee5abbfb944ee8
f237e485e41f88b77384cfdb880f9d5a8f46eac8
25c2896e2790fb0e52f6b6ba1ce97bd87eb40463b4bb65ba16ad434c1d7a36dc
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2867
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.7
198.54.116.190200 OK 2.0 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.7
IP 198.54.116.190:0
File type ASCII text, with very long lines (4918)
Hash 1ec4fc00a37aae335c68dd884533680c
b47006b462bd0daca1ab40ddba35bebb3dc0958e
a44f7e0161a111434ec9b66f402a73b98188a044353e0ce2f0209d1bea515fd7
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.6.7 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2046
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.1.1
142.250.74.74200 OK 12 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.1.1
IP 142.250.74.74:0
Hash d096365771ef901394d0dc838ee7d613
54311c9e7e32cef93dc17c91b355c0554e32b9fd
cad9a6ef30af38765b69bc451adfd803b304307827163c920a0cee48b7f0c71d
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.1.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Nov 2022 03:44:48 GMT
date: Wed, 30 Nov 2022 03:44:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/give/assets/dist/js/give.js?ver=54434f04079f3f89
198.54.116.190200 OK 49 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/give/assets/dist/js/give.js?ver=54434f04079f3f89
IP 198.54.116.190:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 619ed8a413d9c768fe9998ffec8b8a60
4997cd479d15679634251ef7cf7640c8964a0a58
b0e0f08a1708c0b0875c7cf3fb921a99c7e954d98eef7e37d1157a58690c0cc1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/give/assets/dist/js/give.js?ver=54434f04079f3f89 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:51:53 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 48995
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
198.54.116.190200 OK 36 kB URL HTTP/2 caringforpoor.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
IP 198.54.116.190:0
File type ASCII text, with very long lines (65266)
Hash eabd3755fb73f0e4ef1ac6e474373dd8
cd92121ebac48f10a27821172202bb1d06267663
37f62084aa872e3b695e87f549c236fda5828bc68036875a771768cd90bf2436
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 23:51:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 36433
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6c84ab982b44868fab9bd9cb08e76b88
238cddf556720f5ea7e30e2c1da69fb00a7b9ce6
cb5f0ca9270b8c6ca217526228f4ef5d9539e2a5f7edcb7d731326407b2523ce
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5105
Cache-Control: max-age=169178
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:49 GMT
Etag: "6386af9a-1d7"
Expires: Fri, 02 Dec 2022 02:44:27 GMT
Last-Modified: Wed, 30 Nov 2022 01:19:22 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
192.229.221.25200 OK 3.1 kB URL HTTP/2 www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
IP 192.229.221.25:0
File type GIF image data, version 89a, 147 x 47\012- data
Hash 3ed0eaf21fb245cd89456c2756889741
7f7727028800623e8d82f346ca1752b56b7edcbb
33a91bd6d378215fcd413c279aa88d48bda6c8b2ef7695892777c87de37de256
GET /en_US/i/btn/btn_donateCC_LG.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/gif
date: Wed, 30 Nov 2022 03:44:49 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "60afaa97-c1b"
expires: Wed, 30 Nov 2022 04:44:49 GMT
last-modified: Thu, 27 May 2021 14:20:07 GMT
paypal-debug-id: 2b4c172ba8a6d
server: ECAcc (ska/F6EC)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
x-content-type-options: nosniff
content-length: 3099
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://caringforpoor.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:54 GMT
expires: Thu, 23 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 547855
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 49eee25f3ccd585a29e34e80cf5bb160
73eca8be91deedd049304862759a3d8084c0b07e
531e5685527861b3ed7e8e3865c5a6a40d3f92f5c9d89df3f385dab72406fb56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://caringforpoor.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:34:15 GMT
expires: Thu, 23 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 547834
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
216.58.207.227200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://caringforpoor.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 12:29:21 GMT
expires: Fri, 24 Nov 2023 12:29:21 GMT
cache-control: public, max-age=31536000
age: 486928
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://caringforpoor.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:33:56 GMT
expires: Thu, 23 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 547853
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
caringforpoor.com/wp-content/uploads/2022/01/health-1024x819.jpg
198.54.116.190200 OK 62 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/health-1024x819.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 1024x819, components 3\012- data
Hash 2643a6087fc71a2d73d6b16bde54259e
