Overview

URL hm.ru/j1Nfvz
IP138.68.185.92
ASNDIGITALOCEAN-ASN
Location United Kingdom
Report completed2022-09-28 21:15:34 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-28 2 hm.ru/j1Nfvz International Card Services B.V
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/plx.check.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/proxyid.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/SunOT-Regular.ttf Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/conversion_async.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/8574.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/analytics.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/gtm_002.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/gtm.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/jquery-1.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/a Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/modernizr.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/arcotfpcollect.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/main_002.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/fbevents.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/main.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/collectddna.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/polyfills.js Phishing
2022-09-28 2 web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/runtime.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (23)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS analytics.qrfy.com (2) 0 2022-08-19 12:07:11 UTC 2022-09-27 13:25:40 UTC 172.66.42.212 Unknown ranking
mnemonic passive DNS img-getpocket.cdn.mozilla.net (2) 1631 2017-09-01 03:40:57 UTC 2022-09-28 08:06:38 UTC 34.120.237.76
mnemonic passive DNS d6tizftlrpuof.cloudfront.net (1) 0 2020-12-16 21:09:58 UTC 2022-09-28 16:08:12 UTC 54.230.245.35 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-28 12:06:36 UTC 143.204.55.35
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.77.32
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-09-28 04:36:20 UTC 142.250.74.3
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-28 04:42:17 UTC 142.250.74.72
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 44.238.3.246
mnemonic passive DNS web8713.web07.bero-webspace.de (23) 0 2022-09-28 01:47:50 UTC 2022-09-28 15:35:20 UTC 109.71.253.24 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-28 05:13:47 UTC 143.204.55.25
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-28 14:54:21 UTC 142.250.74.174
mnemonic passive DNS mc.yandex.ru (4) 2672 2017-01-29 05:34:36 UTC 2022-09-28 11:50:04 UTC 77.88.21.119
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-09-28 04:36:33 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS w.usabilla.com (1) 3254 2019-05-09 06:41:07 UTC 2022-09-28 19:13:48 UTC 46.51.206.5
mnemonic passive DNS www.icscards.nl (1) 863706 2013-12-19 13:25:00 UTC 2022-09-28 07:54:25 UTC 185.195.93.72
mnemonic passive DNS hm.ru (12) 0 2015-05-29 13:36:41 UTC 2022-09-28 16:48:10 UTC 138.68.185.92 Unknown ranking
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-28 04:39:17 UTC 104.18.20.226
mnemonic passive DNS api.hm.ru (1) 0 2019-12-17 12:56:26 UTC 2022-09-27 15:33:31 UTC 138.68.185.92 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2022-09-28 16:15:39 UTC 93.184.220.29
mnemonic passive DNS qrfy.com (15) 0 2017-06-30 06:25:52 UTC 2022-09-27 13:25:39 UTC 172.66.42.212 Unknown ranking
mnemonic passive DNS ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.100
mnemonic passive DNS icscards.nl (1) 366859 2015-01-29 11:49:51 UTC 2022-09-28 20:03:06 UTC 185.195.93.72


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 138.68.185.92

Date UQ / IDS / BL URL IP
2022-12-07 14:07:57 +0000
0 - 0 - 4 hm.ru/gzno8i 138.68.185.92
2022-12-04 09:17:31 +0000
0 - 0 - 2 hm.ru/Pr8mEf 138.68.185.92
2022-11-25 06:37:23 +0000
0 - 0 - 2 hm.ru/TtgvML 138.68.185.92
2022-11-18 13:43:38 +0000
7 - 0 - 2 hm.ru/6tPvVo 138.68.185.92
2022-11-11 13:43:50 +0000
0 - 0 - 1 hm.ru/vVr2zm 138.68.185.92

Last 5 reports on ASN: DIGITALOCEAN-ASN

Date UQ / IDS / BL URL IP
2022-12-08 09:49:46 +0000
2 - 0 - 1 loggon.servehttp.com/Lake.zip 137.184.212.127
2022-12-08 09:44:31 +0000
0 - 0 - 2 ict.io/the-impact-of-technology-on-our-lifest (...) 128.199.111.30
2022-12-08 09:43:56 +0000
0 - 0 - 7 mkkuei4kdsz.com/212/464.html 64.225.91.73
2022-12-08 09:43:55 +0000
0 - 0 - 8 mkkuei4kdsz.com/778/424.html 64.225.91.73
2022-12-08 09:41:57 +0000
0 - 0 - 3 139.59.2.222/ 139.59.2.222

Last 5 reports on domain: hm.ru

Date UQ / IDS / BL URL IP
2022-12-07 14:07:57 +0000
0 - 0 - 4 hm.ru/gzno8i 138.68.185.92
2022-12-04 09:17:31 +0000
0 - 0 - 2 hm.ru/Pr8mEf 138.68.185.92
2022-11-25 06:37:23 +0000
0 - 0 - 2 hm.ru/TtgvML 138.68.185.92
2022-11-18 13:43:38 +0000
7 - 0 - 2 hm.ru/6tPvVo 138.68.185.92
2022-11-11 13:43:50 +0000
0 - 0 - 1 hm.ru/vVr2zm 138.68.185.92

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-27 00:17:26 +0000
0 - 0 - 29 urldefense.com/v3/__https:/tinyurl.com/cdk4aw (...) 52.204.90.22
2022-11-26 17:55:43 +0000
0 - 0 - 28 web9199.web07.bero-webspace.de/aanmelden/ 109.71.253.24
2022-11-26 17:55:25 +0000
0 - 0 - 28 tinyurl.com/cdk4awhj 104.20.138.65
2022-11-07 14:22:38 +0000
0 - 0 - 24 17811-4378.s3.webspace.re/ 91.218.65.6
2022-11-06 14:20:44 +0000
0 - 0 - 4 tinyurl.com/8v9ezs7t 172.67.1.225


JavaScript

Executed Scripts (51)


Executed Evals (14)

#1 JavaScript::Eval (size: 121, repeated: 1) - SHA256: c6253e7b2716a62bcd27656e53cf1c1a49db7d1665f6d0a81fab08ce5f4e5215

                                        (function() {
    var b = google_tag_manager["GTM-PVW329"].macro(1),
        a = google_tag_manager["GTM-PVW329"].macro(2);
    return a ? a : b
})();
                                    

#2 JavaScript::Eval (size: 122, repeated: 1) - SHA256: 9babb58fa7480931eec0fa4a0274709c06f55567616c9e254a36733c7c88cf9f

                                        (function() {
    var b = google_tag_manager["GTM-PVW329"].macro(9),
        a = google_tag_manager["GTM-PVW329"].macro(10);
    return a ? a : b
})();
                                    

#3 JavaScript::Eval (size: 123, repeated: 1) - SHA256: a7001e7f3be4b57b33735e059403e351d1fef2fdbcdb6465fa471b28b0cdc6ad

                                        (function() {
    var b = google_tag_manager["GTM-PVW329"].macro(16),
        a = google_tag_manager["GTM-PVW329"].macro(17);
    return a ? a : b
})();
                                    

#4 JavaScript::Eval (size: 21, repeated: 1) - SHA256: 48f42ff7e80c8ad9630397c9e4e8077a75004428e460f7dc4eae4d564888906f

                                        delete obj.DeviceXDPI
                                    

#5 JavaScript::Eval (size: 25, repeated: 1) - SHA256: 67899a50d2cf0cf399c816b9584d61715f51828ab6a3605a67331cde8779f2ca

                                        delete obj.UpdateInterval
                                    

#6 JavaScript::Eval (size: 22542, repeated: 1) - SHA256: 61b6b77d03610aefe984258696d1944717969c272e6e477da917d182b2e8bea5

