turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
148.251.66.188301 Moved Permanently 162 B URL HTTP/1.1 turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2022/07/fifa_22-25.pdf HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 25 Sep 2022 01:53:06 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 01:14:42 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iEqGUB_0GmeHHt20Ueqr6qHL7juu1OuVHNu1kOT3lqlf0xmDVgmYnQ==
Age: 2304
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5741
Expires: Sun, 25 Sep 2022 03:28:47 GMT
Date: Sun, 25 Sep 2022 01:53:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xSfG8E2EG_d8N9XSG0xc1I8_A8LZC-HD8QJwWQ0T7TRr6Xn49vEs-g==
age: 76672
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a6958bc557ce234144e5e13d42057d2
503fa4fdfe5cea3cc8b9ba0bb6d5d087a21d8df1
7511517097e0e577706ef1c3609d15907fde044589f03038375402e9d6a3d15a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7511517097E0E577706EF1C3609D15907FDE044589F03038375402E9D6A3D15A"
Last-Modified: Sat, 24 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21568
Expires: Sun, 25 Sep 2022 07:52:35 GMT
Date: Sun, 25 Sep 2022 01:53:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sun, 25 Sep 2022 01:04:17 GMT
Expires: Sun, 25 Sep 2022 01:04:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hyiByqUVECn3PJfRTYZ44hYMl4p8xGTUW3TZLni_vIdYWbxgzjmnvg==
Age: 2930
s7.addthis.com/js/300/addthis_widget.js?ver=5.9.4
23.38.200.123200 OK 116 kB URL HTTP/2 s7.addthis.com/js/300/addthis_widget.js?ver=5.9.4
IP 23.38.200.123:0
File type ASCII text, with very long lines (54602)
Size 116 kB (116421 bytes)
Hash 50b2be22436f28eeb626c063bd506eba
d4dafc6f2a3d10ac086ea07d19519df93fba8a8a
ddd6e4f7cbc0726429726c7a908ed33c3f94bb0cff47f87d3dcf71e37ea7ad4b
GET /js/300/addthis_widget.js?ver=5.9.4 HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-5834c"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 116421
date: Sun, 25 Sep 2022 01:53:07 GMT
vary: Accept-Encoding
x-distribution: 99
x-host: s7.addthis.com
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/style.css?ver=5.9.4
148.251.66.188200 OK 9.5 kB URL HTTP/2 turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/style.css?ver=5.9.4
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (999)
Hash 940babd86bcb6bc48a496229a534d60c
07ce76fb68af2c31ddc755b02ea8510f17e65f4e
a8979125d3b96bf6907314613b53400608cc8f03938c875dc372692359ee9a59
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/minimalistblogger/style.css?ver=5.9.4 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: text/css
last-modified: Fri, 29 Apr 2022 12:07:08 GMT
etag: W/"626bd4ec-ab1b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
turbulentelevenvansissi.nl/wp-content/plugins/addthis/frontend/build/addthis_wordpress_public.min.css?ver=5.9.4
148.251.66.188200 OK 709 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/plugins/addthis/frontend/build/addthis_wordpress_public.min.css?ver=5.9.4
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (504)
Hash c2b1e0bd4c1043f4db55c803d9b5da6f
2a99da105d8dfba9752e1a892eb8bf6781fd5106
2874ea916c47732b17a1b468dfcef72ad0c06a64f832dcfff2a341dee780551d
GET /wp-content/plugins/addthis/frontend/build/addthis_wordpress_public.min.css?ver=5.9.4 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: text/css
x-accel-version: 0.01
last-modified: Thu, 05 Mar 2020 10:49:25 GMT
etag: W/"24b-5a0194a566a7b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-60254752-1
172.217.21.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-60254752-1
IP 172.217.21.168:0
File type ASCII text, with very long lines (1720)
Hash 04a7b115a2137b8403770a72a6a2753a
c6a5ef303c874932d77bc08383df2cc568937c82
2ea696d9c1fbe17ae4a367f4bf524530fe41abfa2bb91c61c92bda1660ed94e9
GET /gtag/js?id=UA-60254752-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 25 Sep 2022 01:53:07 GMT
expires: Sun, 25 Sep 2022 01:53:07 GMT
cache-control: private, max-age=900
last-modified: Sun, 25 Sep 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/skip-link-focus-fix.js?ver=20170823
148.251.66.188200 OK 805 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/skip-link-focus-fix.js?ver=20170823
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
Hash d6351a606cd043aeea10abd3be2635b5
7c60bc155c0a2e4ba6f8920233bae786c59d02e6
e8ac1c127d58c7a7dcae032f0ae49809dd7ff1a86f5322f74ed1305413eeb13f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/minimalistblogger/js/skip-link-focus-fix.js?ver=20170823 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/javascript
x-accel-version: 0.01
last-modified: Fri, 29 Apr 2022 12:07:08 GMT
etag: W/"2ad-5ddc9e1b5558e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
23.38.200.123200 OK 26 kB URL HTTP/2 s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
IP 23.38.200.123:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (63757)
Hash 707317ccaabe08d32d1bd781754e6871
bb82dcd3e044c960e0861c2ce878f5504e628f78
d0a164ece41c61aec26517fb645646f5ba91f72ea5448eff1ee6c393b7c53051
GET /static/sh.f48a1a04fe8dbf021b4cda1d.html HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sun, 25 Sep 2022 01:53:07 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=5.9.4
148.251.66.188200 OK 767 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=5.9.4
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
File type CSV text\012- , ASCII text, with CRLF line terminators
Hash 7e381dd0e8c778dc6d6185f3a63f07ef
5fe6a8e5ff3d4f60a0ddcdd1f10f635550e415c7
88bd521d0e872a1fb9a35e57954b6a34dc2b787a0ee5315597b3d55d2ac5af5a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.css?ver=5.9.4 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: text/css
last-modified: Sun, 01 Nov 2020 10:03:01 GMT
etag: W/"5f9e87d5-437"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Noto+Serif%3A400%2C700%7COpen+Sans%3A400%2C600%2C700&display=swap&ver=5.9.4