5808258b3c10d1f0decbda2fc1b264bc24065fd3
352fa11405366fac530799f9929739a30678619967b05c451947b51441b736af
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/health-1024x819.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 62068
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/robo-gallery/js/robo_gallery.js?ver=3.2.1
198.54.116.190200 OK 43 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/robo-gallery/js/robo_gallery.js?ver=3.2.1
IP 198.54.116.190:0
File type Unicode text, UTF-8 text, with very long lines (37100)
Hash 5f3e68bda84735373a4f9eb8bfd6517b
7e874a3c55cec3b14d70e90298ccbf25769dfae1
92077d5bb0a97339e549814bf450ef4050a468b71827d603a38ff01df96331dd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/robo-gallery/js/robo_gallery.js?ver=3.2.1 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Fri, 01 Jul 2022 06:57:38 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 43118
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/water-1024x819.jpg
198.54.116.190200 OK 73 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/water-1024x819.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 1024x819, components 3\012- data
Hash 2ef6aa61e20811e054d01dc5a720cc9b
88c0c72b43f580552c8ffc62d624ca3f40f70ecd
a6a3725a51281cf64c36bc5d4ed9bb837d5bfa846de459f30075302f92a1d6e5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/water-1024x819.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 72584
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/
198.54.116.190200 OK 142 kB IP 198.54.116.190:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (53124), with CRLF, LF line terminators
Size 142 kB (141768 bytes)
Hash d8b4c85c8b778c6c41714e49dada9d4a
aecfb4ab988eb9ecf32ebf37f046385901c7e5f7
b1487e4a9c0453a7b0f0e1cd7c9e00c32f228b73041f9a31499408a0b865b384
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
link: <https://caringforpoor.com/wp-json/>; rel="https://api.w.org/", <https://caringforpoor.com/wp-json/wp/v2/pages/7>; rel="alternate"; type="application/json", <https://caringforpoor.com/>; rel=shortlink
etag: "547-1669778329;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 03:44:47 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins%3A700&display=fallback&ver=3.8.5
142.250.74.74200 OK 98 kB URL HTTP/2 fonts.googleapis.com/css?family=Poppins%3A700&display=fallback&ver=3.8.5
IP 142.250.74.74:0
Hash c957aaeb264f29da177bcba2312668ec
23301a117a05151a6433c784ebcaa4a00522656a
91cdef20129ba1bdbb2718863b357d25b410426b67494fe204640b0aeb7fac80
GET /css?family=Poppins%3A700&display=fallback&ver=3.8.5 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Nov 2022 03:44:48 GMT
date: Wed, 30 Nov 2022 03:44:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/Sehri-1024x819.jpg
198.54.116.190200 OK 102 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/Sehri-1024x819.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 1024x819, components 3\012- data
Size 102 kB (102459 bytes)
Hash 282549bbaf9e796de26a1aab5f204af3
18c1dc1089ea49b6547a9e595ea9f603560ebb9c
826f4870a2a1081c4d762768a13187e9871d56d06fe93f26845af6b77ec218f4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/Sehri-1024x819.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 102459
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/food-1024x819.jpg
198.54.116.190200 OK 101 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/food-1024x819.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 1024x819, components 3\012- data
Size 101 kB (100954 bytes)
Hash 4099d5b2f6a9dc3ce65abdda33f81bee
75d22f8996ae3d6b3a9c70e68eaeaf71c1d3b6de
06699ec085fd1715bf5007bb30ff9f93ff08a9d3b78089b6afcfb0fa9ded8dd9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/food-1024x819.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 100954
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
198.54.116.190200 OK 78 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
IP 198.54.116.190:0
File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Hash e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://caringforpoor.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:49 GMT
content-type: font/woff2
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-length: 78196
date: Wed, 30 Nov 2022 03:44:49 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.15.0
198.54.116.190200 OK 92 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.15.0
IP 198.54.116.190:0
File type Web Open Font Format (Version 2), TrueType, length 92444, version 1.0\012- data
Hash e5d9164498f1649084fe6fb95d3ad593
29e71123f8ef22f20f8d50bc4caac9db6e04a824
1525cd3ea05d1c00e4b385e781749c3bac5c01570b5800198bec0a252bb6c715
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.woff2?5.15.0 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://caringforpoor.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:49 GMT
content-type: font/woff2
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-length: 92444