                                        var AWIN = AWIN || {};
AWIN.Tracking = AWIN.Tracking || {};
AWIN.sProtocol = location.protocol == 'https:' ? 'https://' : 'http://';
AWIN.iScriptCount = 0;
AWIN.Tracking.device9Url = 'https://the.sciencebehindecommerce.com/d9core';
AWIN.tldDomains = ["com", "org", "edu", "gov", "uk", "net", "ca", "de", "jp", "fr", "au", "us", "ru", "ch", "it", "nl", "se", "no", "es", "mil", "gw", "ax", "wf", "yt", "sj", "mobi", "eh", "mh", "bv", "ap", "cat", "kp", "iq", "um", "arpa", "pm", "gb", "cs", "td", "so", "aero", "biz", "coop", "info", "jobs", "museum", "name", "pro", "travel", "ac", "ad", "ae", "af", "ag", "ai", "al", "am", "an", "ao", "aq", "ar", "as", "at", "aw", "az", "ba", "bb", "bd", "be", "bf", "bg", "bh", "bi", "bj", "bm", "bn", "bo", "br", "bs", "bt", "bw", "by", "bz", "cc", "cd", "cf", "cg", "ci", "ck", "cl", "cm", "cn", "co", "cr", "cu", "cv", "cx", "cy", "cz", "dj", "dk", "dm", "do", "dz", "ec", "ee", "eg", "er", "et", "eu", "fi", "fj", "fk", "fm", "fo", "ga", "gd", "ge", "gf", "gg", "gh", "gi", "gl", "gm", "gn", "gp", "gq", "gr", "gs", "gt", "gu", "gy", "hk", "hm", "hn", "hr", "ht", "hu", "id", "ie", "il", "im", "in", "io", "ir", "is", "je", "jm", "jo", "ke", "kg", "kh", "ki", "km", "kn", "kr", "kw", "ky", "kz", "la", "lb", "lc", "li", "lk", "lr", "ls", "lt", "lu", "lv", "ly", "ma", "mc", "md", "mg", "mk", "ml", "mm", "mn", "mo", "mp", "mq", "mr", "ms", "mt", "mu", "mv", "mw", "mx", "my", "mz", "na", "nc", "ne", "nf", "ng", "ni", "np", "nr", "nu", "nz", "om", "pa", "pe", "pf", "pg", "ph", "pk", "pl", "pn", "pr", "ps", "pt", "pw", "py", "qa", "re", "ro", "rw", "sa", "sb", "sc", "sd", "sg", "sh", "si", "sk", "sl", "sm", "sn", "sr", "st", "sv", "sy", "sz", "tc", "tf", "tg", "th", "tj", "tk", "tl", "tm", "tn", "to", "tp", "tr", "tt", "tv", "tw", "tz", "ua", "ug", "uy", "uz", "va", "vc", "ve", "vg", "vi", "vn", "vu", "ws", "ye", "yu", "za", "zm", "zw"];
AWIN.twoPartsTldDomains = ["co.bb", "co.ck", "co.cr", "co.in", "co.id", "co.il", "co.jp", "co.nz", "co.za", "co.kr", "co.th", "co.uk", "org.uk", "net.uk", "com.pl", "biz.pl", "net.pl"];
AWIN.Tracking.fingerprinting = function(d9Data) {
    var mtfp = AWIN.Tracking.getQueryVarValue('mtfp', document.location.search.substring(1));
    if (AWIN.Tracking.device9 && mtfp != 'no') {
        window.D9v = d9Data;
        var D9scr = document.createElement('script');
        D9scr.type = 'text/javascript';
        D9scr.id = 'd9tag';
        D9scr.async = true;
        D9scr.src = AWIN.Tracking.device9Url;
        var D9 = document.getElementsByTagName('script')[0];
        D9.parentNode.insertBefore(D9scr, D9)
    }
};
AWIN.Tracking.digestClickId = function(sClickId) {
    var oRegEx = /\d+_\d+_.+/;
    if (!oRegEx.test(sClickId)) {
        return false
    }
    var aParts = sClickId.split('_');
    var oCookie = {};
    oCookie.sName = '_aw_m_' + aParts[0];
    oCookie.sContents = sClickId;
    return oCookie
};
AWIN.Tracking.getQueryVarValue = function(sVarName, sEncodedString) {
    var aVarPairs = sEncodedString.split('&');
    for (var i = 0; i < aVarPairs.length; i++) {
        var aParts = aVarPairs[i].split('=');
        if (sVarName.toLowerCase() == aParts[0].toLowerCase()) {
            return aParts[1]
        }
    }
};
AWIN.Tracking.getAnchorValue = function(regPattern) {
    var sAnchor = document.location.hash.substring(1);
    if (sAnchor) {
        aid = sAnchor.match(regPattern);
        return (aid) ? aid.toString().substr(4) : null
    }
};
AWIN.Tracking.buildQueryString = function(params) {
    var bits = [];
    for (name in params) {
        if (params.hasOwnProperty(name)) {
            bits.push(name + "=" + encodeURIComponent(params[name]))
        }
    }
    return bits.join("&")
};
AWIN.Tracking._getDomain = function() {
    return document.domain
};
AWIN.Tracking._getCookieDomain = function() {
    if (typeof(AWIN.Tracking.cookieDomain) !== 'undefined') {
        return AWIN.Tracking.cookieDomain
    }
    var domain = AWIN.Tracking._getDomain();
    if (domain.split('.').length < 3) {
        return "." + domain
    }
    var twoPartTld = domain.split('.').slice(-2).join('.');
    var index = AWIN.twoPartsTldDomains.indexOf(twoPartTld);
    if (index >= 0) {
        return "." + domain.split('.').slice(-3).join('.')
    }
    var tld = domain.split('.').pop();
    var index = AWIN.tldDomains.indexOf(tld);
    if (index >= 0) {
        return "." + domain.split('.').slice(-2).join('.')
    }
    if (domain.substr(0, 4) == 'www.') {
        return domain.substr(3)
    }
    return "." + domain
};
AWIN.Tracking._getAWCValue = function() {
    var regex = /[\?&]awc=(\d+_(\d+)_[0-9a-f]+)/gi;
    var result, maxTimestamp = 0,
        awc = false;
    while (result = regex.exec(AWIN.Tracking._getBrowserSearchBarUrl())) {
        if (maxTimestamp < result[2]) {
            maxTimestamp = result[2];
            awc = result[1]
        }
    }
    return awc || AWIN.Tracking.getAnchorValue(/awc=[0-9a-z_]+/i)
};
AWIN.Tracking._getAWaidValue = function() {
    var regex = /[\?&]awaid=(\d+)/gi;
    var result = regex.exec(AWIN.Tracking._getBrowserSearchBarUrl());
    var awaid = null;
    if (result) {
        awaid = result[1]
    }
    return awaid
};
AWIN.Tracking._getGCLIDValue = function() {
    var regex = /[\?&]gclid=([0-9a-zA-Z_\-]+)/gi;
    var result = regex.exec(AWIN.Tracking._getBrowserSearchBarUrl());
    var gclid = null;
    if (result) {
        gclid = result[1]
    }
    return gclid
};
AWIN.Tracking._getBrowserSearchBarUrl = function() {
    return document.location.search
};
AWIN.Tracking._getATPValue = function() {
    var queryAtp = AWIN.Tracking.getQueryVarValue('atp', document.location.search.substring(1));
    if (queryAtp) {
        return parseInt(queryAtp)
    }
    var anchorAtp = AWIN.Tracking.getAnchorValue(/atp=[0-9]+/i);
    if (anchorAtp) {
        return parseInt(parseanchorAtp)
    }
    return 0
};
AWIN.Tracking.setCookie = function(sName, sValue, iTimestamp) {
    var oDate = new Date();
    oDate.setTime(oDate.getTime() + (365 * 24 * 60 * 60 * 1000));
    if (iTimestamp) {
        oDate.setTime(iTimestamp * 1000)
    }
    var sExpires = '; expires=' + oDate.toGMTString();
    document.cookie = sName + '=' + sValue + sExpires + '; path=/;domain=' + this._getCookieDomain()
};
AWIN.Tracking.setAWCCookie = function() {
    var sClickId = AWIN.Tracking._getAWCValue();
    var oRegEx = /\d+_\d+_.+/;
    if (!oRegEx.test(sClickId)) {
        return false
    }
    var aParts = sClickId.split('_');
    var sName = '_aw_m_' + aParts[0];
    AWIN.Tracking.setCookie(sName, sClickId);
    if (AWIN.Tracking._getATPValue() > 0) {
        AWIN.Tracking.setCookie('_aw_atp', AWIN.Tracking._getATPValue())
    }
};
AWIN.Tracking.setGCLIDCookie = function() {
    var sClickId = AWIN.Tracking._getGCLIDValue();
    var sAdvertiserId = AWIN.Tracking._getAWaidValue();
    if (sClickId === null || sAdvertiserId === null) {
        return false
    }
    AWIN.Tracking.setCookie('_aw_m_' + sAdvertiserId, 'gclid_' + sAdvertiserId + '_' + sClickId);
    return true
};
AWIN.Tracking.setAidCookie = function() {
    var aid = AWIN.Tracking.getQueryVarValue('xid', document.location.search.substring(1));
    if (!aid) {
        aid = AWIN.Tracking.getAnchorValue(/xid=\d+/)
    }
    if (aid) AWIN.Tracking.setCookie('_aw_xid', aid)
};
AWIN.Tracking.getAffiliateId = function() {
    return AWIN.Tracking.getCookiesAsString(/_aw_xid/)
};
AWIN.Tracking.getSaleChannel = function() {
    if (typeof(AWIN.Tracking.Sale.channel) !== 'undefined') {
        return AWIN.Tracking.Sale.channel
    }
    return ''
};
AWIN.Tracking.cookiesWereSpecifiedByMerchant = function() {
    if (AWIN.Tracking.Sale && AWIN.Tracking.Sale.click) {
        var awcRegex = /\d+_\d+_.+/;
        if (awcRegex.test(AWIN.Tracking.Sale.click)) {
            return true
        }
    }
    return false
};
AWIN.Tracking.getCookiesAsString = function(oRegEx) {
    if (!oRegEx) {
        oRegEx = /_aw_m_\d+/
    }
    var aAwCookies = [];
    var aCookies = document.cookie.split(';');
    for (var i = 0; i < aCookies.length; i++) {
        var aParts = aCookies[i].split('=');
        if (oRegEx.test(aParts[0])) {
            aAwCookies.push(aParts[1])
        }
    }
    var sCookiesString = aAwCookies.toString().replace(' ', '');
    return sCookiesString
};
AWIN.Tracking.getScriptAppendNode = function() {
    var domNodes = ['body', 'head', 'html'];
    for (var i in domNodes) {
        if (document.getElementsByTagName(domNodes[i])[0]) {
            return document.getElementsByTagName(domNodes[i])[0]
        }
    }
};
AWIN.Tracking.frameAppend = function(sFrameSrc) {
    if (document.getElementsByTagName("body")[0]) {
        var iframe = document.createElement("iframe");
        iframe.src = sFrameSrc;
        document.getElementsByTagName("body")[0].appendChild(iframe);
        AWIN.Tracking.hideElement(iframe)
    }
};
AWIN.Tracking.pixelAppend = function(sImageSrc) {
    if (document.getElementsByTagName("body")[0]) {
        var image = document.createElement("img");
        image.src = sImageSrc;
        document.getElementsByTagName("body")[0].appendChild(image);
        AWIN.Tracking.hideElement(image)
    }
};
AWIN.Tracking.scriptAppend = function(sScriptSrc, sScriptContent, sScriptOnLoad, oScriptTagParams) {
    if (sScriptSrc && sScriptContent) {
        return false
    }
    var scriptNode = document.createElement('script');
    scriptNode.type = 'text/javascript';
    scriptNode.id = '_aw_script_' + AWIN.iScriptCount++;
    if (sScriptSrc) {
        scriptNode.src = sScriptSrc
    } else if (sScriptContent) {
        scriptNode.text = sScriptContent
    }
    if (oScriptTagParams) {
