checkoutenlist.com/108d6f7f13896/?epcvip=48.1246.a9lf&email&password&firstname&lastname&zip&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=42252506345/
302 Found 0 B URL User Request GET HTTP/2 checkoutenlist.com/108d6f7f13896/?epcvip=48.1246.a9lf&email&password&firstname&lastname&zip&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=42252506345/
IP
Certificate IssuerLet's Encrypt
Subjectcheckoutenlist.com
FingerprintB5:3C:4C:79:93:61:22:F7:E5:8E:F4:15:63:6E:D1:C6:08:79:85:5D
ValidityFri, 28 Jul 2023 09:55:56 GMT - Thu, 26 Oct 2023 09:55:55 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /108d6f7f13896/?epcvip=48.1246.a9lf&email&password&firstname&lastname&zip&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=42252506345/ HTTP/1.1
Host: checkoutenlist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 24 Aug 2023 18:15:56 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=a19810c97426589814bff7adb756ee6e; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 10131484
age: 0
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
section-io-cache: Miss
section-io-id: 66c0849fab73cc5321fb8f32fea3d6b2
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
200 OK 9.8 kB URL GET HTTP/2 ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (32033)
Hash 5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 2997491
cache-control: public,max-age=31536000
content-type: application/javascript
date: Thu, 24 Aug 2023 18:15:58 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
200 OK 20 kB URL GET HTTP/2 ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (65371)
Hash ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 12087639
cache-control: public,max-age=31536000
content-type: text/css
date: Thu, 24 Aug 2023 18:15:58 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash bcdf43508e7b58692399e44ee02e61e6
b40b19a9469099e371ebc5688235e01d78cf77c1
efa06e4fb6c00cbb63c746479f62e92a38dca0badc50291d36fd59170e4b3cac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Aug 2023 18:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash bcdf43508e7b58692399e44ee02e61e6
b40b19a9469099e371ebc5688235e01d78cf77c1
efa06e4fb6c00cbb63c746479f62e92a38dca0badc50291d36fd59170e4b3cac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Aug 2023 18:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash bcdf43508e7b58692399e44ee02e61e6
b40b19a9469099e371ebc5688235e01d78cf77c1
efa06e4fb6c00cbb63c746479f62e92a38dca0badc50291d36fd59170e4b3cac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Aug 2023 18:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rfdcxz.com/common_tpls/compactML/css/epcjfdt1.css
200 OK 7.6 kB URL GET HTTP/2 rfdcxz.com/common_tpls/compactML/css/epcjfdt1.css
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
Hash d8d432131da70a1a7a75fdfced70a09c
0aac291f1076496af13eb2b47358aec636e7a264
9fa00e0c61d2c436e2ef102ade0298e6332cebf65800be7547dfd4e22d82830b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/compactML/css/epcjfdt1.css HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:57 GMT
content-type: text/css
content-length: 7568
last-modified: Mon, 18 May 2020 21:32:04 GMT
etag: W/"5ec2fed4-a0f3"
content-encoding: gzip
section-io-cache-id: 71c6a27103e4c6f6259983229e1160a4
vary: Accept-Encoding
x-varnish: 10355249 218227
age: 889
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: d30bf326f3a64b17ae108ad7ed35b964
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/images/icons/email.png
200 OK 1.3 kB URL GET HTTP/2 rfdcxz.com/common_tpls/images/icons/email.png
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash a86d99b9176d82a211cfa29b2f0b353f
62947ddfd87e3a21869818885e4bfa4e55ad0c11
f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/images/icons/email.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: image/png
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-4e6"
section-io-cache-id: 2e9bef42bb6819f773b5c17894e96ec2
x-varnish: 9004361 9111456
age: 16162