date: Wed, 30 Nov 2022 03:44:49 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/robo-gallery/css/fonts/fontawesome-webfont.woff2?v=4.3.0
198.54.116.190200 OK 57 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/robo-gallery/css/fonts/fontawesome-webfont.woff2?v=4.3.0
IP 198.54.116.190:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/robo-gallery/css/fonts/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://caringforpoor.com/wp-content/plugins/robo-gallery/css/gallery.font.css?ver=3.2.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: font/woff2
last-modified: Fri, 01 Jul 2022 06:57:38 GMT
accept-ranges: bytes
content-length: 56780
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
198.54.116.190200 OK 600 B URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
IP 198.54.116.190:0
File type ASCII text, with very long lines (1320)
Hash bc98ab1b431fd2f098e496599460bb50
1cc6510fb465d16e0b2772c0514fcbb4d68d9ba1
0b9d1e73e8cb6c092f10b431bb4a02802d55551f716a8adf67d136cd295e96c0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 600
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/js/image-carousel.e02695895b33b77d89de.bundle.min.js
198.54.116.190200 OK 1.1 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/js/image-carousel.e02695895b33b77d89de.bundle.min.js
IP 198.54.116.190:0
File type ASCII text, with very long lines (2738)
Hash 2d57b316c375e8c333d68a0c02049073
6a78020d621d2fd5841e0af9ae854d6f598d112c
9e79fa003ac09ccca33eb12d285db04771475a64c9cdc441e099e8e3c8afcc30
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/image-carousel.e02695895b33b77d89de.bundle.min.js HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1107
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/js/video.d86bfd0676264945e968.bundle.min.js
198.54.116.190200 OK 1.3 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/js/video.d86bfd0676264945e968.bundle.min.js
IP 198.54.116.190:0
File type ASCII text, with very long lines (3459)
Hash 64cf55344a072ecd466a32203c4e76f4
ead9e277669fccbe3473562d4a90540b0197a69e
b498c2f005adec63c3e62741ca3353acff93ea7a135adf88bc80bce29564fe47
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/video.d86bfd0676264945e968.bundle.min.js HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1277
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/js/counter.02cef29c589e742d4c8c.bundle.min.js
198.54.116.190200 OK 423 B URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/js/counter.02cef29c589e742d4c8c.bundle.min.js
IP 198.54.116.190:0
File type ASCII text, with very long lines (872)
Hash 8b7b9502bab473e38e1b85499ff5c917
8e9afc1f79eccd07a3d2608e134a53f6247ac8da
931f2d765282ea7086dd6bb2460795786e24d7772e2107cde0bfdb1ad4ba2fa9
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/js/counter.02cef29c589e742d4c8c.bundle.min.js HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 423
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/IMG-20200127-WA0010-300x225.jpg
198.54.116.190200 OK 20 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/IMG-20200127-WA0010-300x225.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 300x225, components 3\012- data
Hash 54d647e89519833819f5e457e84b3769
8ad5983eb8c19c7f8bd496858a64827b18d9c74b
cfd2d7e00aa19be646b6e75fa7b488cc5a49d2774dde078df5c3c620dc3d9c5d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/IMG-20200127-WA0010-300x225.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 20243
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/IMG-20200127-WA0014-1-225x300.jpg
198.54.116.190200 OK 18 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/IMG-20200127-WA0014-1-225x300.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 225x300, components 3\012- data
Hash 436b4d44d245b91a320a18a209545d2a
4cb468857a7a49b98c75d6f2e8fd61ccf54a3371
fb098f2e5bfc0791a543a60f4fdf89c8cb4d4c39fdd4d9a10c89147ee481d648
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/IMG-20200127-WA0014-1-225x300.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 17647
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/IMG-20200121-WA0008-1-1-225x300.jpg
198.54.116.190200 OK 19 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/IMG-20200121-WA0008-1-1-225x300.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 225x300, components 3\012- data
Hash f9c393bf7ac8f77a5fed5b0bf9fc36dc
b79e1e9b29ae60fd66617255479f2736a4f897ed
5c8d581e4294564c7aadf0c95be848cf78a83a949679d1f4e081da16cf8a7ffd
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/IMG-20200121-WA0008-1-1-225x300.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 19110
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/IMG-20200121-WA0000-1-225x300.jpg
198.54.116.190200 OK 20 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/IMG-20200121-WA0000-1-225x300.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 225x300, components 3\012- data
Hash 19b7de1906880905ddb78b4067079723
83a2deefc0a384fab8a274c6d121b70c6186a67e
