ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
104.26.1.51301 Moved Permanently 0 B URL HTTP/1.1 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
IP 104.26.1.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Huntington Bank
NIDS Severity Alert suricata medium ET PHISHING Possible Compromised Wordpress - Generic Phishing Landing 2018-01-22
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3 HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2023 12:50:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 05 Feb 2023 13:50:12 GMT
Location: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DkvpSrNNWWFvpnciyE4SFFDzVm3aS5YHVTXk2i9MacrAbIIUijdazNCs8txhU%2Ff3AI%2FtF2gyIBeGIJ2ImPD54JzoLExI5yQM62WmkvjACNJbom4ejf3nrvM%2Bm3SZ3Ta3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794bc53deeb3b51d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4636
Expires: Sun, 05 Feb 2023 14:07:28 GMT
Date: Sun, 05 Feb 2023 12:50:12 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7923
Expires: Sun, 05 Feb 2023 15:02:16 GMT
Date: Sun, 05 Feb 2023 12:50:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15342
Expires: Sun, 05 Feb 2023 17:05:55 GMT
Date: Sun, 05 Feb 2023 12:50:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 12:33:54 GMT
content-type: application/json
age: 979
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: CqHMF9f5nioDYv6SYWIyHG4AK7WEyLFU6908FmHMNNVDPKy8p9syJSqJvQ6K38NJ3EWcbvX2EHs=
x-amz-request-id: FNK5NKZ0WK48CCDM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 11:53:15 GMT
age: 3418
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 12:50:13 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/aJ5_o_MKP7Y
142.250.74.163200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/aJ5_o_MKP7Y
IP 142.250.74.163:0
Hash 61dc6feb03e0a1965014c14f52993fa4
11f92c73d015e9ab2d30767e3777b410cf8b7e69
1e6581665c7ed22ea5d23b4cec237c2844bc2b116086bab49c414c9911ec0ce1
POST /s/gts1p5/aJ5_o_MKP7Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:13 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 12:49:07 GMT
age: 66
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3811
Expires: Sun, 05 Feb 2023 13:53:44 GMT
Date: Sun, 05 Feb 2023 12:50:13 GMT
Connection: keep-alive
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/event.gif
104.26.0.51200 OK 42 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/event.gif
IP 104.26.0.51:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/event.gif HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:13 GMT
content-type: image/gif
content-length: 42
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "63df4aac-2a"
expires: Tue, 07 Mar 2023 07:47:56 GMT
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gyJ3kw8NnSMbMX%2FSCSmJXlb%2Bqvg2PzHHmuWmV%2FQRYKF5HY8iLRyqkRP0tYw2s2YNvOdStrphOkd6ZcozmUzPddp7bj%2BS4tQnjr%2BIoSLb%2FhBkhsb5Jpznk%2BnUQ8%2B5zsuk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794bc54359d10b49-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.214.202.214101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.202.214:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gOoX1Bdb6idMiCbRq4Ka9A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UFR68ZgbNYMUfm3bK0Vsb8l7E1E=
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/u.gif
104.26.0.51200 OK 42 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/u.gif
IP 104.26.0.51:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/u.gif HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: image/gif
content-length: 42
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "63df4aac-2a"
expires: Tue, 07 Mar 2023 07:47:56 GMT
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4aB35BKRpHoNyHQP7Ro%2BviMJ1iaRBPfp4fV8aJoIIKpMLA8O6trWZZ3Yfn5FEV%2Bnv7Ilk2KZzjv7NxDzqKO2SQLG%2BFJembOrO88LmPWsy0T1aqvhVT%2FgNXp7hsXpLAFx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794bc54359d00b49-OSL
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
104.26.0.51200 OK 7.4 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
IP 104.26.0.51:0
File type HTML document, ASCII text, with very long lines (7387), with no line terminators
Hash 89cf9988d16c15d5919e2efdeb341003
6554b529e37e27af64a11b0d3507073ca05fb822
0f108c7122c218a486594e6ddd029c00844979992aa9d7b00ea9d3816a3e5be5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: application/octet-stream
content-length: 7387
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: "63df4aac-1cdb"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BMzXvxQ%2BIRfjQ0tnYJFaDxjs5e6Mz7HNJgxDS5H6iN%2FuWLX5J7cChz7rrtamSaB%2FjOeeD441zHYo%2FCyuwMYRevTseAWboxgnQpAil%2BvS9caOUSQrsVTQchU6dAGOPXzY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349cc0b49-OSL
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/6d6e5a4b50313176614c77414143627a.gif
104.26.0.51200 OK 43 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/6d6e5a4b50313176614c77414143627a.gif
IP 104.26.0.51:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/6d6e5a4b50313176614c77414143627a.gif HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: image/gif
content-length: 43
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "63df4aac-2b"
expires: Tue, 07 Mar 2023 07:47:54 GMT
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2FbjQrAb%2Be%2FhXQTaD3xS8H8sFcKy76TnBuKWcQ13sNxx%2FaKcfQY3j%2F2ndm8RwUA8cgMxduoHvohJibfdlmYEdxS93qfNxDoBUZgCjWU6hTURMEN0zgh6kFmyN2hwmsII"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794bc54349ce0b49-OSL
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/fonts-remote.css
104.26.0.51200 OK 797 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/fonts-remote.css
IP 104.26.0.51:0