216.58.211.10200 OK 46 kB URL HTTP/2 fonts.googleapis.com/css?family=Noto+Serif%3A400%2C700%7COpen+Sans%3A400%2C600%2C700&display=swap&ver=5.9.4
IP 216.58.211.10:0
Hash 666333c4e48bf6d2bcd66f9df7773527
958c63fdbcd167fd0399e577aafe835180a8dcf6
fa30079ed3b8144f4c08521c8e55f5ce7720521e6cd20ac30ea0e0519f48c94c
GET /css?family=Noto+Serif%3A400%2C700%7COpen+Sans%3A400%2C600%2C700&display=swap&ver=5.9.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 25 Sep 2022 01:53:07 GMT
date: Sun, 25 Sep 2022 01:53:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2
142.250.74.163200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 20028, version 1.0\012- data
Hash 2bfde17b9a1384ce64af78db1b87a82f
8effd23e482511e249c3f8e91cdc503729b93598
5c2d662e92bcbf1a5970b97040f901031295e79a96314db8302f549003022087
GET /s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://turbulentelevenvansissi.nl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 17:16:50 GMT
expires: Wed, 20 Sep 2023 17:16:50 GMT
cache-control: public, max-age=31536000
age: 376577
last-modified: Tue, 26 Apr 2022 16:41:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://turbulentelevenvansissi.nl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 17:10:21 GMT
expires: Wed, 20 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 376966
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/jquery.flexslider.js?ver=20150423
148.251.66.188200 OK 13 kB URL HTTP/2 turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/jquery.flexslider.js?ver=20150423
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 8d15de1dd4145da3cca7166abe600f40
8e74d24d3f7cda14126d65e4927008dce663d58f
2c27785b8cd1c0fee73b35dceab2c9d82e87789628a7e79c09157b7858cd552b
GET /wp-content/themes/minimalistblogger/js/jquery.flexslider.js?ver=20150423 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/javascript
last-modified: Fri, 29 Apr 2022 12:07:08 GMT
etag: W/"626bd4ec-d566"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
z.moatads.com/addthismoatframe568911941483/moatframe.js
23.38.201.146200 OK 948 B URL HTTP/2 z.moatads.com/addthismoatframe568911941483/moatframe.js
IP 23.38.201.146:0
File type ASCII text, with very long lines (523)
Hash f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac
GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: e0HboiVQpjIDEK8WTxqU5+8G8wOtu9bNCFY72alTHLP0/Yb+qoiTOxu6fad89ebRofzHxENxOOg=
x-amz-request-id: 61EC92F13BB22DD4
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=27189
date: Sun, 25 Sep 2022 01:53:07 GMT
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=5.9.4
148.251.66.188200 OK 793 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=5.9.4
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 14ac216c0e71454ab98595dc5d037a47
11755f972c2d654a3cb2f2a4e290934d43177c8f
cf8e0874bbac129a1149c532b269f403a265b36bdbb125abb2fdf6d3fc53ce2c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cardoza-facebook-like-box/cardozafacebook.js?ver=5.9.4 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/javascript
last-modified: Sun, 01 Nov 2020 10:03:01 GMT
etag: W/"5f9e87d5-b1f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd8e3570655a88b47a20fb93af0fc0c5
6ebbd655af47cbe0788f5ea6a7d9cd457bda2f33
12bc57afd44ddf43fc3802ecc23e743660b146acff0958093fcea30e96b02f6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5379
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:07 GMT
Last-Modified: Sun, 25 Sep 2022 00:23:28 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd8e3570655a88b47a20fb93af0fc0c5
6ebbd655af47cbe0788f5ea6a7d9cd457bda2f33
12bc57afd44ddf43fc3802ecc23e743660b146acff0958093fcea30e96b02f6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.42.74.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.74.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Uw77/MLb69cavCGlssoXKQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ud5SYi/J3lHR+g/Mcwrq2nf25yI=
connect.facebook.net/nl_NL/sdk.js
157.240.200.14200 OK 1.7 kB URL HTTP/2 connect.facebook.net/nl_NL/sdk.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1961)
Hash 2871138575d96f5a0ebe4b81de4110a6
8e901caeb7db8bb4806810d1fcc0b58063d71b99
210081a8bf6ede30875725b3e0a5c1c45065d28c198ca35f23615085ec19a920
GET /nl_NL/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: e0c3decd366af1b66b8f70c2aadbbd6d
etag: "6847f34bdefb64f5c85c7fda75997035"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 25 Sep 2022 02:11:14 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: KHEThXXZb1oOvkuB3kEQpg==
x-fb-debug: 6u6cKAuz/SpCZ6J12KvxfK30is+4CyLZFc4VGLxYfcXAUTkNRJEXOr/8axU4mVJ9whJcMg87Luw5+BGAzIqrhA==
content-length: 1686
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:07 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%7CMerriweather%3A400%2C700&ver=5.9.4
216.58.211.10200 OK 114 kB URL HTTP/2 fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%7CMerriweather%3A400%2C700&ver=5.9.4
IP 216.58.211.10:0
Size 114 kB (114137 bytes)
Hash 37fc8b12daa7ccea8dbf36292890e19d
6ad98498cce45ed43f59221f7c8f606f2f424331
861652bb2478035a5b6097d64e765523d1703c1bfa8258c9c35631d7728967e7
GET /css?family=Lato%3A300%2C400%2C700%2C900%7CMerriweather%3A400%2C700&ver=5.9.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 25 Sep 2022 01:53:07 GMT
date: Sun, 25 Sep 2022 01:53:07 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.130200 OK 58 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (2910)
Hash 5ea8513537fe0141e9b9d93b416dcd69
dd66e6362f2b9574971c745520a799ff3f2f8e6c
854c328eb2f3e3608e081cf5a597f444820743d5b4d9444eb3c13e229c6fab01
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Sun, 25 Sep 2022 01:53:07 GMT
expires: Sun, 25 Sep 2022 01:53:07 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 11479657557150340348
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 58087
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