79a32a3ab727e3f839044e12f8efbad6afd677bb9d0dcff631b9eb50af60f08c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/IMG-20200121-WA0000-1-225x300.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 19940
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/IMG-20210430-WA0028-225x300.jpg
198.54.116.190200 OK 16 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/IMG-20210430-WA0028-225x300.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 225x300, components 3\012- data
Hash 81dd74e8ac54d0c22e845c5e072a63f7
f3cc1e7a998776e2bc6432736166060c438d5415
7f2f2bd0e8f97b408332adee13dd7e29cea5d9e029b3ecb5c5464ec284a11acf
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/IMG-20210430-WA0028-225x300.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 16308
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/20210410_113035_mfnr-Copy-300x142.jpg
198.54.116.190200 OK 8.4 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/20210410_113035_mfnr-Copy-300x142.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 300x142, components 3\012- data
Hash ef13c894d8d0e6f76168da0791b7c953
9eab1ca228164fed94a94b587edb108c935f1f61
5586fe115256aee84fe3748922c4e4bcb816215725c78b3bdda890836b9d9ae4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/20210410_113035_mfnr-Copy-300x142.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 8381
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/20210409_153934_mfnr-Copy-300x142.jpg
198.54.116.190200 OK 11 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/20210409_153934_mfnr-Copy-300x142.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 300x142, components 3\012- data
Hash 8f7542566770de9e9bd85e961dbcf8fe
9527dfd8e315041df552641764415f36cd061df6
c2ac45419935ee67131a08abe044d3a61ed8bea757d642efe1a892fe22b6f7c8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/20210409_153934_mfnr-Copy-300x142.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 11255
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/water-plant-by-caring-for-poor-13-300x257.jpeg
198.54.116.190200 OK 16 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/water-plant-by-caring-for-poor-13-300x257.jpeg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 300x257, components 3\012- data
Hash 7904bea362665642fddffddbbe25fd09
d4004e4934e65eb797871560f437bfe126c1364e
d640717d45a9838b8db0ed61fee8f30539a3f1b77cd9c766a13fcfe86c4b7d76
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/water-plant-by-caring-for-poor-13-300x257.jpeg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 16397
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/IMG-20200326-WA0017-Copy-300x138.jpg
198.54.116.190200 OK 11 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/IMG-20200326-WA0017-Copy-300x138.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 300x138, components 3\012- data
Hash a12fba1bcfeb03f5a5cda402c7ce2453
3d52d27a4937ca72846eec09f754709a284455ba
7d732683c73aebb5cd494cc6a8b0c77f5f3020a7f818b6e27677216ec140b1de
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/IMG-20200326-WA0017-Copy-300x138.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 10733
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/water-plant-by-caring-for-poor-300x257.jpeg
198.54.116.190200 OK 17 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/water-plant-by-caring-for-poor-300x257.jpeg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 300x257, components 3\012- data
Hash 167f5dbbf3bf451bc1e84050719a7d1b
02d8e1503610e1a7813a814c659a808057a64778
f4a13bb63a83407b69a3a83d15558f9d4edb24da48feee22d868627a8e692235
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/water-plant-by-caring-for-poor-300x257.jpeg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 17138
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/IMG-20200427-WA0004-300x169.jpg
198.54.116.190200 OK 14 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/IMG-20200427-WA0004-300x169.jpg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 300x169, components 3\012- data
Hash 6d4ae5293fefa0ee0afc2f86bf80a401
b1c5f0dfdcdcf21453ef0f763f96661de883a2d0
9c3109f6f97826a028fd3e92bdd13266858ccc5bdf1071911eb0d9444765294f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/IMG-20200427-WA0004-300x169.jpg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 14009
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/robo-gallery/css/icons/loading-image.gif
198.54.116.190200 OK 4.7 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/robo-gallery/css/icons/loading-image.gif
IP 198.54.116.190:0
File type GIF image data, version 89a, 220 x 220\012- data
Hash 39704638c193e3a303592327e2aac167
fff4ddcd6b9acfdb646b17a695e50c09798bc00f
c9eafbba8b2c26b97faa5a80c63cc3029ee0004e840f719951d7c0151d0bc0e4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/robo-gallery/css/icons/loading-image.gif HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/wp-content/plugins/robo-gallery/css/gallery.css?ver=3.2.1
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/gif
last-modified: Fri, 01 Jul 2022 06:57:38 GMT
accept-ranges: bytes