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 5244c56317808ffd5f7240beeb920fdb
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/images/icons/password.png
200 OK 1.5 kB URL GET HTTP/2 rfdcxz.com/common_tpls/images/icons/password.png
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash 6f100f1cdbdce928118ffa4c9293ca5b
6b1a3593e792d4c00187d60560dd03fb42df1156
8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/images/icons/password.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 22 Aug 2017 16:34:59 GMT
etag: "599c5d33-5ac"
section-io-cache-id: e39012e28620eb48561df05d7b99981a
x-varnish: 8484074 8053012
age: 16171
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: ce16ca79d965462e6a49b3a1490aef43
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/images/icons/fname.png
200 OK 1.6 kB URL GET HTTP/2 rfdcxz.com/common_tpls/images/icons/fname.png
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Hash 5c846870756544f39604e671d4111b9d
304938c74246e228fa82d8ca40201c3db6098074
d43abf8c5665519a3fe3f7e90298fc17b62e06d8ada1b90a44ea9985a62abb4d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/images/icons/fname.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: image/png
content-length: 1649
last-modified: Tue, 28 Nov 2017 20:52:02 GMT
etag: "5a1dcc72-671"
section-io-cache-id: 9d733b51d4e612d5598e6e96b6fa461c
x-varnish: 9004362 6898888
age: 16171
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 8952bc989dc8752b554bb2f7ef85e143
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/images/icons/address.png
200 OK 1.2 kB URL GET HTTP/2 rfdcxz.com/common_tpls/images/icons/address.png
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash b579e9868402d708e54e1a980166c444
1c58e2890b934c0b1ab057f3ac28bedd2a082d19
67756f8b542c7823bcdba421219c3b8e1ee472748d8c3463534f667271356dfb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/images/icons/address.png HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: image/png
content-length: 1167
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-48f"
section-io-cache-id: cae663f952ec7709e9b67eb8e1f6a871
x-varnish: 8484075 8053115
age: 16134
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: e3bd0502ebeb9f1db47d6b2a6b18ea92
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 31 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint2A:06:F9:5A:FD:FC:89:5C:D7:C5:CC:38:F0:25:78:FB:15:9F:5A:67
ValidityMon, 31 Jul 2023 08:22:19 GMT - Mon, 23 Oct 2023 08:22:18 GMT
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 19 Aug 2023 00:56:25 GMT
expires: Sun, 18 Aug 2024 00:56:25 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 494373
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash bcdf43508e7b58692399e44ee02e61e6
b40b19a9469099e371ebc5688235e01d78cf77c1
efa06e4fb6c00cbb63c746479f62e92a38dca0badc50291d36fd59170e4b3cac
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Aug 2023 18:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Poppins:wght@300;400;600&display=swap
200 OK 963 B URL GET HTTP/2 fonts.googleapis.com/css2?family=Poppins:wght@300;400;600&display=swap
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint2A:06:F9:5A:FD:FC:89:5C:D7:C5:CC:38:F0:25:78:FB:15:9F:5A:67
ValidityMon, 31 Jul 2023 08:22:19 GMT - Mon, 23 Oct 2023 08:22:18 GMT
File type gzip compressed data, max compression\012- data
Hash 7348e21f823c93cfdaf8884321716c9f
3d3d6ec1c17c7e78fb9739323139871297bd9e43
8010ef7522b7e661f14090e3f83397afae778094c95f67dbb4a37e2f1fca7d04
GET /css2?family=Poppins:wght@300;400;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Aug 2023 18:15:58 GMT
date: Thu, 24 Aug 2023 18:15:58 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/js/form_support.js?v=1101202201
200 OK 1.4 kB URL GET HTTP/2 rfdcxz.com/common_tpls/js/form_support.js?v=1101202201
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
Hash 4ffa5d12f2aa2394aa284438d9ab1658
66a6678dc24eae37e35b8ee571e78f6e8af796da