m.addthis.com/live/red_lojson/300lo.json?si=632fb4824f67d61b&bkl=0&bl=1&pdt=784&sid=632fb4824f67d61b&pub=wp-a549b97f8382093be40a36abae4c092a&rev=v8.28.8-wp&ln=nl&pc=wpp&cb=0&ab=-&dp=turbulentelevenvansissi.nl&fp=wp-content%2Fuploads%2F2022%2F07%2Ffifa_22-25.pdf&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1664070786536&wpv=wpp-6.2.6&addthis_plugin_info=%7B%22info_status%22%3A%22enabled%22%2C%22cms_name%22%3A%22WordPress%22%2C%22plugin_name%22%3A%22Share%20Buttons%20by%20AddThis%22%2C%22plugin_version%22%3A%226.2.6%22%2C%22plugin_mode%22%3A%22WordPress%22%2C%22anonymous_profile_id%22%3A%22wp-a549b97f8382093be40a36abae4c092a%22%2C%22page_info%22%3A%7B%22template%22%3Afalse%2C%22post_type%22%3A%22%22%7D%2C%22sharing_enabled_on_post_via_metabox%22%3Afalse%7D&jsl=1&uvs=632fb482d297d801000&skipb=1&callback=addthis.cbs.jsonp__72702403446857340
23.38.200.123200 OK 89 B URL HTTP/2 m.addthis.com/live/red_lojson/300lo.json?si=632fb4824f67d61b&bkl=0&bl=1&pdt=784&sid=632fb4824f67d61b&pub=wp-a549b97f8382093be40a36abae4c092a&rev=v8.28.8-wp&ln=nl&pc=wpp&cb=0&ab=-&dp=turbulentelevenvansissi.nl&fp=wp-content%2Fuploads%2F2022%2F07%2Ffifa_22-25.pdf&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1664070786536&wpv=wpp-6.2.6&addthis_plugin_info=%7B%22info_status%22%3A%22enabled%22%2C%22cms_name%22%3A%22WordPress%22%2C%22plugin_name%22%3A%22Share%20Buttons%20by%20AddThis%22%2C%22plugin_version%22%3A%226.2.6%22%2C%22plugin_mode%22%3A%22WordPress%22%2C%22anonymous_profile_id%22%3A%22wp-a549b97f8382093be40a36abae4c092a%22%2C%22page_info%22%3A%7B%22template%22%3Afalse%2C%22post_type%22%3A%22%22%7D%2C%22sharing_enabled_on_post_via_metabox%22%3Afalse%7D&jsl=1&uvs=632fb482d297d801000&skipb=1&callback=addthis.cbs.jsonp__72702403446857340
IP 23.38.200.123:0
File type ASCII text, with no line terminators
Hash fb85b2cf6be3cb0fd5815064242c95e1
01b353cfc6b6ed61b43858377c40fe22f26969de
09dbf9810c154dd0e95418a7d020d8a7fab8bd48fe3c9fb7d0e50e246f50276a
GET /live/red_lojson/300lo.json?si=632fb4824f67d61b&bkl=0&bl=1&pdt=784&sid=632fb4824f67d61b&pub=wp-a549b97f8382093be40a36abae4c092a&rev=v8.28.8-wp&ln=nl&pc=wpp&cb=0&ab=-&dp=turbulentelevenvansissi.nl&fp=wp-content%2Fuploads%2F2022%2F07%2Ffifa_22-25.pdf&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1664070786536&wpv=wpp-6.2.6&addthis_plugin_info=%7B%22info_status%22%3A%22enabled%22%2C%22cms_name%22%3A%22WordPress%22%2C%22plugin_name%22%3A%22Share%20Buttons%20by%20AddThis%22%2C%22plugin_version%22%3A%226.2.6%22%2C%22plugin_mode%22%3A%22WordPress%22%2C%22anonymous_profile_id%22%3A%22wp-a549b97f8382093be40a36abae4c092a%22%2C%22page_info%22%3A%7B%22template%22%3Afalse%2C%22post_type%22%3A%22%22%7D%2C%22sharing_enabled_on_post_via_metabox%22%3Afalse%7D&jsl=1&uvs=632fb482d297d801000&skipb=1&callback=addthis.cbs.jsonp__72702403446857340 HTTP/1.1
Host: m.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 89
cache-control: max-age=0, no-cache, no-store, no-transform
pragma: no-cache
content-disposition: attachment; filename=1.txt
date: Sun, 25 Sep 2022 01:53:08 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 419de8bd44f32435f5730ab5925e843b
6b352afe88897d6f3c3c2944de370eb96c670644
0c74e6e47c5fb7501624f8e88e5e53ad25e0d059a07ff5df2882bcb86b94a62a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5380
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Last-Modified: Sun, 25 Sep 2022 00:23:28 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd8e3570655a88b47a20fb93af0fc0c5
6ebbd655af47cbe0788f5ea6a7d9cd457bda2f33
12bc57afd44ddf43fc3802ecc23e743660b146acff0958093fcea30e96b02f6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/fonts/fontawesome-webfont.woff2?v=4.7.0
148.251.66.188200 OK 77 kB URL HTTP/2 turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/minimalistblogger/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/css/font-awesome.min.css?ver=5.9.4
Cookie: __atuvc=1%7C39; __atuvs=632fb482d297d801000
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:08 GMT
content-type: font/woff2
content-length: 77160
last-modified: Fri, 29 Apr 2022 12:07:08 GMT
etag: "626bd4ec-12d68"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
connect.facebook.net/nl_NL/sdk.js?hash=845c0016c9d611f48ab55c6bffe7343f
157.240.200.14200 OK 89 kB URL HTTP/2 connect.facebook.net/nl_NL/sdk.js?hash=845c0016c9d611f48ab55c6bffe7343f
IP 157.240.200.14:0
File type ASCII text, with very long lines (18598)
Hash d0955be6296f67eee0afa4be45bd6887
d5cf9bbc59a92ef0746a0d7c3d3ea52d95ce3d45
aedcfff0a0f7a5dc673d71dd871216cda0ee57be918aaacf0da3dfbcf3c45ac9
GET /nl_NL/sdk.js?hash=845c0016c9d611f48ab55c6bffe7343f HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://turbulentelevenvansissi.nl
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 2835633bee6001dbd942b10b42136b83
etag: "ae4008475dde525df9cdda048d6b6165"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Mon, 25 Sep 2023 00:49:28 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 0JVb5ilvZ+7gr6S+Rb1ohw==
x-fb-debug: ZsMoXrw7m4oLkHM9t5LLMkkZH0+jtw/mMA0UepnL4iUs5YTCnm7+ooS1iY1+uDE7F+PXWFdun9JJXZCR6Re2xg==
priority: u=3,i
content-length: 88841
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sun, 25 Sep 2022 00:41:09 GMT
expires: Sun, 25 Sep 2022 02:41:09 GMT
cache-control: public, max-age=7200
age: 4319
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6669610813a1e4e2786f7d3f8d40c867
05839bacff46752db344a755d43db959787ae225
1a33b29382a6cb0072b29d29981cd4b04f876b7c4614026f4e96017b8db2eb03
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ea6011094da3116e1bb049caa0e491e1
5809e1f5b0beee0282601045c0a152853c977565
25bd8112864ac34144820c6aecf49dec7ff9cfb863d864ca0ebbf55dee213414
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 267300d587831dda7559c30c40cc614e
d7ff0b9754e61f5d4178eddb5e63c3390ab559c8
ec7aad1a3116ce8ef5258b49de87cf3456c8c4890206fa5d46c8e510ded80ac0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=turbulentelevenvansissi.nl&callback=_gfp_s_&client=ca-pub-3490655701831092