File type ASCII text, with very long lines (3243), with no line terminators
Hash d95b6ea39c50292cafb09395614821ab
c5cf3b4b6410d4663cd620d52264b1a1c9b7021f
c21b62f3685ea32175ee1c8247b617767bc45ec3edf31ea2fe3398feaf40d040
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/fonts-remote.css HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:15 GMT
content-type: text/css
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-cab"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NaLLT32Xk7xB5S7rTpPcweIF9A29vDId5n%2FWz46VZ8MA2tkZ%2B0Pu7Ku1Ico1RLjgZ0NZnsJHkGr%2BdwOP6qg2b7KYP6nUmFB9zWxvZKIZHZGUpgK2FbhKYwwShTNiJBZ7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349c40b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-DTM.js
104.26.0.51200 OK 1.2 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-DTM.js
IP 104.26.0.51:0
File type ASCII text, with very long lines (1624), with no line terminators
Hash 3dc86788f4a39f75e22d427ed35f2de4
51d8e50801a1419b4e7252af93c35c64efd3e634
0e3e6a09dfbd669db7ce52af687c42a408e710d3c711e187f1abab29c2afe939
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-DTM.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-658"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aQddizj5o4d7oLTWqgfvfdyHRUCNn%2FNDzfMGTHgE77chu5PciD8L4PMlBl%2BDsE1rFCwQRH0I1QYTYdGKvob6buSpHqkM0P2YyDJhGSmtoHoqSruqfLUTi9ljQgClfaVN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349bf0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9816
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 12:50:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9816
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 12:50:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 13:05:46 GMT
age: 85469
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/scripts-responsive.js
104.26.0.51200 OK 12 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/scripts-responsive.js
IP 104.26.0.51:0
File type ASCII text, with very long lines (7303), with no line terminators
Hash 20e5ae577d70b6b0a0c62e97eabddb7e
c3051edf40ae797847c7b909ca8c21feb7334539
e1ab4ede95d86b9cd7ed7e6ca74c80e74100a24a911928c81ba1048d1111a51f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/scripts-responsive.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-1c87"
expires: Sun, 05 Feb 2023 19:47:56 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TNK0DaC%2BlAaWSxU7sf6g5mAPWyGhbIvbyUzDT9V3p8%2Bh0vYwlMRFWnm52hI4azNlbmyrfpAeKmaVes0%2BXdfmGuh7vLKhn8lM64sgyjcc7PsPwNtNJ4bfFcn0qPGJ63kd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54359d70b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/moatad.js
104.26.0.51200 OK 96 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/moatad.js
IP 104.26.0.51:0
File type ASCII text, with very long lines (761)
Hash 47ad1dfa3dc031e435de6c460b72a240
16662947807352b13faded328915132272dd2d73
bea7f00a1f5d820ad2d4060d8242689fe541ef8671e32745a5d4a5bd524fcdad
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/moatad.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-435ef"
expires: Sun, 05 Feb 2023 19:47:56 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L0QNwymp2P97%2BKHZLgsYhaSysRfnkOJvXxJ5f0gJS2x5AmFjMnBB%2Bkb5KhXFl2iWT9CPKm2KL5YFAqIFbB3BK0j2r26eJu38tKBVO0Gu2mnSMv%2BQhx7B%2BNItrZn4Y8Ke"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54359cf0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c1f3df5bbad5048923e29c0767d703d3
48c408d37a7bd7f96653174359178eed46ddf298
c8bae041c3d64334964b2aa771a07bc2709ced4c497e1795f864d9416fed728f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F88b593b5-5093-4504-8ab7-492c62b14ca7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5801
x-amzn-requestid: 441284a8-923a-4b22-b39f-95dec713c292
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fjj9jHu_IAMFZ-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d7b389-788174a773fcd695540cc95e;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 12:09:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DgvqiQwdytO2caPNzg2OhGcv8ly9N_YeQTzpuf6iwAVt8AQZEXRLqw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:52 GMT
age: 54383
etag: "48c408d37a7bd7f96653174359178eed46ddf298"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/jquery-3.js
104.26.0.51200 OK 44 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/jquery-3.js
IP 104.26.0.51:0
File type ASCII text, with very long lines (65451)
Hash 73569d03d160bcb42372dc0cc1be3e31
bc0612a794c79b9079f6718b6417489365831340
7a82b8138d66bec6d1cb5dfcf68fbb60517e9f589ac6e2eb84fcf7eb6eb527e6
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/jquery-3.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-1538f"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6trbMxALR28daMZOddzHPtlZthFDM150AT1%2BxLLfxlYRlaXOKKuQawf6XfffWxn6esAl7hSygmFfP3d%2FZCKPi4F76hAAwM0RAOqCoJU0j7%2FyO9g0lH%2F%2BgqYiNs8h104T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54359d40b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 14:53:45 GMT
age: 78990
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9ba49f1fc7f2f554049e6761ba03e37b
687a48ce650668c484bfda4b50fd202977bb85de
256310e4ec423d30bb346e06ff441daf493641a12ad9e208a2cdf90a0fcbf6f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2017
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:15 GMT
Last-Modified: Sun, 05 Feb 2023 12:16:38 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=DA11332E5321D0550A490D45%40AdobeOrg&d_nsid=0&ts=1675601455447
34.240.171.169200 OK 1.2 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=DA11332E5321D0550A490D45%40AdobeOrg&d_nsid=0&ts=1675601455447
IP 34.240.171.169:0
File type JSON data\012- , ASCII text, with very long lines (3445), with no line terminators
Hash e4c8353f967175f0e09c6a1248bddba8