        for (name in oScriptTagParams) {
            scriptNode[name] = oScriptTagParams[name]
        }
    }
    if (sScriptOnLoad) {
        scriptNode.onreadystatechange = function() {
            if (scriptNode.readyState == 'complete' || scriptNode.readyState == 'loaded') {
                eval(sScriptOnLoad)
            }
        };
        scriptNode.onload = function() {
            eval(sScriptOnLoad)
        }
    }
    AWIN.Tracking.getScriptAppendNode().appendChild(scriptNode);
    return scriptNode
};
AWIN.scriptsLoader = function(aScripts) {
    aScripts_loop: for (var i = 0; i < aScripts.length; i++) {
        var oScript = aScripts[i];
        for (var j = 0; j < oScript.aRequiredVars.length; j++) {
            try {
                if (typeof(eval(oScript.aRequiredVars[j])) == 'undefined') {
                    throw new Error()
                }
            } catch (oError) {
                continue aScripts_loop
            }
        }
        if (oScript.sUrl) {
            AWIN.Tracking.scriptAppend(oScript.sUrl)
        } else if (oScript.sContents) {
            AWIN.Tracking.scriptAppend(null, oScript.sContents)
        }
    }
};
AWIN.Tracking.saleSubmit = function() {
    if (AWIN.Tracking.iMerchantId < 1) {
        return false
    }
    AWIN.Tracking.Sale.currency = (typeof AWIN.Tracking.Sale.currency != "undefined") ? AWIN.Tracking.Sale.currency : "";
    AWIN.Tracking.Sale.test = (typeof AWIN.Tracking.Sale.test != "undefined") ? AWIN.Tracking.Sale.test : "0";
    AWIN.Tracking.Sale.voucher = (typeof AWIN.Tracking.Sale.voucher != "undefined") ? AWIN.Tracking.Sale.voucher : "";
    AWIN.Tracking.scriptAppend(AWIN.Tracking.buildSaleUrl('js'));
    AWIN.Tracking.BasketImage = new Image(1, 1);
    AWIN.Tracking.BasketImage.src = AWIN.Tracking.buildSaleUrl('ia');
    if (!AWIN.Tracking.cookiesWereSpecifiedByMerchant()) {
        if (AWIN.enhancedTracking && AWIN.enhancedTracking == true && AWIN.Tracking.Sale.pvOnly != 1) {
            AWIN.Tracking.embedIframe("get")
        }
        AWIN.Tracking.fingerprinting({
            AdvID: "1062",
            OrderID: AWIN.Tracking.Sale.orderRef,
            OrderTotal: AWIN.Tracking.Sale.amount,
            SiteID: AWIN.Tracking.iMerchantId,
            TAG: 2
        })
    }
};
AWIN.Tracking.basketSubmit = function() {
    var sWhitespaceRegex = /^\s+|\s+$/g;
    var aLines = document.getElementById('aw_basket').value.split("\n");
    var aEncodedLines = new Array();
    AWIN.Tracking.BasketImages = new Array();
    for (var i = 0; i < aLines.length; i++) {
        var sLine = aLines[i].replace(sWhitespaceRegex, '');
        if (sLine.length > 0) {
            var aLinePieces = sLine.split('|');
            var sNewLine = '';
            for (var j = 0; j < aLinePieces.length; j++) {
                var sLinePiece = aLinePieces[j].replace(sWhitespaceRegex, '');
                sNewLine += sLinePiece.substring(0, 255) + '|'
            }
            aEncodedLines[aEncodedLines.length] = encodeURIComponent(sNewLine.substring(0, sNewLine.length - 1))
        }
    }
    for (var i = 0; i < aEncodedLines.length; i++) {
        if (aEncodedLines[i].length > 0) {
            AWIN.Tracking.BasketImages[i] = new Image(1, 1);
            AWIN.Tracking.BasketImages[i].src = AWIN.sProtocol + 'www.zenaps.com/basket.php?product_line=' + aEncodedLines[i]
        }
    }
};
AWIN.Tracking.getBasketData = function() {
    var products = [];
    if (!document.getElementById('aw_basket')) {
        return products
    }
    var awBasket = document.getElementById('aw_basket').value.split("\n");
    for (var i = 0; i < awBasket.length; i++) {
        if (awBasket[i].length > 0) {
            var pData = awBasket[i].split('|');
            try {
                products.push({
                    "id": pData[3].replace(/^\[|\]$/gi, ''),
                    "name": pData[4].replace(/^\[|\]$/gi, ''),
                    "price": pData[5].replace(/^\[|\]$/gi, ''),
                    "quantity": pData[6].replace(/^\[|\]$/gi, ''),
                    "sku": pData[7].replace(/^\[|\]$/gi, ''),
                    "cg": pData[8].replace(/^\[|\]$/gi, ''),
                    "category": pData[9].replace(/^\[|\]$/gi, '')
                })
            } catch (e) {
                return products
            }
        }
    }
    return products
};
AWIN.Tracking.hideElement = function(element) {
    if (navigator.appName == "Microsoft Internet Explorer") {
        element.style.height = 0;
        element.style.width = 0;
        element.style.visibility = "hidden";
        element.style.display = "inherit";
        element.style.margin = 0;
        element.style.border = 0;
        element.style.padding = 0
    } else {
        element.style.setProperty("height", "0", "important");
        element.style.setProperty("width", "0", "important");
        element.style.setProperty("visibility", "hidden", "important");
        element.style.setProperty("display", "inherit", "important");
        element.style.setProperty("margin", "0", "important");
        element.style.setProperty("border", "0", "important");
        element.style.setProperty("padding", "0", "important")
    }
};
AWIN.Tracking.embedIframe = function(scenario) {
    if (scenario == "set") {
        var src = 'https://www.zenaps.com/alt.php?mid=' + AWIN.Tracking.iMerchantId + '&sv=' + AWIN.Tracking._getAWCValue();
        var atp = parseInt(AWIN.Tracking._getATPValue());
        if (atp > 0) {
            src = src + '|' + atp
        }
    } else {
        var sread = AWIN.Tracking.buildSaleUrl('et');
        var src = 'https://www.zenaps.com/alt.php' + '?mid=' + AWIN.Tracking.iMerchantId + '&gv=2' + "&l=" + escape(sread)
    }
    if (document.getElementsByTagName("body")[0]) {
        var iframe = document.createElement("iframe");
        iframe.src = src;
        iframe.height = "0";
        iframe.width = "0";
        iframe.id = "AW_ALT";
        document.getElementsByTagName("body")[0].appendChild(iframe);
        var element = document.getElementById("AW_ALT");
        AWIN.Tracking.hideElement(element)
    }
};
AWIN.Tracking.buildSaleUrl = function(tagType) {
    var fileExtension = (tagType == 'js') ? 'js' : 'php';
    var cookies = '';
    var atp = '';
    if ((tagType != 'fc') && (tagType != 'et')) {
        cookies = "&cks=" + AWIN.Tracking.sCookiesString;
        var atpId = parseInt(AWIN.Tracking.getCookiesAsString(/_aw_atp/));
        if (atpId > 0) {
            atp = '&atp=' + atpId
        }
    }
    var currentPage = escape(window.location.href);
    if (tagType == 'fc') {
        currentPage = escape(currentPage)
    }
    var pvOnly = '';
    if (AWIN.Tracking.Sale.pvOnly == 1) {
        pvOnly = "&pv=1"
    }
    var url = AWIN.sProtocol + "www.zenaps.com/sread." + fileExtension + "?" + "a=" + AWIN.Tracking.iMerchantId + "&b=" + AWIN.Tracking.Sale.amount + "&cr=" + AWIN.Tracking.Sale.currency + "&c=" + AWIN.Tracking.Sale.orderRef + "&d=" + AWIN.Tracking.Sale.parts + "&vc=" + AWIN.Tracking.Sale.voucher + "&t=" + AWIN.Tracking.Sale.test + "&ch=" + AWIN.Tracking.getSaleChannel() + cookies + "&l=" + currentPage + "&tv=" + "2" + pvOnly + atp + "&tt=" + tagType;
    if (AWIN.Tracking.Sale.custom && (AWIN.Tracking.Sale.custom instanceof Array)) {
        for (var i = 0; i < AWIN.Tracking.Sale.custom.length; i++) {
            var p = i + 1;
            url = url + "&p" + p + "=" + AWIN.Tracking.Sale.custom[i]
        }
    }
    return url
};
AWIN.Tracking.fetchZxParam = function(name) {
    var jsParam = window['zx_' + name];
    var urlParam = AWIN.Tracking.getQueryVarValue('zx_' + name, document.location.search.substring(1));
    var tag = AWIN.Tracking.getXPath('//*[@id="zx_' + name + '"]').next();
    if (tag !== null) {
        jsParam = null;
        var tagParam = tag.innerHTML
    }
    var metaTag = AWIN.Tracking.getXPath('//META[@name="zx:' + name + '"]').next();
    if (metaTag !== null) {
        var metaParam = metaTag.getAttribute('content')
    }
    return jsParam || metaParam || tagParam || urlParam
};
AWIN.Tracking.getXPath = function(expr) {
    if (document.evaluate) {
        return {
            list: document.evaluate(expr, document, null, XPathResult.ANY_TYPE, null),
            next: function() {
                return this.list.iterateNext()
            }
        }
    } else {
        return {
            next: function() {
                return null
            }
        }
    }
};
AWIN.Tracking.run = function() {
    if (AWIN.Tracking.cookiesWereSpecifiedByMerchant()) {
        AWIN.Tracking.sCookiesString = escape(AWIN.Tracking.Sale.click)
    } else {
        AWIN.Tracking.sCookiesString = escape(AWIN.Tracking.getCookiesAsString())
    }
    if (AWIN.Tracking.Sale) {
        AWIN.Tracking.saleSubmit();
        if (document.getElementById('aw_basket')) {
            AWIN.Tracking.basketSubmit()
        }
    }
    if (AWIN.Tracking.aScripts.length > 0) {
        AWIN.scriptsLoader(AWIN.Tracking.aScripts)
    }
    if (AWIN.Tracking._getAWCValue()) {
        AWIN.Tracking.setAWCCookie();
        if (AWIN.enhancedTracking && AWIN.enhancedTracking == true) {
            AWIN.Tracking.embedIframe("set")
        }
        AWIN.Tracking.fingerprinting({
            CampID: "3055",
            CCampID: AWIN.Tracking.iMerchantId,
            ImpID: AWIN.Tracking._getAWCValue(),
            TAG: 1
        })
    } else if (AWIN.Tracking._getGCLIDValue()) {
        AWIN.Tracking.setGCLIDCookie()
    } else {
        AWIN.Tracking.extendAWCookies()
    }
    AWIN.Tracking.setAidCookie()
};
AWIN.Tracking.getAWCookies = function() {
    var oRegEx = /_aw_m_\d+/;
    var oRegExAwc = /\d+_\d+_.+/;
    var aAwCookies = [];
    var aCookies = document.cookie.split(';');