a35efd7238a1ef4c6581aadc6d001e8554adf949dc6cde5650c2235483f19bf0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:57 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 21:23:38 GMT
etag: W/"6377f7da-ed7"
section-io-cache-id: 6f36c4d18aa694bb7340907ac67ecbdf
x-varnish: 9004360 1299952
age: 16166
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: a76545f826106d69c81a547a22d9e9ce
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
200 OK 2.6 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (27832)
Hash 1cb05a2f9541200e1fa0a2cd0abc7663
fdf3292a6db22945eb79e08d847834205b749c6f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60
GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 3539974
accept-ranges: bytes
server: cloudflare
cf-ray: 7fbd956e4bd20b45-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
200 OK 4.2 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (26366)
Hash 715826d7cea0f100c00238e5e5dc92b4
ea2a076f73ed3826287a726f35ae5e54136f2cee
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6
GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 3539974
accept-ranges: bytes
server: cloudflare
cf-ray: 7fbd956e4bd00b45-OSL
X-Firefox-Spdy: h2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
200 OK 54 kB URL GET HTTP/2 ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (65397)
Hash 486b13730aafe2a39cdaf1666679fa5b
aa0f52f048688ada20d921fef78cf15684a25f04
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d
GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 3539974
accept-ranges: bytes
server: cloudflare
cf-ray: 7fbd956e4bce0b45-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash 72438717548786e23e3c1b2ef3ad6581
853eed136622460def10b2ff167efbd0993ff1f2
ed30dd609d16a8c2796f40c3309709a152e995e789033a1f7dd60bcd9129404a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Aug 2023 18:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash d9b624cc08ed83319f5b4e930dd6f73e
b6a20c446be2795a049d7aa3769c4d8152cee2ea
24dbc611d7a1a7ab4c2d77849c82033650fa308b427d79fa2e75df9f3de9d330
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Aug 2023 18:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
472 B IP
Hash 72438717548786e23e3c1b2ef3ad6581
853eed136622460def10b2ff167efbd0993ff1f2
ed30dd609d16a8c2796f40c3309709a152e995e789033a1f7dd60bcd9129404a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Aug 2023 18:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
200 OK 7.9 kB URL GET HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintB4:FE:48:07:8D:40:C5:C8:CB:74:41:13:3F:8E:10:8B:6F:1C:F4:CB
ValidityMon, 31 Jul 2023 08:22:18 GMT - Mon, 23 Oct 2023 08:22:17 GMT
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Aug 2023 15:18:26 GMT
expires: Fri, 23 Aug 2024 15:18:26 GMT
cache-control: public, max-age=31536000
age: 10652
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/js/iframeResizer.contentWindow.min.js
200 OK 13 kB URL GET HTTP/2 rfdcxz.com/common_tpls/js/iframeResizer.contentWindow.min.js
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type gzip compressed data, from Unix\012- data
Hash 8281e5eedc9961bd0cb890c2ccefd0ef
34c334cd136652412c2e59092ea40df44e86e349
41ac531bdb208a9b3885a762abb6e4336d55c10de053a09562fc74c98436a21e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 04 Feb 2016 15:06:03 GMT
etag: W/"56b368db-3445"
section-io-cache-id: 9eff031b17200ada9f3b9e7e149bdf34
x-varnish: 9575025 8562499
age: 16165
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: c876aaaa46c8d237f1b90b34c9dfa8ef
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
200 OK 8.0 kB URL GET HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintB4:FE:48:07:8D:40:C5:C8:CB:74:41:13:3F:8E:10:8B:6F:1C:F4:CB
ValidityMon, 31 Jul 2023 08:22:18 GMT - Mon, 23 Oct 2023 08:22:17 GMT
File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Hash 72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Aug 2023 10:05:21 GMT
expires: Sat, 17 Aug 2024 10:05:21 GMT
cache-control: public, max-age=31536000
age: 547837