6bd8f064fa441d8fc90b3d36abbb3c981955b6f1
91c1f83b4cf018c80f8e2e6d2ef1f0aaad77dd42e36307a623c85e0a02cba42f
GET /id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=DA11332E5321D0550A490D45%40AdobeOrg&d_nsid=0&ts=1675601455447 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ntutdc1995.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0a637d725.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=71564943812042628911662257852301370306; Max-Age=15552000; Expires=Fri, 04 Aug 2023 12:50:15 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: DtZoE69vTbI=
Content-Length: 1160
Connection: keep-alive
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js
104.26.0.51404 Not Found 27 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js
IP 104.26.0.51:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 6e61f6e8b8edd016c1d0ce14209dab3a
e436b158658514d2503ca249cebdcad2883dbd7d
0fa9f547bfd8f494aa56cc0ee406267e13ede7ad6b2674585a816490ff5d82cf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Cookie: AMCV_DA11332E5321D0550A490D45%40AdobeOrg=1406116232%7CMCIDTS%7C19394%7CvVersion%7C2.5.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 05 Feb 2023 12:50:15 GMT
content-type: text/html; charset=utf-8
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2BNd%2F%2FirjrhsVSDo7z0fbFKZt4vlkn61SgT%2Bj57E%2FLVmP04VTXmLhbeMcpzUNG03TYcwO24Aiix7J7uEWMcgwFOPFhijyUAoBu21wJZwwlasklHzsi7g89IbbdWqnMeo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794bc54d0a720b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bbcaa4373be095c40b07b7d54e50e2c0
e3ac29f367d797d41f61d6db73a12d6b6e5782ba
5e102e27cfd183592b160e62e77aeb92769b4793d8e4cf2f868b03c1285f9a08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 827
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:15 GMT
Etag: "63dea9eb-1d7"
Last-Modified: Sun, 05 Feb 2023 12:36:28 GMT
Server: ECS (amb/6BC5)
X-Cache: HIT
Content-Length: 471
comcastcom.d1.sc.omtrdc.net/id?d_visid_ver=2.5.0&d_fieldgroup=A&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&mid=71411619542256484601683220337147502437&ts=1675601455644
15.236.117.205200 OK 2 B URL HTTP/2 comcastcom.d1.sc.omtrdc.net/id?d_visid_ver=2.5.0&d_fieldgroup=A&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&mid=71411619542256484601683220337147502437&ts=1675601455644
IP 15.236.117.205:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=2.5.0&d_fieldgroup=A&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&mid=71411619542256484601683220337147502437&ts=1675601455644 HTTP/1.1
Host: comcastcom.d1.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://ntutdc1995.com
access-control-allow-credentials: true
date: Sun, 05 Feb 2023 12:50:15 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
comcast.demdex.net/dest5.html?d_nsid=0
52.31.164.85200 OK 2.8 kB URL HTTP/1.1 comcast.demdex.net/dest5.html?d_nsid=0
IP 52.31.164.85:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: comcast.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sun, 5 Feb 2023 12:50:15 GMT
DCS: dcs-prod-irl1-1-v045-0449b668e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: UvLSU7LaSlk=
Content-Length: 2791
Connection: keep-alive
z.moatads.com/comcastapn56341864860/moatad.js
2.18.173.140200 OK 0 B URL HTTP/2 z.moatads.com/comcastapn56341864860/moatad.js
IP 2.18.173.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comcastapn56341864860/moatad.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iNOl1G7caF+4F0KjCYi8LROSIJDzen5qwVKxO9qb70np0Ib7E8xnZvs9UYc5c1RxmbTyX0e7zg8=
x-amz-request-id: 011D4RFHBA3563FE
last-modified: Mon, 11 May 2020 15:59:42 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
accept-ranges: bytes
content-type: application/x-javascript
server: AmazonS3
content-length: 0
cache-control: max-age=25863
date: Sun, 05 Feb 2023 12:50:16 GMT
X-Firefox-Spdy: h2
ib.adnxs.com/ttj?id=15000574&size=1400x800&promo_sizes=300x600,300x250&psa=0
37.252.171.22307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/ttj?id=15000574&size=1400x800&promo_sizes=300x600,300x250&psa=0
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ttj?id=15000574&size=1400x800&promo_sizes=300x600,300x250&psa=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 12:50:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0
AN-X-Request-Uuid: 1037b542-f47e-485c-b4c6-de80ab7e4e07
Set-Cookie: uuid2=3094744899338769608; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2023 12:50:16 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0
37.252.171.22200 OK 2.9 kB URL HTTP/1.1 ib.adnxs.com/bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0
IP 37.252.171.22:0
File type HTML document, ASCII text, with very long lines (7400), with no line terminators
Hash ffc09b71157342f2cbab2e00fde75725
01730c65b492fcb7a3b975e992e5e7218b1e89fa
9e3875a9b7b8ebed22cc180d3ba7fa05ce21277642ee40e56d410c0aedab7d89
GET /bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntutdc1995.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 12:50:16 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 1347d4c5-0948-418d-8b85-e8ac3cfab216
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Encoding: gzip
ib.adnxs.com/ttj?ttjb=1&bdc=1675601416&bdh=RfMdg6wYNmVKQwTpTLn4u_GV2dY.&&bdref=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&bdtop=true&bdifs=0&bstk=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&&id=15000574&size=1400x800&promo_sizes=300x600%2C300x250&psa=0
37.252.171.22307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/ttj?ttjb=1&bdc=1675601416&bdh=RfMdg6wYNmVKQwTpTLn4u_GV2dY.&&bdref=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&bdtop=true&bdifs=0&bstk=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&&id=15000574&size=1400x800&promo_sizes=300x600%2C300x250&psa=0