    for (var i = 0; i < aCookies.length; i++) {
        var aParts = aCookies[i].split('=');
        if (oRegEx.test(aParts[0])) {
            if (!oRegExAwc.test(aParts[1])) {
                continue
            }
            aAwCookies.push(aParts)
        }
    }
    return aAwCookies
};
AWIN.Tracking.extendAWCookies = function() {
    var awCookies = AWIN.Tracking.getAWCookies();
    for (var i = 0; i < awCookies.length; i++) {
        var cookieName = awCookies[i][0];
        var cookieValue = awCookies[i][1];
        AWIN.Tracking.setCookie(cookieName, cookieValue, 1);
        var awcParts = cookieValue.split('_');
        var newCookieExpiry = 365 * 24 * 60 * 60 + parseInt(awcParts[1]);
        AWIN.Tracking.setCookie(cookieName, cookieValue, newCookieExpiry)
    }
};
AWIN.Tracking.aScripts = [];
AWIN.Tracking.iMerchantId = 8574;
AWIN.enhancedTracking = true;
AWIN.Tracking.device9 = true;
try {
    AWIN.InputIdentifiers = ["emailAddress_textboxName", "emailAddress"]
} catch (err) {}
var Sha256 = {};
Sha256.hash = function(msg, utf8encode) {
    utf8encode = (typeof utf8encode == 'undefined') ? true : utf8encode;
    if (utf8encode) msg = Utf8.encode(msg);
    var K = [0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];
    var H = [0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19];
    msg += String.fromCharCode(0x80);
    var l = msg.length / 4 + 2;
    var N = Math.ceil(l / 16);
    var M = new Array(N);
    for (var i = 0; i < N; i++) {
        M[i] = new Array(16);
        for (var j = 0; j < 16; j++) {
            M[i][j] = (msg.charCodeAt(i * 64 + j * 4) << 24) | (msg.charCodeAt(i * 64 + j * 4 + 1) << 16) | (msg.charCodeAt(i * 64 + j * 4 + 2) << 8) | (msg.charCodeAt(i * 64 + j * 4 + 3))
        }
    }
    M[N - 1][14] = ((msg.length - 1) * 8) / Math.pow(2, 32);
    M[N - 1][14] = Math.floor(M[N - 1][14]);
    M[N - 1][15] = ((msg.length - 1) * 8) & 0xffffffff;
    var W = new Array(64);
    var a, b, c, d, e, f, g, h;
    for (var i = 0; i < N; i++) {
        for (var t = 0; t < 16; t++) W[t] = M[i][t];
        for (var t = 16; t < 64; t++) W[t] = (Sha256.sigma1(W[t - 2]) + W[t - 7] + Sha256.sigma0(W[t - 15]) + W[t - 16]) & 0xffffffff;
        a = H[0];
        b = H[1];
        c = H[2];
        d = H[3];
        e = H[4];
        f = H[5];
        g = H[6];
        h = H[7];
        for (var t = 0; t < 64; t++) {
            var T1 = h + Sha256.Sigma1(e) + Sha256.Ch(e, f, g) + K[t] + W[t];
            var T2 = Sha256.Sigma0(a) + Sha256.Maj(a, b, c);
            h = g;
            g = f;
            f = e;
            e = (d + T1) & 0xffffffff;
            d = c;
            c = b;
            b = a;
            a = (T1 + T2) & 0xffffffff
        }
        H[0] = (H[0] + a) & 0xffffffff;
        H[1] = (H[1] + b) & 0xffffffff;
        H[2] = (H[2] + c) & 0xffffffff;
        H[3] = (H[3] + d) & 0xffffffff;
        H[4] = (H[4] + e) & 0xffffffff;
        H[5] = (H[5] + f) & 0xffffffff;
        H[6] = (H[6] + g) & 0xffffffff;
        H[7] = (H[7] + h) & 0xffffffff
    }
    return Sha256.toHexStr(H[0]) + Sha256.toHexStr(H[1]) + Sha256.toHexStr(H[2]) + Sha256.toHexStr(H[3]) + Sha256.toHexStr(H[4]) + Sha256.toHexStr(H[5]) + Sha256.toHexStr(H[6]) + Sha256.toHexStr(H[7])
};
Sha256.ROTR = function(n, x) {
    return (x >>> n) | (x << (32 - n))
};
Sha256.Sigma0 = function(x) {
    return Sha256.ROTR(2, x) ^ Sha256.ROTR(13, x) ^ Sha256.ROTR(22, x)
};
Sha256.Sigma1 = function(x) {
    return Sha256.ROTR(6, x) ^ Sha256.ROTR(11, x) ^ Sha256.ROTR(25, x)
};
Sha256.sigma0 = function(x) {
    return Sha256.ROTR(7, x) ^ Sha256.ROTR(18, x) ^ (x >>> 3)
};
Sha256.sigma1 = function(x) {
    return Sha256.ROTR(17, x) ^ Sha256.ROTR(19, x) ^ (x >>> 10)
};
Sha256.Ch = function(x, y, z) {
    return (x & y) ^ (~x & z)
};
Sha256.Maj = function(x, y, z) {
    return (x & y) ^ (x & z) ^ (y & z)
};
Sha256.toHexStr = function(n) {
    var s = "",
        v;
    for (var i = 7; i >= 0; i--) {
        v = (n >>> (i * 4)) & 0xf;
        s += v.toString(16)
    }
    return s
};
var Utf8 = {};
Utf8.encode = function(strUni) {
    var strUtf = strUni.replace(/[\u0080-\u07ff]/g, function(c) {
        var cc = c.charCodeAt(0);
        return String.fromCharCode(0xc0 | cc >> 6, 0x80 | cc & 0x3f)
    });
    strUtf = strUtf.replace(/[\u0800-\uffff]/g, function(c) {
        var cc = c.charCodeAt(0);
        return String.fromCharCode(0xe0 | cc >> 12, 0x80 | cc >> 6 & 0x3F, 0x80 | cc & 0x3f)
    });
    return strUtf
};
Utf8.decode = function(strUtf) {
    var strUni = strUtf.replace(/[\u00e0-\u00ef][\u0080-\u00bf][\u0080-\u00bf]/g, function(c) {
        var cc = ((c.charCodeAt(0) & 0x0f) << 12) | ((c.charCodeAt(1) & 0x3f) << 6) | (c.charCodeAt(2) & 0x3f);
        return String.fromCharCode(cc)
    });
    strUni = strUni.replace(/[\u00c0-\u00df][\u0080-\u00bf]/g, function(c) {
        var cc = (c.charCodeAt(0) & 0x1f) << 6 | c.charCodeAt(1) & 0x3f;
        return String.fromCharCode(cc)
    });
    return strUni
};
var AWIN = AWIN || {};
AWIN.InputIdentifiers = AWIN.InputIdentifiers || [];
(function($xd) {
    $xd.observedInputs = [];
    $xd.autoCompleteChecker = function(inputObject, callback) {
        var lastValue = "";
        var checkValue = function(inputObject) {
            var value = inputObject.value;
            if (value != lastValue) {
                lastValue = value;
                callback(lastValue)
            }
        };
        setTimeout(function() {
            checkValue(inputObject)
        }, 2000)
    };
    $xd.attachOnChangeInput = function(inputObject) {
        inputObject._onchange = inputObject.onchange;
        inputObject.onchange = function(event) {
            $xd.sendHash(this.value);
            if (typeof(this._onchange) === 'function') {
                this._onchange.apply(this, event)
            }
        }
    };
    $xd.isObservedInput = function(inputObject) {
        if (inputObject.type == 'email') {
            return true
        }
        if (inputObject.type != 'email' && inputObject.type != 'text') {
            return false
        }
        if (AWIN.InputIdentifiers.length > 0) {
            var foundById = (AWIN.InputIdentifiers.indexOf(inputObject.id) != -1);
            var foundByName = (AWIN.InputIdentifiers.indexOf(inputObject.name) != -1);
            return (foundById || foundByName)
        }
        return false
    };
    $xd.attachToInputs = function() {
        var inputs = document.getElementsByTagName('INPUT');
        for (var i = 0; i < inputs.length; i++) {
            var input = inputs[i];
            if (!$xd.isObservedInput(input)) {
                continue
            }
            $xd.autoCompleteChecker(input, $xd.sendHash);
            $xd.attachOnChangeInput(input);
            if (input.value != '') {
                $xd.sendHash(input.value)
            }
        }
    };
    $xd.isEmailAddress = function(emailAddress) {
        var emailPattern = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
        return emailPattern.test(emailAddress)
    };
    $xd.sendHash = function(emailAddress) {
        if (!$xd.isEmailAddress(emailAddress) || $xd.hasInputBeenObserved(emailAddress)) {
            return
        }
        var emailAddress = emailAddress.toLowerCase();
        var salt = 'QX4QkKEU';
        var hash = Sha256.hash(emailAddress + salt);
        $xd.pixelCall(hash)
    };
    $xd.hasInputBeenObserved = function(input) {
        if (typeof($xd.observedInputs) === 'undefined') {
            $xd.observedInputs = []
        }
        for (var i = 0; i < $xd.observedInputs.length; i++) {
            if ($xd.observedInputs[i] == input) {
                return true
            }
        }
        $xd.observedInputs[$xd.observedInputs.length] = input;
        return false
    };
    $xd.pixelCall = function(emailHash) {
        var merchantId = AWIN.Tracking.iMerchantId;
        var pixel = new Image(1, 1);
        pixel.src = 'https://www.zenaps.com/a/b.php?merchantId=' + merchantId + '&hash=' + emailHash
    };
    $xd.openIframe = function() {
        if (!document.getElementsByTagName('body')[0] || document.getElementById('AWIN_CDT')) {
            return
        }
        var iframe = document.createElement('iframe');
        iframe.id = 'AWIN_CDT';
        if (typeof(iframe.attachEvent) !== 'undefined') {
            iframe.attachEvent('onload', $xd.attachToInputs)
        } else {
            iframe.onload = $xd.attachToInputs
        }
        iframe.src = 'about:blank';
        document.getElementsByTagName('body')[0].appendChild(iframe);
        var element = document.getElementById('AWIN_CDT');
        AWIN.Tracking.hideElement(element)
    };
    $xd.run = function() {
        $xd.openIframe()
    }
})(AWIN.CrossDeviceTracking = {});
AWIN.CrossDeviceTracking.run();
if (!Array.prototype.indexOf) {
    Array.prototype.indexOf = function(searchElement, fromIndex) {
        var k;
        if (this == null) {
            throw new TypeError('"this" is null or not defined')
        }
        var O = Object(this);
        var len = O.length >>> 0;
        if (len === 0) {
            return -1
        }
        var n = +fromIndex || 0;
        if (Math.abs(n) === Infinity) {
            n = 0
        }
        if (n >= len) {
            return -1
        }
        k = Math.max(n >= 0 ? n : len - Math.abs(n), 0);
        while (k < len) {
            if (k in O && O[k] === searchElement) {
                return k
            }
            k++
        }
        return -1
    }
}
if (AWIN.Tracking.getQueryVarValue('awin_tntc', document.location.search.substring(1)) == 'yes') {
    AWIN.enhancedTracking = true
}
AWIN.Tracking.run();
                                    