216.58.207.194200 OK 215 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=turbulentelevenvansissi.nl&callback=_gfp_s_&client=ca-pub-3490655701831092
IP 216.58.207.194:0
File type ASCII text, with no line terminators
Hash 3174f7002ba12900eb48ecfeccc1afed
718694778cecd173cbd20dd74c91c89edfb40af0
1e771432bde37be25cd29452b34cad14a9a1c8b7683d200902603828cce62584
GET /gampad/cookie.js?domain=turbulentelevenvansissi.nl&callback=_gfp_s_&client=ca-pub-3490655701831092 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 25 Sep 2022 01:53:08 GMT
server: cafe
cache-control: private
content-length: 215
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=turbulentelevenvansissi.nl
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=turbulentelevenvansissi.nl
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=turbulentelevenvansissi.nl HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 25 Sep 2022 01:53:08 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=turbulentelevenvansissi.nl
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=turbulentelevenvansissi.nl
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=turbulentelevenvansissi.nl HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 25 Sep 2022 01:53:08 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6669610813a1e4e2786f7d3f8d40c867
05839bacff46752db344a755d43db959787ae225
1a33b29382a6cb0072b29d29981cd4b04f876b7c4614026f4e96017b8db2eb03
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ea6011094da3116e1bb049caa0e491e1
5809e1f5b0beee0282601045c0a152853c977565
25bd8112864ac34144820c6aecf49dec7ff9cfb863d864ca0ebbf55dee213414
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/navigation.js?ver=20170823
148.251.66.188200 OK 952 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/navigation.js?ver=20170823
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
Hash 1bee685c4fa747cf8d9ce483f66dbde7
adc903e07539bd4a30b4ee9cae547467cf0f97b7
7bbfa57f390f73c1c0d46199a6eaf06ded5e30dcc4667e1505590b4f924bf73c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/minimalistblogger/js/navigation.js?ver=20170823 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/javascript
last-modified: Fri, 29 Apr 2022 12:07:08 GMT
etag: W/"626bd4ec-b97"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 267300d587831dda7559c30c40cc614e
d7ff0b9754e61f5d4178eddb5e63c3390ab559c8
ec7aad1a3116ce8ef5258b49de87cf3456c8c4890206fa5d46c8e510ded80ac0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-60254752-1&cid=360834804.1664070787&jid=429585442&gjid=1810732180&_gid=1812367331.1664070787&_u=YEBAAUAAAAAAAC~&z=46485322
64.233.162.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-60254752-1&cid=360834804.1664070787&jid=429585442&gjid=1810732180&_gid=1812367331.1664070787&_u=YEBAAUAAAAAAAC~&z=46485322
IP 64.233.162.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-60254752-1&cid=360834804.1664070787&jid=429585442&gjid=1810732180&_gid=1812367331.1664070787&_u=YEBAAUAAAAAAAC~&z=46485322 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://turbulentelevenvansissi.nl
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://turbulentelevenvansissi.nl
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 25 Sep 2022 01:53:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash d5f86ddceacf0b5d14b5b74eb60e39e2
a197f1b182fc5aebc30ee5570d7c5e6d7a3f410d
0727801c97c941992fb3a3bf7cc6ca2c44e15326d6e3dc9f0f0b4af54f4908ac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.33200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sun, 25 Sep 2022 01:53:08 GMT
expires: Sun, 25 Sep 2022 01:53:08 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
142.250.74.33200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 142.250.74.33:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 11:30:52 GMT
expires: Fri, 22 Sep 2023 11:30:52 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 224536
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
23.38.200.123200 OK 78 kB URL HTTP/2 s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js
IP 23.38.200.123:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 9a77dff666eebb6cf4bbc4c67c7b563b
9e98d7824a7b4e34665c2690d6f52caddad1fe4b
6cdf8e597f3cbe759531153fd926d51aeaebd836a1c9bc1436e079645bfd3ad7
GET /static/layers.fa6cd1947ce26e890d3d.js HTTP/1.1
Host: s7.addthis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.15.8
content-type: application/javascript
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-41cf5"
timing-allow-origin: *
cache-control: public, max-age=86313600
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 77672
date: Sun, 25 Sep 2022 01:53:08 GMT
vary: Accept-Encoding
x-host: s7.addthis.com
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 23ba09c14e337ac70d877d2ed33dc795
175d5155889b45711d0a9050116591ad25e74891
cb117ac56fe205bfca3b512ed3d8ddb46a7115446d099739cc4d111c853696ae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 25 Sep 2022 01:53:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16372
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:53:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16372
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:53:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16372
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:53:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16372
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:53:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16372
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 01:53:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b4f012b-e562-4fc6-aab8-ec2ffc328b6d.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b4f012b-e562-4fc6-aab8-ec2ffc328b6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9d59e1bbd58ff8c5fe5faecb58149601
ad7f5ed3a5f6923a0b1bb093bbc0f31a44fd0bcd