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ttj?ttjb=1&bdc=1675601416&bdh=RfMdg6wYNmVKQwTpTLn4u_GV2dY.&&bdref=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&bdtop=true&bdifs=0&bstk=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&&id=15000574&size=1400x800&promo_sizes=300x600%2C300x250&psa=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 12:50:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675601416%26bdh%3DRfMdg6wYNmVKQwTpTLn4u_GV2dY.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0
AN-X-Request-Uuid: 0f98eb53-24f9-4e71-a2d1-cfbe0a817be9
Set-Cookie: uuid2=1468656880888666400; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2023 12:50:16 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675601416%26bdh%3DRfMdg6wYNmVKQwTpTLn4u_GV2dY.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0
37.252.171.22200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675601416%26bdh%3DRfMdg6wYNmVKQwTpTLn4u_GV2dY.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0
IP 37.252.171.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675601416%26bdh%3DRfMdg6wYNmVKQwTpTLn4u_GV2dY.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntutdc1995.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 12:50:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 913f8bfa-df16-4ec5-b34f-aa5715bd8adb
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
104.26.0.51200 OK 7.4 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
IP 104.26.0.51:0
File type HTML document, ASCII text, with very long lines (7387), with no line terminators
Hash 89cf9988d16c15d5919e2efdeb341003
6554b529e37e27af64a11b0d3507073ca05fb822
0f108c7122c218a486594e6ddd029c00844979992aa9d7b00ea9d3816a3e5be5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Cookie: AMCV_DA11332E5321D0550A490D45%40AdobeOrg=1406116232%7CMCIDTS%7C19394%7CMCMID%7C71411619542256484601683220337147502437%7CMCAAMLH-1676206255%7C6%7CMCAAMB-1676206255%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675608655s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.5.0; AMCVS_DA11332E5321D0550A490D45%40AdobeOrg=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:16 GMT
content-type: application/octet-stream
content-length: 7387
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: "63df4aac-1cdb"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJ1aa%2Bw%2BeeTPmspjwV20EHNEh6kvsSK7UcPn33aKBYnINuUDjEsm9rX9zYz%2BS3Cgz151kxRdlQT5FCrjPO%2B0IwkVYkyJ5JWJ3FLsbEWAnHlCc7348L1tSJsi1geqvSNi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc555db530b49-OSL
X-Firefox-Spdy: h2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
104.110.1.60200 OK 27 kB URL HTTP/2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
IP 104.110.1.60:0
File type Web Open Font Format (Version 2), TrueType, length 27420, version 0.0\012- data
Hash f05d3ebe80809d82ab14d62a79da544e
bf08410286fbadd57335dc63dbdd8169cd4e6d1e
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a
GET /fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 HTTP/1.1
Host: sdx.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 27420
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
etag: "f05d3ebe80809d82ab14d62a79da544e"
x-amz-version-id: wnCwOacXycelzt78IMkr55wWB9WkMd2W
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _vpkqBlLETw4T6oH2cSnkktI4BxeLxas20IZvW788el8Nomx3bJ5ug==
cache-control: max-age=866293
date: Sun, 05 Feb 2023 12:50:17 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
104.110.1.60200 OK 27 kB URL HTTP/2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
IP 104.110.1.60:0
File type Web Open Font Format (Version 2), TrueType, length 27152, version 0.0\012- data
Hash 13709eac065721ba8cd0e2d1b6fa8026
2fa86f3c0fbc94711d6c0ed32e3e03add756ba18
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228
GET /fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2 HTTP/1.1
Host: sdx.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 27152
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
etag: "13709eac065721ba8cd0e2d1b6fa8026"
x-amz-version-id: 6t4RA2DS89tdf_2IK5vrc9JAOKCy9A40
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IzOfbbv8gz8w_604kyRw0cTtS-ry2VNjzzr5bNN0H7WL2BOGYFlCng==
cache-control: max-age=1645533
date: Sun, 05 Feb 2023 12:50:17 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fc62264746d0ba500dd83.js
23.38.200.237200 OK 134 B URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fc62264746d0ba500dd83.js
IP 23.38.200.237:0
Hash 26720501c4260c7cc5833d9e06f0af87
26ce9fe2fa65dcd91b1ff050a238892a70eaad6c
e23487c8456f551b44229fd881dd8c524922e7c4c68682028c245bf706820e62
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fc62264746d0ba500dd83.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "16dfb4bd56a82d8f8018ab2fa164856c:1581368006.307249"
last-modified: Mon, 10 Feb 2020 20:53:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 134
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 13:50:17 GMT
date: Sun, 05 Feb 2023 12:50:17 GMT
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa36064746d7e580013b4.js
23.38.200.237200 OK 187 B URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa36064746d7e580013b4.js
IP 23.38.200.237:0
Hash 100e6bd0333d51a01c9e2bf4130cd5c9
b03e6b94b4c163de582e217f6e148f3b12df8f1f
481a6bc427ce8b7601db07e2387f5265db27e59a9a54abcb88f0e2497387912a
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa36064746d7e580013b4.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "b5834499509b419a0926487143b3976d:1581368006.388159"
last-modified: Mon, 10 Feb 2020 20:53:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 187