#7 JavaScript::Eval (size: 278, repeated: 1) - SHA256: d486296c7d68fd85335b8b1f56a88a05c5c4c8644260b97441a5335360507a92

                                        (function() {
    try {
        var c = google_tag_manager["GTM-MHW4QGN"].macro(7),
            b = -1 < c.indexOf("@") ? !0 : !1;
        if (!b)
            for (var d = RegExp("(?:\x26|\\?)(?:username|password)\x3d([^\x26]+)", "gi"), a; a = d.exec(c);) a.shift(), a.forEach(function(a) {
                b = b || "unauthenticated" !== a
            });
        return b
    } catch (e) {
        return !0
    }
})();
                                    

#8 JavaScript::Eval (size: 21, repeated: 1) - SHA256: 4889753e95ccdb34497a0faa8c627bb9f79a6911df69c28c4a9026867d7b8038

                                        delete obj.DeviceYDPI
                                    

#9 JavaScript::Eval (size: 24, repeated: 1) - SHA256: c305f420288c47aa66df970a6c243b77777903eebedd59b9f67b1ece1ab023da

                                        delete obj.FontSmoothing
                                    

#10 JavaScript::Eval (size: 164, repeated: 1) - SHA256: 3e85b10dea0211764e6559fda072cf2ab72078a1a6fc85679aa4564bc1ebb92a

                                        (function() {
    var a = google_tag_manager["GTM-MHW4QGN"].macro(5),
        b = google_tag_manager["GTM-MHW4QGN"].macro(6);
    return "(not set)" !== a ? a : "(not set)" !== b ? b : "(not set)"
})();
                                    

#11 JavaScript::Eval (size: 166, repeated: 1) - SHA256: 40c3a41b961d9658d37512b418c545b8957c055af5bbe0026fb353dd37f727e8

                                        (function() {
    var a = google_tag_manager["GTM-MHW4QGN"].macro(12),
        b = google_tag_manager["GTM-MHW4QGN"].macro(13);
    return "(not set)" !== a ? a : "(not set)" !== b ? b : "(not set)"
})();
                                    

#12 JavaScript::Eval (size: 22, repeated: 1) - SHA256: 08ddcec698d66136eac2c37762bef065b2835fe8ea347aac65137e6acf22051e

                                        delete obj.BufferDepth
                                    

#13 JavaScript::Eval (size: 279, repeated: 1) - SHA256: 342cc3ae12662bfc68a421103e6c0b5374dce867d9a9ab23227e9955a50e815e

                                        (function() {
    try {
        var c = google_tag_manager["GTM-MHW4QGN"].macro(14),
            b = -1 < c.indexOf("@") ? !0 : !1;
        if (!b)
            for (var d = RegExp("(?:\x26|\\?)(?:username|password)\x3d([^\x26]+)", "gi"), a; a = d.exec(c);) a.shift(), a.forEach(function(a) {
                b = b || "unauthenticated" !== a
            });
        return b
    } catch (e) {
        return !0
    }
})();
                                    

#14 JavaScript::Eval (size: 23, repeated: 1) - SHA256: a43996c7c354c4b5bf038ea622f19cc05a9f1a50f2212217d6f69a16080d9ca5

                                        delete obj.userLanguage
                                    

Executed Writes (3)

#1 JavaScript::Write (size: 99, repeated: 1) - SHA256: 0fb4f882492415ec728b21ee6c9ac60da94a0ebc97485e8e1bfca95daf148d1e

                                        < script src = "/webfiles/1580357904717/media/theme/ics-nl/js/3rdparty/jquery-1.12.0.min.js" > < /script>
                                    

#2 JavaScript::Write (size: 173, repeated: 1) - SHA256: c4b15ac3cff1c3868b0bfd208bad6aca0a7556104b82673a8b5394489a2373fb

                                        < head > < /head><body onload="var d=document;d.getElementsByTagName('head')[0].appendChild(d.createElement('script')).src='https:/ / w.usabilla.com / a1d53d1e874a.js ? lv = 1 '"></body>
                                    

#3 JavaScript::Write (size: 500, repeated: 1) - SHA256: 16a07ce7e4b9037ecb137627727c5f7557f1ff6ad1f7ed3778ecfc3add9891b5

                                        < !DOCTYPE html >
    < html lang = "nl-NL#U" >
    < base href = "https://d6tizftlrpuof.cloudfront.net/live/" > < /base> < title > Usabilla Feedback Button < /title> < style type = 'text/css'
nonce = 'a1d53d1e874a' >
    body {
        background: transparent;padding: 0;margin: 0;text - align: left;
    }
img {
    cursor: pointer;display: block;margin: 0 auto;
} < /style> < body >
    < img src = 'https://d6tizftlrpuof.cloudfront.net/themes/production/icsnederland-button-7ef629548db47bacfbb18b3383223f61.png'
width = '40'
height = '130' / >
    < /body> < /html>
                                    


HTTP Transactions (91)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 20:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7fjADI1jQRTbYNytBv1LEtAwf5-s-0jD_gDYT7cEd2-4g6Tv1hL0Rg==
Age: 3583


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8455
Expires: Wed, 28 Sep 2022 23:36:17 GMT
Date: Wed, 28 Sep 2022 21:15:22 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: RWsW2REGuoGs5aRoe4WrwavhDJfM9CPbFuVqMgLP-e6ZmaxZYWuTaQ==
age: 56816
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DADCF12491200A906FD59A0CCEBE418B87CA8E8C575DC8B1C44C950EC986E3B8"
Last-Modified: Mon, 26 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17637
Expires: Thu, 29 Sep 2022 02:09:19 GMT
Date: Wed, 28 Sep 2022 21:15:22 GMT
Connection: keep-alive

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:22 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css/common.css HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 4280
last-modified: Sat, 25 Apr 2020 18:33:06 GMT
etag: "5ea48262-10b8"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   4280
Md5:    b5716cfd982f026c2e91f00908102723
Sha1:   2f4c734e896654f2a4bccf345064a77e1fb00f2c
Sha256: f9988bf0b2d14d0b2358ec1ad3d7ac61ca59d0577e0ceebd0d5b518f0677f1a8
                                        
                                            GET /css/m/goto/main.css?1589256369 HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 1276
last-modified: Tue, 12 May 2020 04:06:09 GMT
etag: "5eba20b1-4fc"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1276
Md5:    396355267af70f148083ad2941962a8d
Sha1:   33ff3f1f6c828cb6649db63a00cd185309b1ee59
Sha256: 1886b8da4ba47f7ac5b40aeb8cf4f8dbe423e35661ab6d7e65963b2025b799f7
                                        
                                            GET /gtag/js?id=UA-521618-19 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 21:15:23 GMT
expires: Wed, 28 Sep 2022 21:15:23 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42398
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2039)
Size:   42398
Md5:    8045160169124cf79e185a77938d2fb5
Sha1:   8012a000eb38e955634607ff5e19a40161abd755
Sha256: d13833c67a72633a9d566f883b62c117c14307b1f97e31dd4501c4c6aa3cc392
                                        
                                            GET /js/clipboard.min.js HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 10754
last-modified: Wed, 17 Jul 2019 22:17:59 GMT
etag: "5d2f9e97-2a02"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (10645)
Size:   10754
Md5:    f06c52bfddb458ad87349acf9fac06c5
Sha1:   ee60ca5ba9401456105ef703a98092369b579c80
Sha256: 1626706afc88d95ebe1173b553ec732c6dc82a576989315fdf5e7779af738a44
                                        
                                            GET /js/common.js?1589256369 HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 36
last-modified: Tue, 12 May 2020 04:06:09 GMT
etag: "5eba20b1-24"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   36
Md5:    cadc7dab077a41ce763dac55257ed504
Sha1:   e14fcdddad9b09d7e3c9b7525df6080212489eb2
Sha256: 10ca9d07667cb8049fdae6e78df01fc91b9e06e0817dec01eed87e7458d95118
                                        
                                            GET /js/m/goto/main.js?1589256369 HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 2533
last-modified: Tue, 12 May 2020 04:06:09 GMT
etag: "5eba20b1-9e5"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2533
Md5:    3e0a9bdedf4103f91a2a6d0798c38c76
Sha1:   51f267a290e1551d90dcc1482f93b1a26baafb23
Sha256: f3619bf6fa90df37c0f0b12aa58e6c122e717fe3374112f835c3ee914cdf8bd5
                                        
                                            GET /js/tz.js?1564082453 HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 240
last-modified: Thu, 25 Jul 2019 19:20:53 GMT
etag: "5d3a0115-f0"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   240
Md5:    b0018c2b47fb1b137b0a34039b675c4c
Sha1:   cb63d3a081f27a5bc3dcaf3bc045d99ef12b94c7
Sha256: 4f0fb9a432e3ce0ef79380924aab90a05dd30ecce144c1a4aa08a34475baaffd
                                        
                                            GET /css/bootstrap.min.css HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:22 GMT
content-length: 159515
last-modified: Mon, 06 Apr 2020 19:51:55 GMT
etag: "5e8b885b-26f1b"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65324)
Size:   159515
Md5:    7cc40c199d128af6b01e74a28c5900b0
Sha1:   d305110fb79113a961394b433d851a3410342b8c
Sha256: 2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
                                        
                                            GET /css/fontawesome.all.min.css HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 83333
last-modified: Thu, 29 Aug 2019 10:20:12 GMT
etag: "5d67a6dc-14585"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65394)
Size:   83333
Md5:    358599a14d84b8f68a4d5705f9a2bb3b
Sha1:   c1f8509e7cab8b77560af1f6f43d7a72bb3c24f7
Sha256: 8aef1a2a68308674aef9d36580ed2a75564f7f13b17b255f24eac6262a526e96
                                        