content-length: 4713
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/water-plant-by-caring-for-poor-4-300x257.jpeg
198.54.116.190200 OK 16 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/water-plant-by-caring-for-poor-4-300x257.jpeg
IP 198.54.116.190:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 300x257, components 3\012- data
Hash 06a08814b2d6c41aea51f17069276f36
96778a75f7b993cd667b15a0dd65f46bd915ee36
fb2dd655cadec9e825f193d7f24f7d9f2d3cd73c80cf7ba33a106fae778bbd55
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/water-plant-by-caring-for-poor-4-300x257.jpeg HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/jpeg
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 15595
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
198.54.116.190200 OK 34 kB URL HTTP/2 caringforpoor.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
IP 198.54.116.190:0
File type ASCII text, with very long lines (65280)
Hash 83a90323ac82b98062b4b2c8ac8c5051
d7d376677e3546b756b4fec6219be72b85c4f8f5
7fd68e9ea0ebd35958da46d7373113d1a3646a671217cf2cf471c65c3d710613
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: application/javascript
last-modified: Wed, 20 Jul 2022 07:49:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 34004
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash cd528f6c2c45e38c52095a73a9cd8c68
dca2df874a830edac932136d474453c18d933024
4c7e75aaccb4b74e227ada3b56829f52cb7f14ad05454f7bd6eccf3e94185218
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/iframe_api
142.250.74.14200 OK 994 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.14:0
File type ASCII text, with very long lines (509)
Hash 9fd03c7e9a93b6ec39c541a17655b4a8
5a07dd66226368a0508e46cc795a763d4649486a
bd88e81affa9f65263fbb0295603b5a5cf10dda7a2ba02969e3bb3cc67508159
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Wed, 30 Nov 2022 03:44:50 GMT
date: Wed, 30 Nov 2022 03:44:50 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=32uLMbe9I7c; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=9-qooX9dyig; Domain=.youtube.com; Expires=Mon, 29-May-2023 03:44:50 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+215; expires=Fri, 29-Nov-2024 03:44:50 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/cropped-a8db0b4f2a2401fadd0f1133b2c6251d-1-192x192.png
198.54.116.190200 OK 12 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/cropped-a8db0b4f2a2401fadd0f1133b2c6251d-1-192x192.png
IP 198.54.116.190:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a6d1503d10a77afb8d9a05a2c33be118
2102e565131e557564e1f2905f9690991be7c56e
77fd0f99c46e735435d213f24ca2b342672e3dcbee4beca695341dc3db38a59c
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/cropped-a8db0b4f2a2401fadd0f1133b2c6251d-1-192x192.png HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/png
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 11506
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
caringforpoor.com/wp-content/uploads/2022/01/cropped-a8db0b4f2a2401fadd0f1133b2c6251d-1-32x32.png
198.54.116.190200 OK 1.0 kB URL HTTP/2 caringforpoor.com/wp-content/uploads/2022/01/cropped-a8db0b4f2a2401fadd0f1133b2c6251d-1-32x32.png
IP 198.54.116.190:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 1f271a5aada675d496571b39ee4c9ae6
f70e6b0125417cffee75e704be666f848db10ed0
8f53ad5d6cdd2157b870c4e6f6dc2631f97973ff21d5b37e177e19b9f39aa633
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2022/01/cropped-a8db0b4f2a2401fadd0f1133b2c6251d-1-32x32.png HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Cookie: chatyWidget_0=[{"k":"v-widget","v":"2022-11-30T03:44:49.155Z"}]; activechatyWidgets=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:50 GMT
content-type: image/png
last-modified: Fri, 01 Jul 2022 06:57:36 GMT
accept-ranges: bytes
content-length: 1000
date: Wed, 30 Nov 2022 03:44:50 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 44 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
Hash 79eb56d821e5503d4b5c9d3ffac435ff
6e8870e613a18be2687153091fd8bcd18dc30ee5
6698afd8206efe200f3d1a1fd9ca75c241422f4d2152c9a35c3da8f83b90b15a
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:48:03 GMT
expires: Fri, 24 Nov 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 453408
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 16:40:43 GMT
expires: Fri, 24 Nov 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 471848
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 30462b52571c91f089bed4de98462a46
7e2b322ea5b8f97b2fa76751bcffe2a420f872eb
c5403dfefa9d043ac501963ff09a6d3d70e21f6e6a1b9728183a3490060a4bfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.134200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.134:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 03:36:04 GMT
expires: Wed, 30 Nov 2022 03:51:04 GMT
cache-control: public, max-age=900
age: 527
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.66302 Found 28 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.66:0