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 13:50:17 GMT
date: Sun, 05 Feb 2023 12:50:17 GMT
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js
23.38.200.237200 OK 34 kB URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (557)
Hash 953eadbd32b8680b37511cc683781aff
8ea7a5fb3bd5f727f3ec3366bc1d91b3a104043b
14dd417150683ce056827225bbf94a0f26e95a820b604f815021be49eb8c707b
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7c44e613d67e21f6a1c3afd5985988da:1581368005.559228"
last-modified: Mon, 10 Feb 2020 20:53:25 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 13:50:17 GMT
date: Sun, 05 Feb 2023 12:50:17 GMT
content-length: 34525
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-5971021b64746d663b00202b.js
23.38.200.237200 OK 15 kB URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-5971021b64746d663b00202b.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (563)
Hash 4da5a7f7e67cf8d72d1238efbd4dac31
e8bf676f06b42529aa475c3d292acfa0f5b4a6b7
2c68577dc9e4226daf46cbcf1650a0e91a1841c67ecf5e4ecea749cbea7ed973
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-5971021b64746d663b00202b.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "dbef438e3fcd49bdc0ee4d74b97df080:1581368005.888342"
last-modified: Mon, 10 Feb 2020 20:53:25 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 13:50:17 GMT
date: Sun, 05 Feb 2023 12:50:17 GMT
content-length: 14684
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa34764746d6ae001a760.js
23.38.200.237200 OK 681 B URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa34764746d6ae001a760.js
IP 23.38.200.237:0
Hash 238e9ac366afc5ccb8ab193af21a3bdd
ccbe4cf829625b32aa2ecb714bc68c05c53de703
2f27f96e790c01c88b87af6a72d3d635b9bfc630d13bd43bd46a8be4ac5fac9f
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa34764746d6ae001a760.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "1cf26e862d696e4a210b77e9f506e652:1581368006.039768"
last-modified: Mon, 10 Feb 2020 20:53:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 13:50:17 GMT
date: Sun, 05 Feb 2023 12:50:17 GMT
content-length: 681
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=1&ts=1675601457482
34.240.171.169200 OK 216 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=1&ts=1675601457482
IP 34.240.171.169:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 69c3ade25430185390088fc41a5f437d
3304ba1a6fdafaba2bef16a24c7adca34b2248c3
14f9f917c6968cd63436d7943809c13a0f6cddf72431b0bc37bce52f9315e8f6
GET /id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=1&ts=1675601457482 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ntutdc1995.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0fb9f79b9.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=48167407934426497223901388645255080609; Max-Age=15552000; Expires=Fri, 04 Aug 2023 12:50:17 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: PkFVn23LQcU=
Content-Length: 216
Connection: keep-alive
comcastcom.d1.sc.omtrdc.net/b/ss/comcastdotcomprod/10/JS-2.3.0-D7QN/s87213350697147?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=5%2F1%2F2023%2012%3A50%3A57%200%200&d.&nsid=0&jsonv=1&.d&D=D%3D&mid=71411619542256484601683220337147502437&aamlh=6&ce=UTF-8&pageName=resi%7Cselfservice%7Clogin%7Csign%20in&g=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c9&cc=USD&ch=login&events=event125%3D38%2Cevent36%3D40&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c25=resi%7Cselfservice%7Clogin%7Csign%20in%7Cpage%20load&v29=landscape%3Adesktop%20layout%3A1280x939&v37=D%3DpageName&c44=responsive%7Ccima%20login&v44=responsive%7Ccima%20login&v46=First%20Visit&c54=VisitorAPI%20Present&c55=resi%7Cselfservice&c60=en&c69=res_beta&c72=40&c73=DTM%20Hosted%20%7C11212019&v86=unauthenticated%7Cunrecognized&v99=comcast%7Cweb&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&-g=38ccd32eb5b08d09005a167e038a62c938ccd3&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&AQE=1
15.236.117.205200 OK 3.9 kB URL HTTP/2 comcastcom.d1.sc.omtrdc.net/b/ss/comcastdotcomprod/10/JS-2.3.0-D7QN/s87213350697147?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=5%2F1%2F2023%2012%3A50%3A57%200%200&d.&nsid=0&jsonv=1&.d&D=D%3D&mid=71411619542256484601683220337147502437&aamlh=6&ce=UTF-8&pageName=resi%7Cselfservice%7Clogin%7Csign%20in&g=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c9&cc=USD&ch=login&events=event125%3D38%2Cevent36%3D40&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c25=resi%7Cselfservice%7Clogin%7Csign%20in%7Cpage%20load&v29=landscape%3Adesktop%20layout%3A1280x939&v37=D%3DpageName&c44=responsive%7Ccima%20login&v44=responsive%7Ccima%20login&v46=First%20Visit&c54=VisitorAPI%20Present&c55=resi%7Cselfservice&c60=en&c69=res_beta&c72=40&c73=DTM%20Hosted%20%7C11212019&v86=unauthenticated%7Cunrecognized&v99=comcast%7Cweb&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&-g=38ccd32eb5b08d09005a167e038a62c938ccd3&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&AQE=1
IP 15.236.117.205:0
File type ASCII text, with very long lines (3878)
Hash ecde3cd3df4619f08f92df165c9706ba
b3853c627032633471553a71e6534c3902e85ad5
75ffa453fdd95b24a2257fc3ca3e54f28b65135cdc7b30dc685670ca7e61989a
GET /b/ss/comcastdotcomprod/10/JS-2.3.0-D7QN/s87213350697147?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=5%2F1%2F2023%2012%3A50%3A57%200%200&d.&nsid=0&jsonv=1&.d&D=D%3D&mid=71411619542256484601683220337147502437&aamlh=6&ce=UTF-8&pageName=resi%7Cselfservice%7Clogin%7Csign%20in&g=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c9&cc=USD&ch=login&events=event125%3D38%2Cevent36%3D40&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c25=resi%7Cselfservice%7Clogin%7Csign%20in%7Cpage%20load&v29=landscape%3Adesktop%20layout%3A1280x939&v37=D%3DpageName&c44=responsive%7Ccima%20login&v44=responsive%7Ccima%20login&v46=First%20Visit&c54=VisitorAPI%20Present&c55=resi%7Cselfservice&c60=en&c69=res_beta&c72=40&c73=DTM%20Hosted%20%7C11212019&v86=unauthenticated%7Cunrecognized&v99=comcast%7Cweb&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&-g=38ccd32eb5b08d09005a167e038a62c938ccd3&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&AQE=1 HTTP/1.1