c16a2adaeaabbe45801ab5d12ceaeab587b525b4959933f53a9c8dcdb12aec68
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b4f012b-e562-4fc6-aab8-ec2ffc328b6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7757
x-amzn-requestid: 3092c81c-f703-403a-b718-e18f035f9464
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJQFUWIAMF7Pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-565f665c7e34294079703141;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hc0cpj1kMbAQqcM0ooSgEdS8nPP0m4FJD1bHdY7jN2OENNsJF_gluA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 07:19:33 GMT
age: 66815
etag: "ad7f5ed3a5f6923a0b1bb093bbc0f31a44fd0bcd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/accessibility.js?ver=20160720
148.251.66.188200 OK 953 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/accessibility.js?ver=20160720
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text
Hash 41e39cad35fcd72c6869e1dc7242de7f
6a3d4284e215404017b01b461d4a7a23a233ef00
686b013fd2364b45ae3739adde020560addc3f8d282ebcdcb7a323f1502c12f9
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/minimalistblogger/js/accessibility.js?ver=20160720 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/javascript
last-modified: Fri, 29 Apr 2022 12:07:08 GMT
etag: W/"626bd4ec-524"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1730b63d-9494-4330-acb8-7cb387a0cf08.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1730b63d-9494-4330-acb8-7cb387a0cf08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9773faaac4deac40b96cd0802e974f36
db601663fa6ee5564eddaf8d3d84c7b04bf3871c
40e7a573f510ff29db04b3fbfacde2ad6ecd67b4c0be30034e057654c86408a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1730b63d-9494-4330-acb8-7cb387a0cf08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5305
x-amzn-requestid: 59b495fa-84c9-49cf-a650-03b0c437aca9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y5KBEGWEoAMFocQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632d23a0-510ad8241626a21422b23ca1;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 03:10:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: OIXYh4Zely6SqOTmWzrSY_W3-FiNFqNgdzH4BF6GZNUTwFiOJPFYXw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 03:22:58 GMT
age: 81010
etag: "db601663fa6ee5564eddaf8d3d84c7b04bf3871c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0027ff5-ed5d-4cf9-9ef4-847dbda3f91b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0027ff5-ed5d-4cf9-9ef4-847dbda3f91b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e8a0d2b8beddf9f866a2bfe96ac21c2e
dfe5c93dc1637162a0b6ac174dcd7107af80763a
0e4bf30611043a171485c6fa054d6102a6cfd7f8a4153daa34eba1b72f455a77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0027ff5-ed5d-4cf9-9ef4-847dbda3f91b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12552
x-amzn-requestid: 71161d44-4c3a-459e-bf76-5bf3deafcafe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YlYTrHz0oAMF2eA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63253a7d-39dd0e2a7045128024086375;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 03:09:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: EGtjExnYcmDEP9a540mHhZ7EjGlvLIDLK65Phs9MsAVdEpwNI4avTQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 15336
etag: "dfe5c93dc1637162a0b6ac174dcd7107af80763a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Hash b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 15336
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 00c09f267aacde9465a329542463b9e5
1534aa8a5158dfa9592d65e6fb761b41c0852c58
276ff24598159f62fd7333992575834f901eea7c75a228b9c12d1c049f1df558
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7642
x-amzn-requestid: b0fc9bea-7735-43c0-a176-eae4d5000a6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2ZPtHajIAMF8zQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632c08ca-391092bd30ae5bf9692e93ba;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 07:03:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JHbRgCQOZp244YWkU4o78m9HhC77v7LOWAvwnc2eRTW2vHnv99ygaA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 07:31:45 GMT
age: 66083
etag: "1534aa8a5158dfa9592d65e6fb761b41c0852c58"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-includes/js/wp-emoji-release.min.js?ver=5.9.4
148.251.66.188200 OK 13 kB URL HTTP/2 turbulentelevenvansissi.nl/wp-includes/js/wp-emoji-release.min.js?ver=5.9.4
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (15224)
Hash 4d3ebcc0f65ed723d099610d11cd89bd
5d24397c6c95629fb98c5dc9ca7f36730a3d6686
6cffdae360d4cca3748a99bf514db9be163cb2dbe677b7811dc2b63229a446f7
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.9.4 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/javascript
last-modified: Tue, 23 Nov 2021 10:40:05 GMT
etag: W/"619cc505-4705"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 827 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (724)
Hash 29973cf3b0ef9f16fe31ed981b2f6573
f22eb80b89b5e0ae9ace854aab6676d56eaef6a1
476822c80e0a0ee078edb7a74db59378f8b1d43d2de844e28a9e9c2f68a4c8d8
GET /rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 15 Sep 2023 06:48:56 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KZc887Dvnxb+Me2YGy9lcw==
x-fb-debug: BWoKeSty6egwJE1HqSdlEHxWsT8EIfiJaW04/EzvcfYdU5s/Q9jvLxzG++a+AE3+hdDZup53g3KTnC0sS9hV6w==
content-length: 827
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/0Pgr3s-80xX.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 5.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yy/l/0,cross/0Pgr3s-80xX.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (4093)
Hash bee61550aaa5867586777c1a01a1ce7a
b73c044a7b81c7cf2981cfd4d32ffea0ad821b0e
bb22a1d2b01d55a9cd527d9be238d4ca6a79308e4cd67874e8669a0d6c614027
GET /rsrc.php/v3/yy/l/0,cross/0Pgr3s-80xX.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 24 Sep 2023 15:53:45 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: vuYVUKqlhnWGd3waAaHOeg==