                                            GET /js/jquery-3.4.1.min.js HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 88145
last-modified: Wed, 17 Jul 2019 22:17:59 GMT
etag: "5d2f9e97-15851"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   88145
Md5:    220afd743d9e9643852e31a135a9f3ae
Sha1:   88523924351bac0b5d560fe0c5781e2556e7693d
Sha256: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
                                        
                                            GET /js/bootstrap.bundle.min.js HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 80698
last-modified: Mon, 06 Apr 2020 19:51:55 GMT
etag: "5e8b885b-13b3a"
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65297)
Size:   80698
Md5:    a5334e475209f965b4862f3bedf32618
Sha1:   fac45259046dd90b16d251739108002d67a00b54
Sha256: 394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 20:29:34 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 21:10:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uNZWVvERy5wL-EtqOtSFf6G2w-wICGoBD6BoHDIhw1ZCpbvRnyAUug==
Age: 2750


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/j1Nfvz
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 153
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   153
Md5:    3a7eadf2966cc0a3f0100a308c27876e
Sha1:   b8831bedc61af9302ee01a565fbdc0fed8e964ff
Sha256: a5375e8dbc1363a877ef488044177bd7e7dd25fa95b318fa32de36223786b7ac
                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:15:23 GMT
Content-Length: 939
Connection: keep-alive
Expires: Sun, 02 Oct 2022 19:01:13 GMT
ETag: "959e0d741aab60b65cb17ae1cb6736342d574fe4"
Last-Modified: Wed, 28 Sep 2022 19:01:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2236
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 751f7e7f8f57b51b-OSL

                                        
                                            POST /private/tz/?0.4717430741901931 HTTP/1.1 
Host: api.hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 4
Origin: https://hm.ru
Connection: keep-alive
Referer: https://hm.ru/
Cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:23 GMT
content-length: 72
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: https://hm.ru
access-control-allow-credentials: true
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   72
Md5:    df0c9726c3835cdec5b6ed6e8ad3a465
Sha1:   8b33dee939447b057f7c464b8cfd59ad186164e0
Sha256: d5850eab2954f46abb651c524ff86a2d82abfda49c9cc01540d646df9f9bc556
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Wed, 28 Sep 2022 20:41:09 GMT
expires: Wed, 28 Sep 2022 22:41:09 GMT
cache-control: public, max-age=7200
age: 2054
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2100
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:15:23 GMT
Last-Modified: Wed, 28 Sep 2022 20:40:23 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 72341
date: Wed, 28 Sep 2022 21:15:23 GMT
access-control-allow-origin: *
etag: "63344141-11a95"
expires: Wed, 28 Sep 2022 22:15:23 GMT
last-modified: Wed, 28 Sep 2022 15:42:41 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Size:   72341
Md5:    7a68c8644032413981e4ba5bc0d66c4a
Sha1:   2d46ca8055e8577ae7138140e34a6e633434973c
Sha256: e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ppWDBtr4mIg05dKF9QBw3w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         44.238.3.246
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CEs53pBtJIMjOefbbCri+6Cle9M=

                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 28 Sep 2022 21:15:23 GMT
access-control-allow-origin: *
etag: "63344141-2b"
expires: Wed, 28 Sep 2022 22:15:23 GMT
accept-ranges: bytes
last-modified: Wed, 28 Sep 2022 15:42:41 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /watch/51501257?wmode=7&page-url=https%3A%2F%2Fhm.ru%2Fj1Nfvz&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A1075%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A29291234959%3Ahid%3A59372127%3Az%3A0%3Ai%3A20220928211521%3Aet%3A1664399721%3Ac%3A1%3Arn%3A623782887%3Arqn%3A1%3Au%3A1664399721355822264%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A33%2C335%2C111%2C0%2C-5%2C0%2C%2C451%2C3%2C%2C%2C%2C1057%3Ans%3A1664399719636%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664399721%3At%3AHyper%20Magic&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hm.ru
Connection: keep-alive
Referer: https://hm.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 302 Found
                                        
location: /watch/51501257/1?wmode=7&page-url=https%3A%2F%2Fhm.ru%2Fj1Nfvz&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A1075%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A29291234959%3Ahid%3A59372127%3Az%3A0%3Ai%3A20220928211521%3Aet%3A1664399721%3Ac%3A1%3Arn%3A623782887%3Arqn%3A1%3Au%3A1664399721355822264%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A33%2C335%2C111%2C0%2C-5%2C0%2C%2C451%2C3%2C%2C%2C%2C1057%3Ans%3A1664399719636%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1664399721%3At%3AHyper%20Magic&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 28 Sep 2022 21:15:23 GMT
access-control-allow-origin: https://hm.ru
set-cookie: yandexuid=8003179751664399723; Expires=Thu, 28-Sep-2023 21:15:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yuidss=8003179751664399723; Expires=Thu, 28-Sep-2023 21:15:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yabs-sid=1636552851664399723; Path=/; SameSite=None; Secure i=LUFzIfc7drGeYpSRuKz5gyohaDp1hS9yrgj0fs3B5ad9tq5MJLRifkxAAUmn1slkrPBBkHGTBPxgHZ5HIIO6DRepuhU=; Expires=Sat, 25-Sep-2032 21:15:22 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None ymex=1695935723.yrts.1664399723#1695935723.yrtsi.1664399723; Expires=Thu, 28-Sep-2023 21:15:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 21:15:23 GMT
last-modified: Wed, 28-Sep-2022 21:15:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Size:   419
Md5:    550acd0ba5f8a9d0ea4246e1a2d24d44
Sha1:   314d148dc7daf80c254da2cf00b204453169427c
Sha256: 0896727dad847cbacb8ad7844f753c44faa30d29e2b62dfaee34ae584066ca26
                                        
                                            POST /webvisor/51501257?wmode=0&wv-part=1&wv-hit=59372127&page-url=https%3A%2F%2Fhm.ru%2Fj1Nfvz&rn=231166937&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1664399722%3Aw%3A1280x939%3Av%3A904%3Az%3A0%3Ai%3A20220928211521%3Au%3A1664399721355822264%3Avf%3Aat6op7b9z7b01ildsv2t4%3Awe%3A1%3Ast%3A1664399722&t=gdpr(14)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 3933
Origin: https://hm.ru
Connection: keep-alive
Referer: https://hm.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         77.88.21.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Wed, 28 Sep 2022 21:15:24 GMT
access-control-allow-origin: https://hm.ru
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 28-Sep-2022 21:15:24 GMT
last-modified: Wed, 28-Sep-2022 21:15:24 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /s/gts1p5/oAvXwWp5rds HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:15:24 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /static/media/main_banner_x1.9d8b8661.webp HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
content-length: 5316
last-modified: Sat, 10 Sep 2022 19:21:45 GMT
etag: "631ce3c9-14c4"
expires: Sun, 10 Sep 2023 19:23:30 GMT
cache-control: max-age=31536000, public
vary: Accept-Encoding
pragma: public
cf-cache-status: HIT
age: 1561761
accept-ranges: bytes
server: cloudflare
cf-ray: 751f7e86ab640b3d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   5316
Md5:    751806607e69ff2bc78999bd1527ef67
Sha1:   9c0802aac222c51ef0b0959aba1cac44836e493e
Sha256: c8ef04e40e81cdb9d3122c62fbed2e44c6b9ac20ae79210fdf93e65536f54816
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:15:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qrfy.com
Connection: keep-alive
Referer: https://qrfy.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:10:21 GMT
expires: Wed, 27 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 101103
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size:   23580
Md5:    e1b3b5908c9cf23dfb2b9c52b9a023ab
Sha1:   fcd4136085f2a03481d9958cc6793a5ed98e714c
Sha256: 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
                                        
                                            GET /home-styles.css HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=4374
etag: W/"631ce392-1116"
expires: Sun, 10 Sep 2023 19:23:28 GMT
last-modified: Sat, 10 Sep 2022 19:20:50 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 1561760
server: cloudflare
cf-ray: 751f7e86ab660b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3559), with no line terminators
Size:   1515
Md5:    8fab0f3fd78b08a6ea72d99bcc01e082
Sha1:   5af6d8b9aa72cc3a001afbcc935853c8dafbf9ec
Sha256: 886ae011d09575a9a9e9c266cb93c35ac9b1dfc39479f6acf9322737bb305f9b
                                        
                                            POST /api/event HTTP/1.1 
Host: analytics.qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 94
Origin: https://qrfy.com
Connection: keep-alive
Referer: https://qrfy.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 202 Accepted
content-type: text/plain; charset=utf-8
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
x-request-id: Fxkiu0B1NA717qsPm0MB
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 751f7e88ad6c0b3d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
                                        
                                            GET /favicon-16x16.png HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
content-length: 176
cache-control: max-age=31536000, public
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=328
content-disposition: inline; filename="favicon-16x16.webp"
etag: "631ce392-148"
expires: Sun, 10 Sep 2023 19:23:28 GMT
last-modified: Sat, 10 Sep 2022 19:20:50 GMT
pragma: public
vary: Accept
cf-cache-status: HIT
age: 1428457
accept-ranges: bytes
server: cloudflare
cf-ray: 751f7e890dc20b3d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   176
Md5:    02cf72b35cbcf527c4fd71284c23a999
Sha1:   97d7c0564e4ded397577cb0acea110d3d6bf94fd
Sha256: b7e796fd17632e8aef01bd7fd7c15f7eb73149ab6e07596ed6795bf42a9211c5
                                        
                                            GET /android-chrome-512x512.png HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
content-length: 1902
cache-control: max-age=31536000, public
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=13901
content-disposition: inline; filename="android-chrome-512x512.webp"
etag: "631ce392-364d"
expires: Sun, 10 Sep 2023 19:23:28 GMT
last-modified: Sat, 10 Sep 2022 19:20:50 GMT
pragma: public
vary: Accept
cf-cache-status: HIT
age: 1480732
accept-ranges: bytes
server: cloudflare
cf-ray: 751f7e890dc10b3d-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   1902
Md5:    f3dbc32df86d36a3ca28b42c5ecb9460
Sha1:   42e7ef4277096ea35c6380436918c39a4ea7cd3a
Sha256: 257d3fce3e98fa27ea980be117811fbaa67bc1f44abca6e7ad93bc1f736e6bbb
                                        