Host: comcastcom.d1.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Sun, 05 Feb 2023 12:50:17 GMT
expires: Sat, 04 Feb 2023 12:50:17 GMT
last-modified: Mon, 06 Feb 2023 12:50:17 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3598326644130742272-4619746262545369018
vary: *
dcs: dcs-prod-irl1-1-v045-0078884aa.edge-irl1.demdex.com 5 ms
x-aam-tid: jlR1TRVMQD8=
content-type: application/x-javascript;charset=utf-8
content-length: 3879
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 8942dac2c3b84167c8c1c36c8c5dbc24
3202c79b026ed05cd1568065cfba03cffe066637
998bc79f4dc7577f16aa29eea707a9f74380352848fae678f2f9e1a5a5ea42c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2932
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Last-Modified: Sun, 05 Feb 2023 12:01:25 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 312
rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=15787266540&varName=crtg_content
178.250.2.157204 No Content 0 B URL HTTP/2 rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=15787266540&varName=crtg_content
IP 178.250.2.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=15787266540&varName=crtg_content HTTP/1.1
Host: rtax.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sun, 05 Feb 2023 12:50:17 GMT
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
comcastathena.demdex.net/event?_ts=1675601457518
34.240.171.169200 OK 119 B URL HTTP/1.1 comcastathena.demdex.net/event?_ts=1675601457518
IP 34.240.171.169:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 519cb00d16b3ffc5ef5772deae1499d8
7b088982f38a94da6167505d84b2b3582c0044e8
fb6c7c770bdb9861682abc9213bf0c954dff6e8fed6c9cd32aed7cb1c90676a8
POST /event?_ts=1675601457518 HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 637
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ntutdc1995.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0d492e21d.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=48167407934426497223901388645255080609; Max-Age=15552000; Expires=Fri, 04 Aug 2023 12:50:17 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: u/dyRBxQTu8=
Content-Length: 119
Connection: keep-alive
googleads.g.doubleclick.net/pagead/viewthroughconversion/1023869955/?label=cYj3CPPGqqsBEIOInOgD&guid=ON&script=0
142.250.74.66302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1023869955/?label=cYj3CPPGqqsBEIOInOgD&guid=ON&script=0
IP 142.250.74.66:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1023869955/?label=cYj3CPPGqqsBEIOInOgD&guid=ON&script=0 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://comcast.demdex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:50:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3063414209
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 05-Feb-2023 13:05:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
comcastathena.demdex.net/dest5.html?d_nsid=1
34.240.171.169200 OK 2.8 kB URL HTTP/1.1 comcastathena.demdex.net/dest5.html?d_nsid=1
IP 34.240.171.169:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=1 HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sun, 5 Feb 2023 12:50:17 GMT
DCS: dcs-prod-irl1-1-v045-0826e4ce6.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: BPpiDByCTh4=
Content-Length: 2791
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.xfinity.com/static/images/favicon/android-icon-192x192.png
95.101.10.200200 OK 2.6 kB URL HTTP/2 login.xfinity.com/static/images/favicon/android-icon-192x192.png
IP 95.101.10.200:0
ASN #20940 Akamai International B.V.
File type PNG image data, 192 x 192, 8-bit grayscale, non-interlaced\012- data
Hash 4d5a72cfafe8a0e67a3a4e3684ae379f
2140780ff72470e5a9d63fdf950d7b816ce804be
b8bbda2990b5611317f747bf13de3a78e1de77fd7d864a27d845194988490375
GET /static/images/favicon/android-icon-192x192.png HTTP/1.1
Host: login.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Tue, 11 Jan 2022 16:05:32 GMT
accept-ranges: bytes
content-length: 2569
content-type: image/png
x-edgeconnect-cache-status: 1
cache-control: max-age=1751
expires: Sun, 05 Feb 2023 13:19:28 GMT
date: Sun, 05 Feb 2023 12:50:17 GMT
X-Firefox-Spdy: h2
dl.cws.xfinity.com/event/
184.86.58.27200 OK 0 B URL HTTP/2 dl.cws.xfinity.com/event/
IP 184.86.58.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event/ HTTP/1.1
Host: dl.cws.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type
Referer: https://ntutdc1995.com/
Origin: https://ntutdc1995.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 0
x-amzn-requestid: 1c52f5a0-bc00-48ba-aebf-16de1edb9e60
access-control-allow-origin: *
access-control-allow-headers: Content-Type
x-amz-apigw-id: f3bhhHukIAMFyRg=
access-control-allow-methods: HEAD,OPTIONS,PUT
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: ebJ1QIwtw4wXPC9H4pAs5V35kTB5iVUClDRXvH2bGSd1sJsnaDAkGg==
date: Sun, 05 Feb 2023 12:50:17 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash a78b06ca527ce7542b24b349e0485d8b
6f5e5126c1c9d40c9ba09d58e1755d2ca39d02ab
bc7dc156ab8b2b33422fff0922e219246eb1d12469d10ac8007416fed41ac473
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.xfinity.com/static/images/favicon/favicon-16x16.png
95.101.10.200200 OK 184 B URL HTTP/2 login.xfinity.com/static/images/favicon/favicon-16x16.png
IP 95.101.10.200:0
ASN #20940 Akamai International B.V.