Hash 0d503e2d066fbe705c11a7e6f79baee2
779f1a404b25137df641224cdcc1700951eb3dcc
9b5bb89aa6a17ace3c0db97ad0ab89da055d246740b6af015b471dbe538276a4
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Wed, 30 Nov 2022 03:44:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Wed, 30 Nov 2022 03:44:51 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0fe20d41a043db700a84924cd9793f3
c0da481fef6cd00558f6e68b074acb34bef8292f
03caeb65ab9e22f6d6fe0d344d327950d20ee9ed144e2da0e5e062943a03fc56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash eecf6f37fb36c7fd8833e726dc49a8fe
f49002978af6650ee9d30935bfd03aa83f0d168d
74d06e8799b5f0387c7f155576f4a7f1ecb171d7e45913b6dd52d5d358083f1c
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 30 Nov 2022 03:44:51 GMT
server: ESF
cache-control: private
content-length: 31163
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 30462b52571c91f089bed4de98462a46
7e2b322ea5b8f97b2fa76751bcffe2a420f872eb
c5403dfefa9d043ac501963ff09a6d3d70e21f6e6a1b9728183a3490060a4bfc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f1cfa609ebdf236e2f3e3ff25dd05caf
c8117b0187d4d9021ed1a42907bd93d24ed4ebf0
7a2761aa36168d4f2c9034486777f5588aaf0fa1f7d1e55006db7320259303b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/_mW_2QmsfiHfHQzuwJJjeV3lvrJQS7bChqYqZLie29Q.js
142.250.74.132200 OK 14 kB URL HTTP/2 www.google.com/js/th/_mW_2QmsfiHfHQzuwJJjeV3lvrJQS7bChqYqZLie29Q.js
IP 142.250.74.132:0
File type ASCII text, with very long lines (36106)
Hash 7fc7e22ecccb0cfd0ae897bb40a58efe
5d46470a711120793c362235105836fe49e699a4
1907005cab41fbd6d1d67df3b25586f3232e053a261c9e2b2503459f4980b1c5
GET /js/th/_mW_2QmsfiHfHQzuwJJjeV3lvrJQS7bChqYqZLie29Q.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14302
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 27 Nov 2022 10:09:03 GMT
expires: Mon, 27 Nov 2023 10:09:03 GMT
cache-control: public, max-age=31536000
age: 236148
last-modified: Thu, 03 Nov 2022 10:00:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79840cac9f5ae1a38c0faaaf59e7fe82
f76a3e50f566269c574e7f8904021640366dcc56
1f39ccbd6ad4a9c8fcc3e4d7d83c4c21f9e9fd9fd0d98c6b70cd1bbbdfeb7798
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 998e0b25e77b8c23e52ea918d3fc2a29
0f684f95e3c60ef17ff082bfda21de480eff9fb4
360e9b02287b38174bb5bfb64862d049d9e4f998ef8aba036a1bc97bbf30d606
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/FHgOPRcC0FM/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-BIAC4AKKAgwIABABGGEgYShhMA8=&rs=AOn4CLAgg7jczSojyp96jpPzSg4UtZh-wg
142.250.74.86200 OK 19 kB URL HTTP/2 i.ytimg.com/vi/FHgOPRcC0FM/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-BIAC4AKKAgwIABABGGEgYShhMA8=&rs=AOn4CLAgg7jczSojyp96jpPzSg4UtZh-wg
IP 142.250.74.86:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x480, components 3\012- data
Hash 3237ab2cdd1f0fa17ff18c7e5b18349a
b5aa006f4f360590412567355d3082b5b1b88118
bd7b4922fde88d88b05d372b0f9e36dcf33ec8554abd2df0da77dec3f4bb1a7b
GET /vi/FHgOPRcC0FM/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-BIAC4AKKAgwIABABGGEgYShhMA8=&rs=AOn4CLAgg7jczSojyp96jpPzSg4UtZh-wg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 18904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 03:44:52 GMT
expires: Wed, 30 Nov 2022 05:44:52 GMT
cache-control: public, max-age=7200
etag: "0"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 998e0b25e77b8c23e52ea918d3fc2a29
0f684f95e3c60ef17ff082bfda21de480eff9fb4
360e9b02287b38174bb5bfb64862d049d9e4f998ef8aba036a1bc97bbf30d606
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.42200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Wed, 30 Nov 2022 03:44:52 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.42200 OK 110 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with no line terminators
Hash f3347183cd6a40f1bdbb5c3c880807b5
302220ed9fe7b9e3277af8e3599ea8cb9af1799e
fc70fc3909c5f388037703fa1c28fca05a52a3781abf7fcee40f7757d6358d99
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1282
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 30 Nov 2022 03:44:52 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yt3.ggpht.com/ytc/AMLnZu9etkqdig76gFvkr8d2bXY7uMC5NpfYgBcV3mhp=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 1.9 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu9etkqdig76gFvkr8d2bXY7uMC5NpfYgBcV3mhp=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 08dc87969e45923bee779781d92ea9a9
b0f912d35669ac57b5ac06429788de9b23ab3ad1
74f6d807dc10b70d037ac74a3b6fb9ba1a505be419a8a297a3e6c13d09ac08c6
GET /ytc/AMLnZu9etkqdig76gFvkr8d2bXY7uMC5NpfYgBcV3mhp=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 1927
x-xss-protection: 0
date: Wed, 30 Nov 2022 03:44:52 GMT
expires: Tue, 29 Nov 2022 22:16:20 GMT
cache-control: public, max-age=86400, no-transform
etag: "vb"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 897a34657893e7942e54599b41b58229
35fab30aa950bc7c10d0b9fdc16abfea39bf145b
33701f6ce4196f95160d78e0b0804e4bbe75f387d1c1abe179ea7700d93edac4