                                            POST /api/qr/uri/ysMTUkz HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 2
Origin: https://qrfy.com
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
date: Wed, 28 Sep 2022 21:15:25 GMT
cf-ray: 751f7e894dfa0b3d-OSL
access-control-allow-origin: https://qrfy.com
cache-control: public, max-age=3600
etag: W/"300-7bDGXwj6cFNGVUZ/sYD+We3kkZo"
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
x-country: NO
x-powered-by: Express
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (768), with no line terminators
Size:   902
Md5:    430726c01931b5ab9fb63369082daca1
Sha1:   34eda8108d84e5557ec455ef24e12c296cbd400e
Sha256: 555d6d1897b647b51960a1890d2bcacb6786a353c728433b2b7985436b23ef3f
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4778
Expires: Wed, 28 Sep 2022 22:35:03 GMT
Date: Wed, 28 Sep 2022 21:15:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4778
Expires: Wed, 28 Sep 2022 22:35:03 GMT
Date: Wed, 28 Sep 2022 21:15:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4778
Expires: Wed, 28 Sep 2022 22:35:03 GMT
Date: Wed, 28 Sep 2022 21:15:25 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4778
Expires: Wed, 28 Sep 2022 22:35:03 GMT
Date: Wed, 28 Sep 2022 21:15:25 GMT
Connection: keep-alive

                                        
                                            GET /static/js/25.9de2ee9c.chunk.js HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 28 Sep 2022 21:15:25 GMT
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=16464
etag: W/"632cb918-4050"
expires: Fri, 22 Sep 2023 19:35:56 GMT
last-modified: Thu, 22 Sep 2022 19:35:52 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 523148
server: cloudflare
cf-ray: 751f7e895e0e0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (16418), with no line terminators
Size:   19210
Md5:    06fdda8380cf488fbc16a51a0a92cf55
Sha1:   3f2855a69730e5a7361b73d3257cdf9b9a7cc39b
Sha256: 3cc5f1b44796cecae1a173517e2d8e50f94c6e97094ae8b094eabd7bf527313f
                                        
                                            GET /static/js/9.f2415bfd.chunk.js HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=591535
etag: W/"633318d8-906af"
expires: Wed, 27 Sep 2023 15:38:04 GMT
last-modified: Tue, 27 Sep 2022 15:38:00 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 105919
server: cloudflare
cf-ray: 751f7e86cb760b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   283193
Md5:    c1cb63b94d3ff1f6f1453307cd09ddc5
Sha1:   efe62bdff7b6e6c51c0b4a9e064f2b7817b4dffd
Sha256: a69c373333ea473e6a6570900b02c7ad1374fc21d74c3c9d344b8c2423ffa829
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 84407
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12016
Md5:    4b794c6812cb546de0295e087ebe66a7
Sha1:   a54803cca7d3c509c195f65961e1110c8ec56f55
Sha256: 6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
                                        
                                            GET /static/js/pdf.worker.entry.8bb6124f.worker.js HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 28 Sep 2022 21:15:25 GMT
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=683421
etag: W/"631ce3c9-a6d9d"
expires: Sun, 10 Sep 2023 19:23:30 GMT
last-modified: Sat, 10 Sep 2022 19:21:45 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 1561760
server: cloudflare
cf-ray: 751f7e896e1e0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   204156
Md5:    96cf9b4f990db782b08ff3be64cdced7
Sha1:   03a1221bb0352270afaddab3825f657710c182cb
Sha256: 4e82df86f9c53c7f35fb31c54aed7e7b97028adc3f9d91dc611e5e2c0960108a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 84562
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14464
Md5:    aa5cad224dbddd71881bd07255beb4da
Sha1:   bc214d60be395d4cf753216ff8f9691c33d25e75
Sha256: 82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
                                        
                                            GET /static/js/1.96537e02.chunk.js HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 28 Sep 2022 21:15:25 GMT
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=92234
etag: W/"633318d8-1684a"
expires: Wed, 27 Sep 2023 15:38:04 GMT
last-modified: Tue, 27 Sep 2022 15:38:00 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 105594
server: cloudflare
cf-ray: 751f7e895e0f0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   37848
Md5:    bb67e88adc50470448fef99191c840a1
Sha1:   b09d148231458355ab73b94b66e065f147761e37
Sha256: 5334bdcebb155e8abcdc0b409cebe20b86662ed0b9a3a2d6cf057973c3e5713b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C0F79B37E900B9AC4F288E9508D6D0C46227C120125C50478EA6780A49835A9A"
Last-Modified: Wed, 28 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 29 Sep 2022 03:15:25 GMT
Date: Wed, 28 Sep 2022 21:15:25 GMT
Connection: keep-alive

                                        
                                            GET /static/js/22.b2d0dd5e.chunk.js HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=45771
etag: W/"633318d8-b2cb"
expires: Wed, 27 Sep 2023 15:38:05 GMT
last-modified: Tue, 27 Sep 2022 15:38:00 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 105683
server: cloudflare
cf-ray: 751f7e88ad650b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (45725), with no line terminators
Size:   28120
Md5:    7338d1cf9860c538cd011fb9395ba0d0
Sha1:   944ee487114ee7fc51a62d028f7189e88cfd3647
Sha256: e684fc50a82577a96ef2c99189ac6ddfae44c614723bca959b0ea1f1b39809dd
                                        
                                            GET /PAGINA-HOME/SCI/plx.check.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
content-length: 209
x-accel-version: 0.01
last-modified: Thu, 06 Feb 2020 00:26:40 GMT
etag: "195-59ddd53a1d000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   209
Md5:    65a7d1a66a5b6f665f49900274e318e8
Sha1:   ed2a23b7c7bd5ec1e42127e381cd5089b88bc2a7
Sha256: 61b441852598829f84cc6605312cf152c2b5f74c05721f0e689daac188a4b929

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/zero.png HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
content-length: 68
x-accel-version: 0.01
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: "44-59d9d19184300"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size:   68
Md5:    91e42db1c66c0b276abf6234dc50b2eb
Sha1:   c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
Sha256: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
                                        
                                            GET /PAGINA-HOME/SCI/extra-veilig-inloggen.png HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
content-length: 2604
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: "5e3727ac-a2c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 193 x 155, 8-bit/color RGBA, non-interlaced\012- data
Size:   2604
Md5:    d92d46789bd26332413f749c9049025f
Sha1:   bd82a9f760c742e15c609555753f25b7cb24b0a0
Sha256: 23b6fb0108b94d2d81693c51c160e6be5d60855078f0a042a13334e81b79dec9
                                        
                                            GET /PAGINA-HOME/SCI/proxyid.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
content-length: 170
x-accel-version: 0.01
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: "a4-59d9d19184300-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   170
Md5:    df12345b39e09a10716a3d123eed0456
Sha1:   0eaa13a8a6acb765c1ef90b80827244ae1ec2453
Sha256: c64bd5b1de5bb032bb18fe298f50ab7678848b765b9a81b250444f8506e95f10

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/styles.css HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Tue, 04 Feb 2020 14:19:16 GMT
etag: W/"5e397d64-7226b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   73609
Md5:    c39dd8500d98004b095b4b061ce9db9e
Sha1:   88b8982987e4414ee363552d7aba69f1c6453fe3
Sha256: 9fb49a6b6231afa506646f43e719f3e4d92d5e580f99d959f8a281f0475944e7
                                        
                                            GET /PAGINA-HOME/SCI/js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/octet-stream
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
content-length: 110845
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: "5e3727ac-1b0fd"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   112543
Md5:    945818a5548e79998cbef2080e46e58a
Sha1:   8e170caf9dc477e29fec4784e21cc706f63bf879
Sha256: 2a762febc360bd94c808580af13417a19e3a8cc8a081aab0a7fdf31d2a1476a0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/SunOT-Regular.ttf HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/SCI/styles.css
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv; _gat_UA-63549881-7=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: font/ttf
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:26 GMT
content-length: 86304
last-modified: Fri, 31 Jan 2020 23:48:36 GMT
etag: "5e34bcd4-15120"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  TrueType Font data, 15 tables, 1st "FFTM", 24 names, Macintosh\012- data
Size:   86304
Md5:    6150bb0f5b1e975bc0b616b61845f49c
Sha1:   4ea5afcef3164f6dbae351f9d12c13ad9514fd92
Sha256: 69e81e13ae217c9a436756a0f91d43af57f3adb823ea36f94d33f03cb4694981

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/conversion_async.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 25 Sep 2019 19:48:42 GMT
etag: W/"5d8bc49a-5f4d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1756)
Size:   19989
Md5:    86b8989059b4f8e22d30b6149af5024a
Sha1:   2ec862317c8311957f3ca36da3752252b2a16db7
Sha256: b583fadfb83a375b03d8d97bf24fa5f78754a9fcba225e524dd410ebe71e0716

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/8574.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 25 Sep 2019 19:48:42 GMT
etag: W/"5d8bc49a-402c"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (16427)
Size:   94434
Md5:    0e541126b137424e234de1ccfa543651
Sha1:   3d1280ce7951f07a56d1bea124c2ac0444a07932
Sha256: 412e7b1b9e851fd8f281129f8e778bd7c1734958c906572e37f0a2f89887971e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/analytics.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-adb6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1490)
Size:   103809
Md5:    88fd8d7c7f9295083bbd18b45933071b
Sha1:   3af0beb81bdd37b8aa2c1cba3a2182db1987e72c
Sha256: 9a132c300782764f8801ab57cb47ca68fe03906736a85de02d8c39790b10cb46

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/gtm_002.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-21ab3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2794)
Size:   44875
Md5:    3194bb7db53d5c1099ccb823270afbcf
Sha1:   663f86125317a1694f5d107359c64ff8240d4eeb
Sha256: 5e95716202262799000187a9f8f6ff7521a279e3424e27307bd5ca0064ad8859

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/gtm.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-1d455"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1538)
Size:   60851
Md5:    deedac415a22d72b395580cf85c0d034
Sha1:   750e1ee4e1bf6ed6aec0704764f583b607c20c49
Sha256: 9107cc7129b85dcdd02fe5e8b85ccaf3baacac5925a23af38f4e73225d6ccff7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/jquery-1.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-17c52"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32060)
Size:   33214
Md5:    8034b8d15069904141b70944bbffac34
Sha1:   2bd43b818307d97e91f5d7b8529e4a0d66bee01f
Sha256: ac800460781c88957eb12ed5c8e45f2147ca000102910504a21c6a63cc26e33b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/a HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 28 Sep 2022 01:46:01 GMT
etag: W/"328-5e9b2ec4a5a22"
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   20196
Md5:    b5ee8c590c46634c23caa70099c146c8
Sha1:   96070de9bd8266dfcc747efa410ff2d5247cf090
Sha256: 55ad340a002c563ff0be7784962d1fc081c0c83b688bd38bd75f77dbd0ab3431