File type PNG image data, 16 x 16, 8-bit grayscale, non-interlaced\012- data
Hash db142cad60d6acbf015835843f35071f
56261a4d35ff1ad9c210376f025f8762e608494f
1a819ccf88edbedbdce80f8f48844260c685edf389ba39ba92e42c7291522801
GET /static/images/favicon/favicon-16x16.png HTTP/1.1
Host: login.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Tue, 11 Jan 2022 16:05:32 GMT
accept-ranges: bytes
content-length: 184
content-type: image/png
x-edgeconnect-cache-status: 1
cache-control: max-age=671
expires: Sun, 05 Feb 2023 13:01:28 GMT
date: Sun, 05 Feb 2023 12:50:17 GMT
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3063414209
142.250.74.164302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3063414209
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3063414209 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://comcast.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:50:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3063414209&ipr=y
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3063414209&ipr=y
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3063414209&ipr=y
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=3063414209&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://comcast.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 12:50:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 77c548ed6dbee7a04321102c3d93db5c
3f4a20119d052c6c8e5f4224a2948ffd559f96b3
5d553cadff959602e40d007c876a01e0dd4540640c64bbb2679300d43326c603
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6018
Cache-Control: max-age=148512
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Etag: "63df2fa7-139"
Expires: Tue, 07 Feb 2023 06:05:29 GMT
Last-Modified: Sun, 05 Feb 2023 04:25:11 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 77c548ed6dbee7a04321102c3d93db5c
3f4a20119d052c6c8e5f4224a2948ffd559f96b3
5d553cadff959602e40d007c876a01e0dd4540640c64bbb2679300d43326c603
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6018
Cache-Control: max-age=148512
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Etag: "63df2fa7-139"
Expires: Tue, 07 Feb 2023 06:05:29 GMT
Last-Modified: Sun, 05 Feb 2023 04:25:11 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 2521dc6dc015025c26c7a1b08b3060a1
f5c7abc50c9229a4b198a5c0d5f6dfa8ac528b9f
6671bc387c8011ec55a9d023502189b997adeb18fc2f199747dec7d688f85bd3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1453
Cache-Control: max-age=90630
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:17 GMT
Etag: "63de5f62-139"
Expires: Mon, 06 Feb 2023 14:00:47 GMT
Last-Modified: Sat, 04 Feb 2023 13:36:34 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:17 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=Sl6HAF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czMyJTJCeUk4U2FSYWRCOWtCY0RKeTRwSWoyeWI0SlRXR1olMkJobjNWUnZVQWQz; expires=Fri, 01 Mar 2024 12:50:17 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 283939
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dnacdn.net/dna
178.250.2.146200 OK 441 B IP 178.250.2.146:0
File type JSON data\012- , ASCII text, with very long lines (494), with no line terminators
Hash b9a926921f2e3c64ac8afc7c355b319c
2ec6654b0227a49bbe11c67b9b9c7684c6ac2207
df8b2ac3c4fe4a40022906fb507a002441523e0e2206362c633702ef6cc0a63e
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=Sl6HAF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czMyJTJCeUk4U2FSYWRCOWtCY0RKeTRwSWoyeWI0SlRXR1olMkJobjNWUnZVQWQz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=P9LCUV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czMyJTJCeUk4U2FSYWRCOWtCY0RKeTRwTDN2ZTJnRXJWcWhiSWd0RHl3OHlNdw; expires=Fri, 01 Mar 2024 12:50:17 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 402783
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=ntutdc1995.com
178.250.0.157200 OK 5.2 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=ntutdc1995.com
IP 178.250.0.157:0
Hash c5c90299e8e720878e1177ff2830ac07
735224176a973e5a195879e343418de0879f39bb
239830d7bacdd4b6c4483b850c787a6255b6058a32bc8f96a7a6ba27226ef336
GET /syncframe?origin=rtus&topUrl=ntutdc1995.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:16 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=c3767c78-5489-4465-8a0a-37edcba003e2; expires=Fri, 01 Mar 2024 12:50:17 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 924773
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash f26d5481a18bcf64b0421f80f30c35ab
4962f67774adcba3a20cf9c4d26d4d45bcb0d2ea
d02eda5fdcd7f8918c3753054923061885b07155764140d32349b55acd998f94
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6464
Cache-Control: max-age=126256
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 12:50:18 GMT
Etag: "63ded6fa-13a"
Expires: Mon, 06 Feb 2023 23:54:34 GMT
Last-Modified: Sat, 04 Feb 2023 22:06:50 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 314
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.30.Events.StartInit~1&entry=c~Idfs.Rtus.30.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.30.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.30.Headers.Bundle~1&entry=c~Idfs.Rtus.30.Events.InitiateFetch~1
178.250.0.162200 OK 43 B URL HTTP/2 csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.30.Events.StartInit~1&entry=c~Idfs.Rtus.30.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.30.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.30.Headers.Bundle~1&entry=c~Idfs.Rtus.30.Events.InitiateFetch~1
IP 178.250.0.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.30.Events.StartInit~1&entry=c~Idfs.Rtus.30.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.30.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.30.Headers.Bundle~1&entry=c~Idfs.Rtus.30.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:17 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/styles-light.css
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/styles-light.css
IP 104.26.0.51:0
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/styles-light.css HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: text/css
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-b02f"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJlAXwWjG%2BrtCgeaWeqO7gUAd5Eui3Sjj4n7zhYvSqh1RVzBy7lYWapb%2BgIdXj5U%2BxShq38ANYO%2BhbZl2V6oL8t586Utwnm7arv6iD00NovUSx04c%2FD1LWkXgIefhr%2Bu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349c50b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/1011719316x32.js