x-fb-debug: 2x4UwsxxVjFPGN1Tr4vK/78hP9HNmgs8yDq+pHqrK2Fv1IDY8VcRa3snqkGdoPvDJlvV1fM/zBpmQXXnWi72Ww==
priority: u=3,i
content-length: 5744
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 6.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (8976)
Hash 174ff3b8c8b7f00c28c803e59feb7d19
2f4bf1e0b1dd1eb314d815600c464b50234c107e
0b51f9dc7a21b8e5e6c96be8002460525a065998afbff954b038ab0e0e42618d
GET /rsrc.php/v3/yY/l/0,cross/QafRoidRG-Q.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 17:38:22 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: F0/zuMi38AwoyAPln+t9GQ==
x-fb-debug: WY2cNqx7pfDXQPQSdEnBHsDmPU6xAICcCK3Rc+37EJukGNsC+nLIwN95Ris+bGjicDP/kCkbuE/PqIraVVHBLg==
priority: u=3,i
content-length: 6422
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yA/l/0,cross/EQ1X3_ivTtY.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 4.5 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yA/l/0,cross/EQ1X3_ivTtY.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type assembler source, ASCII text, with very long lines (2642)
Hash b231ef3a5a82adbb700a47afedcf9763
36d181d05420fa52c465bcae61a5ccb12bb6700c
566786d1194197a963bc17f61f80913319d7e5a42aa5bab41529308dc32a1a60
GET /rsrc.php/v3/yA/l/0,cross/EQ1X3_ivTtY.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 24 Sep 2023 16:12:32 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: sjHvOlqCrbtwCkev7c+XYw==
x-fb-debug: Y6TY/V6V5p5i1VGJxDcgRKh+zHYZ6LwlkLSitfjE2Nmo/0ngtlM6b6Jn/bpvXPu/s5a4mebEvBjWxyIIDMCeow==
priority: u=2
content-length: 4524
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yv/r/cxHz95P-Blt.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 91 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yv/r/cxHz95P-Blt.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (18569)
Hash 64e679c03d42412a8a16d9dd5d312513
f73a48a0816c11b4e94a708c5757c640cee2270e
ed8552fab9845a545a7667a3af4b48e5de7e48618c1c5c36cca03fc0a96dcb46
GET /rsrc.php/v3/yv/r/cxHz95P-Blt.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 22 Sep 2023 12:20:36 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ZOZ5wD1CQSqKFtndXTElEw==
x-fb-debug: GxR3GsopuLgBUx7PF6FME4dIiCqemFTOeUTRe5Kh6XqCisuSSI5pFyDbwqm7NuPkhw5FHK/zhe39Myul+Cih3w==
content-length: 91359
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yL/r/DJIek1tT3RT.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 1.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yL/r/DJIek1tT3RT.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (2052)
Hash 883efc20b86990fd486fab545ffc08f4
da322dda14a98744e03655dcf0da9482b4b1e1d0
e207751970ef4bf6e0a64da5e9480ab3b1ee86408a7904796e2f6e225f8ee612
GET /rsrc.php/v3/yL/r/DJIek1tT3RT.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 15 Sep 2023 23:21:54 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: iD78ILhpkP1Ib6tUX/wI9A==
x-fb-debug: fhsLl0YjqSJqoV13JDQuIhdo/OX0Rs1cu8RUFdHOyPNKeiRXL+6eELxvTCu8eNpLboXkpb1VNLUfW2D1iOJqLg==
priority: u=3,i
content-length: 1689
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yE/r/Ziq3FOqCAZf.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 16 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yE/r/Ziq3FOqCAZf.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (8218)
Hash 286c471d2e4575a6f0a862df74febea7
62fe316f9fc667e8dae068f29bee3564469f90dd
0ea96d9efc6ee8cad64272d263bcf723c79adb292153430f69d90c0326ff53c9
GET /rsrc.php/v3/yE/r/Ziq3FOqCAZf.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 17:37:31 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KGxHHS5FdabwqGLfdP6+pw==
x-fb-debug: 3U5F0ejhIvsE0CjJfPOWYf0+UtJnO21UoeIWInfBvm2OsKKN8/DyB20Yfx5mTl/0C+udIx45/QK3DICNL7+ZnA==
content-length: 16237
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3i2tE4/yg/l/nl_NL/DFz2q585Cjs.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 23 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3i2tE4/yg/l/nl_NL/DFz2q585Cjs.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (42079)
Hash d28f820140631d434e4ffef51036261f
2ae38c339315c47ac3ff70178bccda52b300221a
39d4d363cc2962b02c7d3b91ac7564f8c14e2429912c7431b8806b93be363e41
GET /rsrc.php/v3i2tE4/yg/l/nl_NL/DFz2q585Cjs.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 21 Sep 2023 06:38:16 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
x-ua-compatible: IE=edge
content-md5: 0o+CAUBjHUNOT/71EDYmHw==
x-fb-debug: 2aiv9eNaJAJxWGRMafgPlgxXBnag5+saMVsCdwjUMQhaNpDEn+/Yx3m/n23rHNerZ6QGb3yX0FnJ3SzcFI3M8g==
priority: u=3,i
content-length: 23432
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y8/r/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 336 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y8/r/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (325)
Hash f82d8f615a2484f0c5c4e4e0f55e8b5d
c1c8ea5d697e2286b0a2bac7b3515a29b7f4cb28
91041f394721520d4dd5a33b28525d50da16e0fda08e102d971148fef1609dd2
GET /rsrc.php/v3/y8/r/SixM03AXEw8.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 17 Sep 2023 01:28:40 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: +C2PYVokhPDFxOTg9V6LXQ==
x-fb-debug: Jy4Mfp/+G/0N65Qv2rfF96rzGNL3dVbSkmg2HTfg91JANRJVuMUVfKCzemDP7HWKXo7fo7iVeeloziJXpsdE7g==
priority: u=1,i
content-length: 336
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3ioBv4/yk/l/nl_NL/eSSgSlla1PA.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 8.5 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3ioBv4/yk/l/nl_NL/eSSgSlla1PA.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (2973)
Hash 842350d07b2fdc530529eca070649e8c
746e2a6066e49b2c3718c31556ed1455d46a8ddf
e348e7cc09745137528afbfe0a916a37a3d55488eb95c1316290a9e0d644e259
GET /rsrc.php/v3ioBv4/yk/l/nl_NL/eSSgSlla1PA.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 22 Sep 2023 10:02:15 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: hCNQ0Hsv3FMFKeygcGSejA==
x-fb-debug: DA/taJ+Pg0jrOju1V7MiAgJGaRH54bfyhShTfDvjOO1dXsViE5Pg5/Cpdqf2TCcLDGrgqE+rcFeioPittRoMYA==