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 30 Nov 2022 03:44:52 GMT
server: ESF
cache-control: private
content-length: 30896
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 79840cac9f5ae1a38c0faaaf59e7fe82
f76a3e50f566269c574e7f8904021640366dcc56
1f39ccbd6ad4a9c8fcc3e4d7d83c4c21f9e9fd9fd0d98c6b70cd1bbbdfeb7798
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.42200 OK 110 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with no line terminators
Hash fd44ed6507da620f5741a5830fcb69aa
7bd89e522611b1690a5b2622d74577da0b88d911
4097c7ffb1346ff1a87baf4cd58487692fe05e7f0b5bf1cd2e1f3534a3a47fbe
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 978
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Wed, 30 Nov 2022 03:44:52 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5963421c2fb22cf58ce36edd42c0c844
ce17d5a54069562f4456f6d89164761610c0e0c8
b1cf735279e3fad8bd3b12a50b2a357240cfe40a38b9b12566901f22a2af95da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5963421c2fb22cf58ce36edd42c0c844
ce17d5a54069562f4456f6d89164761610c0e0c8
b1cf735279e3fad8bd3b12a50b2a357240cfe40a38b9b12566901f22a2af95da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 382c1733f9497b7791c18c60dc8537c6
a2be98ceda31a9968404e1f6b0dfea709fd3dbdb
a3f13b45c77ccbe6478de1a0e363f67d0b914b42492cb8a851da4a2d3e9d4955
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 03:44:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669801492&ei=tNGGY5uOKZCayQWjk6_ICw&ip=91.90.42.154&id=o-ADRwYY9g0OwgTK4JnJt8puMmikOyis8_8fmC9xq6wW89&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=yt_otf&requiressl=yes&mh=0U&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1765000&spc=SFxXNsEm4n49Uz6Spl0mSQgRMZFuDK4&vprv=1&mime=video%2Fwebm&ns=4hokj5bzamjZnEbRK0qCcj0J&otf=1&otfp=1&dur=0.000&lmt=1618652434396814&mt=1669779650&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6210222&n=apd1Rh6y7i2LDw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cotf%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIhALTqd11x8WOovh8uR1L2KgRJ8MIcyHmy0bBqPNo5QXy6AiA0Oq8ok6YGx5w-b1Oh401QIpmeBF1JyJ6Vxo--O-xH2Q%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgYLthQLQ80GJ49oU4pwo17Id8tJUf_FGlH_IODnFkBfgCIBbsQtin6i87bMRgCabwYOkDkt68DRORjBPgxsBWST25&alr=yes&cpn=q16dNjUgiZXyF6L8&cver=1.20221127.00.00&sq=0&rn=1&rbuf=0&pot=D3denzWpubkLd2Y2fFqqakrE9_BJL6oijntdSOrgMRsWgnyMC8WdTm0YCoSrAWYeEwIlvdsoYWAL-ttFoLes_dpJF9ayjOh7m69mlVq84gnAvv70OroHhYzSKDuPGWmmFo04CCk=
91.90.45.173200 OK 371 B URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669801492&ei=tNGGY5uOKZCayQWjk6_ICw&ip=91.90.42.154&id=o-ADRwYY9g0OwgTK4JnJt8puMmikOyis8_8fmC9xq6wW89&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=yt_otf&requiressl=yes&mh=0U&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1765000&spc=SFxXNsEm4n49Uz6Spl0mSQgRMZFuDK4&vprv=1&mime=video%2Fwebm&ns=4hokj5bzamjZnEbRK0qCcj0J&otf=1&otfp=1&dur=0.000&lmt=1618652434396814&mt=1669779650&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6210222&n=apd1Rh6y7i2LDw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cotf%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIhALTqd11x8WOovh8uR1L2KgRJ8MIcyHmy0bBqPNo5QXy6AiA0Oq8ok6YGx5w-b1Oh401QIpmeBF1JyJ6Vxo--O-xH2Q%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgYLthQLQ80GJ49oU4pwo17Id8tJUf_FGlH_IODnFkBfgCIBbsQtin6i87bMRgCabwYOkDkt68DRORjBPgxsBWST25&alr=yes&cpn=q16dNjUgiZXyF6L8&cver=1.20221127.00.00&sq=0&rn=1&rbuf=0&pot=D3denzWpubkLd2Y2fFqqakrE9_BJL6oijntdSOrgMRsWgnyMC8WdTm0YCoSrAWYeEwIlvdsoYWAL-ttFoLes_dpJF9ayjOh7m69mlVq84gnAvv70OroHhYzSKDuPGWmmFo04CCk=
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type WebM\012- EBML file, creator webmB\20\012- data
Hash 469b36eb571a34b6aa037c4502775773
a924e01052d3664ea6da066e179f08794023bbdf
e25ea5fe6f5c1a6257e943990c28869c13d4abac926d14235568c60cd5386582
GET /videoplayback?expire=1669801492&ei=tNGGY5uOKZCayQWjk6_ICw&ip=91.90.42.154&id=o-ADRwYY9g0OwgTK4JnJt8puMmikOyis8_8fmC9xq6wW89&itag=244&aitags=133%2C134%2C135%2C136%2C137%2C160%2C242%2C243%2C244%2C247%2C248%2C278&source=yt_otf&requiressl=yes&mh=0U&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1765000&spc=SFxXNsEm4n49Uz6Spl0mSQgRMZFuDK4&vprv=1&mime=video%2Fwebm&ns=4hokj5bzamjZnEbRK0qCcj0J&otf=1&otfp=1&dur=0.000&lmt=1618652434396814&mt=1669779650&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6210222&n=apd1Rh6y7i2LDw&sparams=expire%2Cei%2Cip%2Cid%2Caitags%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cotf%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIhALTqd11x8WOovh8uR1L2KgRJ8MIcyHmy0bBqPNo5QXy6AiA0Oq8ok6YGx5w-b1Oh401QIpmeBF1JyJ6Vxo--O-xH2Q%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgYLthQLQ80GJ49oU4pwo17Id8tJUf_FGlH_IODnFkBfgCIBbsQtin6i87bMRgCabwYOkDkt68DRORjBPgxsBWST25&alr=yes&cpn=q16dNjUgiZXyF6L8&cver=1.20221127.00.00&sq=0&rn=1&rbuf=0&pot=D3denzWpubkLd2Y2fFqqakrE9_BJL6oijntdSOrgMRsWgnyMC8WdTm0YCoSrAWYeEwIlvdsoYWAL-ttFoLes_dpJF9ayjOh7m69mlVq84gnAvv70OroHhYzSKDuPGWmmFo04CCk= HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Mon, 31 Oct 2022 02:52:08 GMT