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/1011719316x32.js
IP 104.26.0.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/1011719316x32.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-6bb"
expires: Sun, 05 Feb 2023 19:47:54 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lo%2FYF%2BMZ%2Fj6NIAQ3uQuh%2FafDzJzLZVyUz4Jzz%2Fg5mQ524jX6JcSPaH%2B%2FXpP9k9typvWcw5ZxOe0fDzHD9bYVS0wS%2BYJk4WpMx6PwLeiUkND%2FdJPWeQoIf6OVlrgrTcfd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349ca0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
IP 178.250.0.157:0
GET /sync?c=30&r=2&j=cr_handle_data_a HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntutdc1995.com/
x-crto-bundle: 2fPCnV9JN0JyUXR3OFRCelpsZGkzQVFrUFljS1V4Z0NoRm8wUElLQzhqdzZMb0FuMnl6RlRyNXhudFBiUVhWWDNvSk90WExEdGxOdGtFcTUzQzVVY0hkRGxtdGQ2RkxBTTFPSiUyRlRzY1dxSGdaWUhjZXpVcENvM1MzVjVWNXNZRUtQdjNmWmZJRmV5b2dFMGNlOEJHREJ1akhKdyUzRCUzRA
Origin: https://ntutdc1995.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:17 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://ntutdc1995.com
server-processing-duration-in-ticks: 3063687
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json
IP 104.26.0.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Cookie: AMCV_DA11332E5321D0550A490D45%40AdobeOrg=1406116232%7CMCIDTS%7C19394%7CvVersion%7C2.5.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:15 GMT
content-type: application/json
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: W/"63df4aac-a9"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yHhQaidVmfngXw%2BYf%2Fj38PA%2BV5EIGKUhIaxkcmPTEQGqjNAwOiNXIq6zm1KlvkVh6may4U%2FL2eLlND698aTO%2FmzuwPN7Ha7NgzFSqB6qkaMOQLnPCPRZfr7FGHl6MV%2BP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54d0a780b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
IP 178.250.0.157:0
GET /sync?c=30&r=2&j=cr_handle_data_a HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:17 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 578586
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/lodash-slim.js
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/lodash-slim.js
IP 104.26.0.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/lodash-slim.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-5b32"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7cO8JAPJFnJOCSZ2%2F7ecHIaorZvGT35rzZhm0N0o%2F7FZEQdLgur8qX2ejA52BCTjJnuAQaD0Asvn88HwUpW3xjEz1Z2xRd%2BftNiF9HWkf8klWKuj2MAto1Rpk717TXr%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349bb0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json
IP 104.26.0.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:13 GMT
content-type: application/json
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: W/"63df4aac-a9"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zj8nNCLmQT90wG%2Bw2hfHiV7MiN3RNEWS50CjXivspIx3PUMyXILvu8G%2FBrGltBdGywH6UEgypMFt7qeoF5HWzCzdRss4E1Er%2B4y0zwA4u%2BtBg0ibQL4jHrkyPhEjQ016"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349c80b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js
IP 104.26.0.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-1f820"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hnPeY4aKmLJw9tdEKmRZixaXneXCdC0XGR3n4dk0LsiPgZnUrt%2BdDQH%2BcuPuNXHfxb%2B3K8drqnHPc%2FXGKhyyyYYhAX83gB2jgXMiooX9dnUCzqdyK4OE4V0ZOdVLv8si"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349c30b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-aws.js
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-aws.js
IP 104.26.0.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-aws.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-9f2"
expires: Sun, 05 Feb 2023 19:47:54 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mf4glW61K8NrvLapEHE8sGLBYSql%2BhkJZRl%2FFBISF5vMMFHg01ORTq0tgQq%2BOYmMvyNUfH19FxAsQF%2BnJby7N1Wh4YqWPPM4KIEF3C6psP4vJdxpggLmpxZlsm6WMd%2FG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349be0b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/vm-login-form-ad.js
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/vm-login-form-ad.js
IP 104.26.0.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/vm-login-form-ad.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-2247"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTBX6DOnpoEkxpgyNvDp3omXkwMHtsK9V1ZRP8%2BOlQJxzc%2B1yUbZHzzXRe1FWX0d46GL0o4p%2F%2FArsOxuV5TFhPLZ3H%2FaXAnp6eQWCVunw6%2F1FUtXRQvMAboSRDZo%2F%2BCK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349c70b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking.js
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking.js
IP 104.26.0.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:14 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-3a74"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yp7s84s1neCwCJvsw0avl3X9gZUloi9foAnZcEXUW6WBiKPvvkUvh3gXRSR7bj42IT0qo5i9zieZ1V8eQjN%2BTz9c4TsLFFA3nAiBVNLu0TQejLD%2ByyvwzEItq23c5j16"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc54349c10b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.111200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.111:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 132359
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js
104.26.0.51404 Not Found 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js
IP 104.26.0.51:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 05 Feb 2023 12:50:13 GMT
content-type: text/html; charset=utf-8
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=92bBQ4VeCwUBGodTlOk66v3%2BKOcNv56MS%2Fj4QiEpIq2DMjaKl74ItZE6SfTlar4FCGHwGD013FDZN58Nx%2FQkaHEqlE5IrYSme0GZrOQiBcW1VShaHR9tdXs1giHRHkwV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794bc54349c60b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
104.26.0.51200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
IP 104.26.0.51:0
Analyzer Verdict Alert openphish Huntington Bank
NIDS Severity Alert suricata medium ET PHISHING Possible Compromised Wordpress - Generic Phishing Landing 2018-01-22
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3 HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 05 Feb 2023 12:50:13 GMT
content-type: text/html; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arYD0C3kA7G9BqF9kFyadYIrqfsUfvrujCjSWVl3xidhtphh8sdeaeI8zfdrGjjKX9cQbPgR5SFXmpNkkQZa2oiuMZK0tXFIo4OTFEohBKNl73TKSE6PoLkzIAlB6RDK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794bc540bf180b49-OSL
content-encoding: br
X-Firefox-Spdy: h2