priority: u=3,i
content-length: 8453
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yF/r/dDpAXJI8zbJ.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 9.1 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/dDpAXJI8zbJ.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (9954)
Hash 36d797d9616ae40e8554001ba0cdc03b
3d6a5feaf1a10e224fc44fd6358ae7f9a92e5f0b
f1c50af0b17dccab12ba237d3b484b6d228e40481e86bb3cf24dc9d37c2b05b4
GET /rsrc.php/v3/yF/r/dDpAXJI8zbJ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 21 Sep 2023 05:25:24 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: NteX2WFq5A6FVAAboM3AOw==
x-fb-debug: z1hpUSGtFHkI40ujJZB34Jpa3i0npuTzbNlq2aodZrmlHSZ/g5A4f3HNFVbEOWVdxRkzkCfydAkLEaVdm15ErQ==
priority: u=3,i
content-length: 9075
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yp/r/wyRHVKLKuwo.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 19 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yp/r/wyRHVKLKuwo.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (8678)
Hash 76827e384840a6d501cc2231ee427049
5ec72a66d4512f9a5177809e6c80974e44be438f
2fe675d74550d4d030afdd48bfd8d8a86edeb845f6bc8504a2ffb3078cb8d2bd
GET /rsrc.php/v3/yp/r/wyRHVKLKuwo.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 05:45:40 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: doJ+OEhAptUBzCIx7kJwSQ==
x-fb-debug: 8E1vWsWWLt0ImoSVly95AMEzDYY/u18G6SrkFIAIpLkYLEl7xrf/Ej6R/kLsyu9z/yO2pVp0fLGHBwpk/RjreQ==
content-length: 18674
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y3/r/cPcKznvPj72.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 7.3 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y3/r/cPcKznvPj72.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (4129)
Hash d9b4301abe1b60a35b4d2ceff6a63f38
cbd680fb7b1618610b5c82a54ecf9bc328ed4cef
8613497153ce25fae5e92250807b1526f10adb670fb7ea13c2dad89cbe375f18
GET /rsrc.php/v3/y3/r/cPcKznvPj72.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 15 Sep 2023 23:21:55 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 2bQwGr4bYKNbTSzv9qY/OA==
x-fb-debug: ZIZn8j4cOxmb1c8zR83am1yJViOJv/B3jx7OYiiNFZoaYgGY+hoptXGndpRm9qYbTIycg7+uz6ZkuQNsE9/N8A==
content-length: 7308
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yl/r/MhSXbX6mn2g.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yl/r/MhSXbX6mn2g.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (10562)
Hash 4903bed5c98aff37ad8d98d379198bd2
8fbc10117aa454dc4698b24782c178a4ef6af8d6
62546df77392ccc3fc91c91bc9c61c524668b3e654c5533c04384d519f6e3cc6
GET /rsrc.php/v3/yl/r/MhSXbX6mn2g.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 24 Sep 2023 15:51:06 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: SQO+1cmK/zetjZjTeRmL0g==
x-fb-debug: MF83tUC0E8rD+pK+ZaxM5OZuFhwKvDeWvUBJUwlHy01K1vChP/cN6oIiv/lbQezB5ejS3CLMgHb7ESJiu7ZvsA==
priority: u=3,i
content-length: 11735
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iTWp4/yY/l/nl_NL/eA-js5Dmz1K.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 42 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iTWp4/yY/l/nl_NL/eA-js5Dmz1K.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (10866)
Hash 6beb2c002aee44b5c6f69be5ea5f923b
00f6d9a3270fc2bcb9ea07cd5426fb6cd7a8617c
255c43c83bb3ccb02906083b1897a2d40dba79ea1b5d2fb81ddc799386fe47d1
GET /rsrc.php/v3iTWp4/yY/l/nl_NL/eA-js5Dmz1K.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 20 Sep 2023 22:54:54 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: a+ssACruRLXG9pvl6l+SOw==
x-fb-debug: QepnJJDrviZpt/tTYThHBkplpaNXys/IG6SReGWe0Abib4hwGGN1WQHfKJGCnVLqJRwzTXBdb31Yhx4yHHeJBg==
content-length: 42269
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/v2.4/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df284ffbb2b84d1e%26domain%3Dturbulentelevenvansissi.nl%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fturbulentelevenvansissi.nl%252Ff3262e1d283e966%26relation%3Dparent.parent&container_width=314&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fkeizerinsissi%2F%3Fref%3Dsearch%26__tn__%3DdP-R%26eid%3DARAHkx2L4unXlFmgSBZgieeCwrx5RUwrhaGjgEWRHtw81-mYOPs-FFSh2iqZxBCMNrAMSw6F3zqqOpLp%3Flocale%3D&locale=nl_NL&sdk=joey&show_facepile=true&show_posts=false&small_header=false
157.240.200.35200 OK 33 kB URL HTTP/2 www.facebook.com/v2.4/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df284ffbb2b84d1e%26domain%3Dturbulentelevenvansissi.nl%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fturbulentelevenvansissi.nl%252Ff3262e1d283e966%26relation%3Dparent.parent&container_width=314&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fkeizerinsissi%2F%3Fref%3Dsearch%26__tn__%3DdP-R%26eid%3DARAHkx2L4unXlFmgSBZgieeCwrx5RUwrhaGjgEWRHtw81-mYOPs-FFSh2iqZxBCMNrAMSw6F3zqqOpLp%3Flocale%3D&locale=nl_NL&sdk=joey&show_facepile=true&show_posts=false&small_header=false
IP 157.240.200.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (26997)
Hash 8d2c17d8464cc3588659b6dd6ea727f3
1a3a037248cb1b474897c899b7fb3bc7593c8551
147d22aac1a28b6b536b22c5fec703c9431def1330a141bc2826bc28de26760a
GET /v2.4/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df284ffbb2b84d1e%26domain%3Dturbulentelevenvansissi.nl%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fturbulentelevenvansissi.nl%252Ff3262e1d283e966%26relation%3Dparent.parent&container_width=314&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fkeizerinsissi%2F%3Fref%3Dsearch%26__tn__%3DdP-R%26eid%3DARAHkx2L4unXlFmgSBZgieeCwrx5RUwrhaGjgEWRHtw81-mYOPs-FFSh2iqZxBCMNrAMSw6F3zqqOpLp%3Flocale%3D&locale=nl_NL&sdk=joey&show_facepile=true&show_posts=false&small_header=false HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
facebook-api-version: v8.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: YfS9e5IQo0aqmK4GrVQadng2grq98vgc5Un1AgPoGVPo2k+1qcTqvtN2+Ibs/D2WOBaENV8vQCx8BD9ZidjkSg==