Content-Type: video/webm
Date: Wed, 30 Nov 2022 03:44:53 GMT
Expires: Wed, 30 Nov 2022 03:44:53 GMT
Cache-Control: private, max-age=21299
Accept-Ranges: bytes
Content-Length: 371
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Restrict-Formats-Hint: None
X-Content-Type-Options: nosniff
Server: gvs 1.0
rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669801492&ei=tNGGY5uOKZCayQWjk6_ICw&ip=91.90.42.154&id=o-ADRwYY9g0OwgTK4JnJt8puMmikOyis8_8fmC9xq6wW89&itag=251&source=youtube&requiressl=yes&mh=0U&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1765000&spc=SFxXNsEm4n49Uz6Spl0mSQgRMZFuDK4&vprv=1&mime=audio%2Fwebm&ns=4hokj5bzamjZnEbRK0qCcj0J&gir=yes&clen=1808988&otfp=1&dur=107.961&lmt=1618652432590198&mt=1669779650&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6211222&n=apd1Rh6y7i2LDw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIgTQHkMcoLfHaZQQdMx2pHo8LkBVUMOPZ-e4OSjJkPLkoCIQCyQjgiN-HRokqbcJwkAYkYNNtENDmZnnoc7gP3O9Jqsw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgYLthQLQ80GJ49oU4pwo17Id8tJUf_FGlH_IODnFkBfgCIBbsQtin6i87bMRgCabwYOkDkt68DRORjBPgxsBWST25&alr=yes&cpn=q16dNjUgiZXyF6L8&cver=1.20221127.00.00&range=0-65978&rn=2&rbuf=0&pot=D3denzWpubkLd2Y2fFqqakrE9_BJL6oijntdSOrgMRsWgnyMC8WdTm0YCoSrAWYeEwIlvdsoYWAL-ttFoLes_dpJF9ayjOh7m69mlVq84gnAvv70OroHhYzSKDuPGWmmFo04CCk=
91.90.45.173200 OK 66 kB URL HTTP/1.1 rr2---sn-capm-vnae.googlevideo.com/videoplayback?expire=1669801492&ei=tNGGY5uOKZCayQWjk6_ICw&ip=91.90.42.154&id=o-ADRwYY9g0OwgTK4JnJt8puMmikOyis8_8fmC9xq6wW89&itag=251&source=youtube&requiressl=yes&mh=0U&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1765000&spc=SFxXNsEm4n49Uz6Spl0mSQgRMZFuDK4&vprv=1&mime=audio%2Fwebm&ns=4hokj5bzamjZnEbRK0qCcj0J&gir=yes&clen=1808988&otfp=1&dur=107.961&lmt=1618652432590198&mt=1669779650&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6211222&n=apd1Rh6y7i2LDw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIgTQHkMcoLfHaZQQdMx2pHo8LkBVUMOPZ-e4OSjJkPLkoCIQCyQjgiN-HRokqbcJwkAYkYNNtENDmZnnoc7gP3O9Jqsw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgYLthQLQ80GJ49oU4pwo17Id8tJUf_FGlH_IODnFkBfgCIBbsQtin6i87bMRgCabwYOkDkt68DRORjBPgxsBWST25&alr=yes&cpn=q16dNjUgiZXyF6L8&cver=1.20221127.00.00&range=0-65978&rn=2&rbuf=0&pot=D3denzWpubkLd2Y2fFqqakrE9_BJL6oijntdSOrgMRsWgnyMC8WdTm0YCoSrAWYeEwIlvdsoYWAL-ttFoLes_dpJF9ayjOh7m69mlVq84gnAvv70OroHhYzSKDuPGWmmFo04CCk=
IP 91.90.45.173:0
ASN #50304 Blix Solutions AS
File type WebM\012- EBML file, creator webmB\20\012- data
Hash bfc6a8430e4cf524067ae35b3bdde6d0
3416de2a890fbd0dea42448a9eae500d88f65a23
e1a98bcef480052a0ee5c7a1b26dc3be5bd8c307246b82bad38763415a7e3678
GET /videoplayback?expire=1669801492&ei=tNGGY5uOKZCayQWjk6_ICw&ip=91.90.42.154&id=o-ADRwYY9g0OwgTK4JnJt8puMmikOyis8_8fmC9xq6wW89&itag=251&source=youtube&requiressl=yes&mh=0U&mm=31%2C29&mn=sn-capm-vnae%2Csn-5go7ynl6&ms=au%2Crdu&mv=m&mvi=2&pl=21&initcwndbps=1765000&spc=SFxXNsEm4n49Uz6Spl0mSQgRMZFuDK4&vprv=1&mime=audio%2Fwebm&ns=4hokj5bzamjZnEbRK0qCcj0J&gir=yes&clen=1808988&otfp=1&dur=107.961&lmt=1618652432590198&mt=1669779650&fvip=3&keepalive=yes&fexp=24001373%2C24007246&c=WEB_EMBEDDED_PLAYER&txp=6211222&n=apd1Rh6y7i2LDw&sparams=expire%2Cei%2Cip%2Cid%2Citag%2Csource%2Crequiressl%2Cspc%2Cvprv%2Cmime%2Cns%2Cgir%2Cclen%2Cotfp%2Cdur%2Clmt&sig=AOq0QJ8wRQIgTQHkMcoLfHaZQQdMx2pHo8LkBVUMOPZ-e4OSjJkPLkoCIQCyQjgiN-HRokqbcJwkAYkYNNtENDmZnnoc7gP3O9Jqsw%3D%3D&lsparams=mh%2Cmm%2Cmn%2Cms%2Cmv%2Cmvi%2Cpl%2Cinitcwndbps&lsig=AG3C_xAwRAIgYLthQLQ80GJ49oU4pwo17Id8tJUf_FGlH_IODnFkBfgCIBbsQtin6i87bMRgCabwYOkDkt68DRORjBPgxsBWST25&alr=yes&cpn=q16dNjUgiZXyF6L8&cver=1.20221127.00.00&range=0-65978&rn=2&rbuf=0&pot=D3denzWpubkLd2Y2fFqqakrE9_BJL6oijntdSOrgMRsWgnyMC8WdTm0YCoSrAWYeEwIlvdsoYWAL-ttFoLes_dpJF9ayjOh7m69mlVq84gnAvv70OroHhYzSKDuPGWmmFo04CCk= HTTP/1.1
Host: rr2---sn-capm-vnae.googlevideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Sat, 17 Apr 2021 09:40:32 GMT
Content-Type: audio/webm
Date: Wed, 30 Nov 2022 03:44:52 GMT
Expires: Wed, 30 Nov 2022 03:44:52 GMT
Cache-Control: private, max-age=21300
Accept-Ranges: bytes
Content-Length: 65979
Connection: keep-alive
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Access-Control-Allow-Origin: https://www.youtube.com
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: https://www.youtube.com
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Server: gvs 1.0
caringforpoor.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
198.54.116.190200 OK 0 B URL HTTP/2 caringforpoor.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 198.54.116.190:0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: caringforpoor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://caringforpoor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 07 Dec 2022 03:44:48 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 19:36:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Wed, 30 Nov 2022 03:44:48 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2