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/modernizr.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-5f1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1428)
Size:   1124
Md5:    677b67c79fa891cf98e23ca9b7a1accf
Sha1:   dd4e20efb34cc7123942cc3e583cc2df4cfb7946
Sha256: b8b9481ed35a43685743ab618462f17da2b2fa28a8e64f9d2dfe85df7b92f03a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5987
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:15:26 GMT
Last-Modified: Wed, 28 Sep 2022 19:35:40 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5807
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:15:26 GMT
Last-Modified: Wed, 28 Sep 2022 19:38:39 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:15:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:15:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 21:15:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:15:26 GMT
Server: ECS (amb/6BA7)
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 21:15:26 GMT
Last-Modified: Wed, 28 Sep 2022 19:27:23 GMT
Server: ECS (nyb/1D1A)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: K9vuDdylnJNcMpZ1w2OuKoZO4tNdcvKpgiqT8g6CvUJtdK3LwJnH6Q==
Age: 6483

                                        
                                            GET /webfiles/1580357904717/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png HTTP/1.1 
Host: icscards.nl
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.195.93.72
HTTP/1.0 302 Moved Temporarily
                                        
Location: https://www.icscards.nl/webfiles/1580357904717/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png
Connection: Keep-Alive
Content-Length: 0
Set-Cookie: _tpc_persistance_cookie=!WlVH0nWTbzEFVwW8EOda6AVGp4P79XC5K0xVpBSXyvD1mNjR7mSwIzObJ7XWb+ghLMWCKowkv3wsdXo=; path=/; Httponly; Secure BBN01c5658b=0135ab579a197d93a98ad3e7fa32f8eaefca15d40ff37978f76e35ae427c9a0a8b03c1b16b432941af73ba2c0d44f48720269547c4fefb83417738fd0c6f264f6aef4972ae; Path=/; Secure; HTTPOnly
Accept-Encoding: gzip, deflate, br

                                        
                                            GET /a1d53d1e874a.js?lv=1 HTTP/1.1 
Host: w.usabilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         46.51.206.5
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Wed, 28 Sep 2022 21:15:26 GMT
content-length: 13222
cache-control: public,max-age=0
content-encoding: gzip
etag: "e255879c516de604cf466269a75d96a1"
pragma: no-cache
x-widget-server: 2.1
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (12888)
Size:   13222
Md5:    1aa4655472d63e16c89a29662b4d4327
Sha1:   a4724b9fc525aa92f84c469d85692d3dc88957df
Sha256: 5a5824223eba4d47e853b24c0ca9db1394cf556bd45202cedb11b4cedd4e30e9
                                        
                                            GET /themes/production/icsnederland-button-7ef629548db47bacfbb18b3383223f61.png HTTP/1.1 
Host: d6tizftlrpuof.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.245.35
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Content-Length: 1809
Connection: keep-alive
Date: Mon, 10 Jan 2022 07:30:24 GMT
Last-Modified: Tue, 13 Mar 2018 16:10:27 GMT
ETag: "7ef629548db47bacfbb18b3383223f61"
Cache-Control: max-age=315360000, no-transform, public
x-amz-version-id: uUADb9XCpewO7QYDlgT5DnwG20pU0rFi
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BXxG_L9NEM2UHULPDNiXzRfeYOhdC3ffCEvcc6ZJGc4RVd8KCO7clg==
Age: 22599903


--- Additional Info ---
Magic:  PNG image data, 80 x 260, 8-bit colormap, non-interlaced\012- data
Size:   1809
Md5:    7ef629548db47bacfbb18b3383223f61
Sha1:   c92146d1f74c6f79b3bf2c5bfe01ac69392bd998
Sha256: 62aa47ada132a4fb2551ef3ab9b39a28fc285e187905d744c8ec52ed83007ef8
                                        
                                            GET /webfiles/1580357904717/media/theme/ics-nl/images/icons/favicon-144x144-withoutlines.png HTTP/1.1 
Host: www.icscards.nl
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web8713.web07.bero-webspace.de/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         185.195.93.72
HTTP/1.1 200
content-type: image/png;charset=UTF-8
                                        
content-length: 5528
date: Wed, 28 Sep 2022 21:15:26 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
x-content-type-options: nosniff
cache-control: max-age=31536000
expires: Thu, 28 Sep 2023 21:15:26 GMT
x-xss-protection: 1; mode=block
content-security-policy: frame-ancestors www.anwb.nl www.worldcard.nl www.yourmastercard.nl www.icscards.nl *.icscards.nl.cipe.local icscards.nl
strict-transport-security: max-age=31536000; includeSubDomains
Set-Cookie: BIGipServer~ICSDLB02~pool_www.icscards.nl_8016=rd11o00000000000000000000ffff0af4d3d0o8016; path=/; Httponly; Secure _tpc_persistance_cookie=!Yb+Xrsb1yHNrHRi8EOda6AVGp4P79RaWTT75gvzcst7qdvHCJ2Hh/JYNDQlHs7uBR6Ec00sbjDBmqow=; path=/; Httponly; Secure BBN01677320=0135ab579a526237d3a7777bd311653f55542c25bd01c5f05dac0660339e7e6f0233f8176ce0e4a48047bd45323cefeb5dab249fd77666e17838d4b50d6485a1f97ef63b7d; Path=/; Domain=.www.icscards.nl; Secure; HTTPOnly
Accept-Encoding: gzip, deflate, br


--- Additional Info ---
Magic:  PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced\012- data
Size:   5528
Md5:    75d0a29d4d1a08405f39799bcb986e63
Sha1:   da64454d7277c531786146796026f49f89e9d4db
Sha256: 1a99f7b02b4517fa7e085315d99cdc0b9e13b0b1c904c683679a05de7a7d1a63
                                        
                                            GET /PAGINA-HOME/SCI/arcotfpcollect.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-8355"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/main_002.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-254a40"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /j1Nfvz HTTP/1.1 
Host: hm.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         138.68.185.92
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.23.1
date: Wed, 28 Sep 2022 21:15:22 GMT
set-cookie: PHPSESSID=vqukipka7l2kchik7urmgsr386; expires=Fri, 28-Oct-2022 21:15:22 GMT; Max-Age=2592000; path=/; domain=.hm.ru
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: International Card Services B.V
                                        
                                            GET /QRFY_logo_white.svg HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
last-modified: Sat, 10 Sep 2022 19:20:50 GMT
etag: W/"631ce392-57d"
expires: Sun, 10 Sep 2023 19:23:29 GMT
cache-control: max-age=31536000, public
vary: Accept-Encoding
pragma: public
cf-cache-status: HIT
age: 1561760
server: cloudflare
cf-ray: 751f7e86cb810b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/js/21.367091ec.chunk.js HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 28 Sep 2022 21:15:25 GMT
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=20369
etag: W/"632cb918-4f91"
expires: Fri, 22 Sep 2023 19:35:56 GMT
last-modified: Thu, 22 Sep 2022 19:35:52 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 524352
server: cloudflare
cf-ray: 751f7e895e0d0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/js/0.ba8ef51e.chunk.js HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 28 Sep 2022 21:15:25 GMT
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=23151
etag: W/"633318d8-5a6f"
expires: Wed, 27 Sep 2023 15:38:04 GMT
last-modified: Tue, 27 Sep 2022 15:38:00 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 105593
server: cloudflare
cf-ray: 751f7e895e130b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/plausible.js HTTP/1.1 
Host: analytics.qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
cf-bgj: minify
expires: Sun, 10 Sep 2023 19:23:28 GMT
pragma: public
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: max-age=31536000, public
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
last-modified: Sat, 10 Sep 2022 19:23:28 GMT
cf-cache-status: HIT
age: 1561760
server: cloudflare
cf-ray: 751f7e86bb6d0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /PAGINA-HOME/SCI/fbevents.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 25 Sep 2019 19:48:42 GMT
etag: W/"5d8bc49a-1e5e9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/main.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Wed, 25 Sep 2019 19:32:56 GMT
etag: W/"5d8bc0e8-2e4c2"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/main-ics.css HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Tue, 04 Feb 2020 14:29:10 GMT
etag: W/"5e397fb6-3b0c7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /PAGINA-HOME/SCI/collectddna.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-a89"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/polyfills.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-1aa67"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /PAGINA-HOME/SCI/runtime.js HTTP/1.1 
Host: web8713.web07.bero-webspace.de
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://web8713.web07.bero-webspace.de/PAGINA-HOME/
Cookie: _ga=GA1.4.440513768.1664399617; _gid=GA1.4.1475561481.1664399617; _fbp=fb.1.1664399617645.2119017117; did_proxy=1:tjaKx95DWq5zldDPkqgrcAnX6H_aV7zrhaTmk-WoSAclmnzIIvOCPWRp-_G_ZQF_OBiNCHr_ShQWGCIVpLd05A; PHPSESSID=h5bv1h5g2htjiafppmv471damv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         109.71.253.24
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 28 Sep 2022 21:15:25 GMT
last-modified: Sun, 02 Feb 2020 19:49:00 GMT
etag: W/"5e3727ac-5ab"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /p/ysMTUkz HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hm.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: text/html
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
cf-ray: 751f7e864b060b3d-OSL
age: 1409
cache-control: public, max-age=3600
last-modified: Wed, 28 Sep 2022 14:22:24 GMT
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/css/main.313b5002.chunk.css HTTP/1.1 
Host: qrfy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qrfy.com/p/ysMTUkz
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.66.42.212
HTTP/2 200 OK
content-type: text/css
                                        
date: Wed, 28 Sep 2022 21:15:24 GMT
cache-control: max-age=31536000, public
cf-bgj: minify
cf-polished: origSize=139
etag: W/"631ce3c9-8b"
expires: Sun, 10 Sep 2023 19:23:28 GMT
last-modified: Sat, 10 Sep 2022 19:21:45 GMT
pragma: public
vary: Accept-Encoding
cf-cache-status: HIT
age: 1561761
server: cloudflare
cf-ray: 751f7e86bb6a0b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---