date: Sun, 25 Sep 2022 01:53:08 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y0/r/2oSxuAmaMP1.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 48 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y0/r/2oSxuAmaMP1.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type C source, ASCII text, with very long lines (5136)
Hash c9d5652db7b9bb02143d1f6d72cb858d
11bc39f271d9b23d08dc42dc618eb09ac95decb3
b1b76fc5b8d4784ca13a73d535cfcc4403a618b5529792a86632ac33c14f1997
GET /rsrc.php/v3/y0/r/2oSxuAmaMP1.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 23 Sep 2023 21:29:53 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: ydVlLbe5uwIUPR9tcsuFjQ==
x-fb-debug: q0Mc1iaM0lpYvXSPIeTlWbNcMxXcM8YKWWK42ERiHE1N0KVL0a6TBr6icGS5KG/KU2mDCL6z0lNvJd04RYEWUA==
content-length: 48011
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:08 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y4/r/hBYHra2Vbh5.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 15 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y4/r/hBYHra2Vbh5.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (56532)
Hash 9b3b2deac2716528af0a007a816ea130
11d2c9cca6fd78678588f10685d1431873d09d32
321c5f978ae91c5744944ea8dd9acd554398109f09bde07c7d308fb2b604cc9a
GET /rsrc.php/v3/y4/r/hBYHra2Vbh5.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 17 Sep 2023 00:16:33 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: mzst6sJxZSivCgB6gW6hMA==
x-fb-debug: 5oNvR1+522gWK98oyzBf+Rn3N2pPz2b4EZ4aMYZNuI8N+L65RLD4nNfSrOWx4wA7lDjYsc+7i0MyJcR5nA1sIw==
content-length: 15208
x-fb-trip-id: 1679558926
date: Sun, 25 Sep 2022 01:53:09 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77d4989e-b390-4a8b-be36-820e0256c211.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77d4989e-b390-4a8b-be36-820e0256c211.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b247d936b6e75a5075e09d9d2f7c3b1
7d3650b77b7f501d2f94592b8a4c0e02a75feb70
165d5ef729be431744228c7f1791141536db476811a3e9c7ab5958c6e38a781a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77d4989e-b390-4a8b-be36-820e0256c211.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7977
x-amzn-requestid: 6d6cbdf9-91f4-4fb5-8afe-cb8dea476e8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EoFjtIAMFjcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7883-5681f08725a5ce7e36c27d75;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:07 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2PPXUy_jWaHVW359h8C0Y4KHHwGTHGju_8C1BGdNuZdroWCuSD74aA==
via: 1.1 f4367b41311e3e9a490d7461b7b85490.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:58:23 GMT
age: 14092
etag: "7d3650b77b7f501d2f94592b8a4c0e02a75feb70"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/uploads/2020/01/cropped-TLVsissi-2.png
148.251.66.188200 OK 0 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/uploads/2020/01/cropped-TLVsissi-2.png
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
GET /wp-content/uploads/2020/01/cropped-TLVsissi-2.png HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: image/png
content-length: 77034
last-modified: Wed, 12 Feb 2020 10:38:53 GMT
etag: "5e43d5bd-12cea"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/css/font-awesome.min.css?ver=5.9.4
148.251.66.188200 OK 0 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/css/font-awesome.min.css?ver=5.9.4
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/minimalistblogger/css/font-awesome.min.css?ver=5.9.4 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: text/css
last-modified: Fri, 29 Apr 2022 12:07:08 GMT
etag: W/"626bd4ec-7918"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/themes/gold-essentials/style.css?ver=5.9.4
148.251.66.188200 OK 0 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/themes/gold-essentials/style.css?ver=5.9.4
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/gold-essentials/style.css?ver=5.9.4 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: text/css
last-modified: Fri, 29 Apr 2022 12:07:06 GMT
etag: W/"626bd4ea-1ba1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
148.251.66.188200 OK 0 B URL HTTP/2 turbulentelevenvansissi.nl/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/javascript
last-modified: Mon, 29 Mar 2021 13:26:53 GMT
etag: W/"6061d59d-2bd8"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
148.251.66.188404 Not Found 0 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2022/07/fifa_22-25.pdf HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://turbulentelevenvansissi.nl/wp-json/>; rel="https://api.w.org/"
content-encoding: br
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-includes/css/dist/block-library/style.min.css?ver=5.9.4
148.251.66.188200 OK 0 B URL HTTP/2 turbulentelevenvansissi.nl/wp-includes/css/dist/block-library/style.min.css?ver=5.9.4
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.9.4 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: text/css
last-modified: Wed, 06 Apr 2022 04:19:59 GMT
etag: W/"624d14ef-145db"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
148.251.66.188200 OK 0 B URL HTTP/2 turbulentelevenvansissi.nl/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/javascript
last-modified: Tue, 23 Nov 2021 10:40:05 GMT
etag: W/"619cc505-15db1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/script.js?ver=20160720
148.251.66.188200 OK 0 B URL HTTP/2 turbulentelevenvansissi.nl/wp-content/themes/minimalistblogger/js/script.js?ver=20160720
IP 148.251.66.188:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/minimalistblogger/js/script.js?ver=20160720 HTTP/1.1
Host: turbulentelevenvansissi.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://turbulentelevenvansissi.nl/wp-content/uploads/2022/07/fifa_22-25.pdf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 25 Sep 2022 01:53:07 GMT
content-type: application/javascript
last-modified: Fri, 29 Apr 2022 12:07:08 GMT
etag: W/"626bd4ec-f12"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2