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v9/pxiByp8kv8JHgFVrLCz7V1s.ttf
200 OK 66 kB URL GET HTTP/2 fonts.gstatic.com/s/poppins/v9/pxiByp8kv8JHgFVrLCz7V1s.ttf
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintB4:FE:48:07:8D:40:C5:C8:CB:74:41:13:3F:8E:10:8B:6F:1C:F4:CB
ValidityMon, 31 Jul 2023 08:22:18 GMT - Mon, 23 Oct 2023 08:22:17 GMT
File type TrueType Font data, 14 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2014-2017 Indian Type Foundry (info@indiantypefoundry.com)PoppinsBold3.010;ITFO;Poppin\012- data
Hash 922cb3bc86ec0568c82525e315387021
9b353cec56d585154a440b2b883cd6f779ef35e3
2c07ce0658fcab0f0266babe01e11458c1126d92b5d53cd27f48282aaff0c20f
GET /s/poppins/v9/pxiByp8kv8JHgFVrLCz7V1s.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 66163
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Aug 2023 20:42:42 GMT
expires: Sat, 17 Aug 2024 20:42:42 GMT
cache-control: public, max-age=31536000
age: 509596
last-modified: Tue, 08 Oct 2019 21:22:28 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
472 B IP
Hash d9b624cc08ed83319f5b4e930dd6f73e
b6a20c446be2795a049d7aa3769c4d8152cee2ea
24dbc611d7a1a7ab4c2d77849c82033650fa308b427d79fa2e75df9f3de9d330
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 24 Aug 2023 18:15:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rfdcxz.com/acct/trk/?rtid=82253692801
200 OK 21 B URL GET HTTP/2 rfdcxz.com/acct/trk/?rtid=82253692801
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash a0dfdea01f856877955204f4e1dd6ec1
d8387283007e87e481c253f630493d7ddbc901a5
9ef2481bba1bda306e6000b792e64cd60f75f4609f7630a11dc9b6575643c0c6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /acct/trk/?rtid=82253692801 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: text/json;charset=UTF-8
content-length: 21
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 10355257
age: 0
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
section-io-cache: Miss
section-io-id: 567591db2ce62f78c422aa70d66581a1
X-Firefox-Spdy: h2
rfdcxz.com/common_tpls/js/validate_form_v2.js?jsv=33
200 OK 26 kB URL GET HTTP/2 rfdcxz.com/common_tpls/js/validate_form_v2.js?jsv=33
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /common_tpls/js/validate_form_v2.js?jsv=33 HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 13 Feb 2023 23:40:03 GMT
etag: W/"63eaca53-63ed"
section-io-cache-id: 5c385ae6837a2f09e684bcaadb76fd15
x-varnish: 10355250 6356926
age: 16166
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 9f2ca719b8a2db10dba01a559104543f
X-Firefox-Spdy: h2
rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
200 OK 30 kB URL User Request GET HTTP/2 rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
IP
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:57 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 10131490
age: 0
via: 1.1 varnish-65c66bdb8c-7ffsz (Varnish/7.2)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: e3f15cb1a60aca971cc172573c68a361
X-Firefox-Spdy: h2
rfdcxz.com/favicon.ico
404 Not Found 564 B IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerLet's Encrypt
Subjectrfdcxz.com
Fingerprint92:52:19:63:3A:2E:8E:52:21:82:9F:60:78:9B:5A:B3:EF:92:75:3F
ValiditySat, 08 Jul 2023 00:07:59 GMT - Fri, 06 Oct 2023 00:07:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (592), with no line terminators
Hash fdcc3670b5749c79b9fd2506176af388
1095fe0f01313e6da2c11cf5dbce11702601910a
3186816c26c71c47fa28220ea83b02b93fa62389d22d3d77e8eeefcc573f2b69
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: rfdcxz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Cookie: PHPSESSID=d64094076022dca372843d934c5cbfb8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: text/html
vary: Accept-Encoding
x-varnish: 7307951 9312690
age: 106
via: 1.1 varnish-65c66bdb8c-bcwfl (Varnish/7.2)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 7bbee76dfd8201f64407338aa1d01eb0
X-Firefox-Spdy: h2
kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
200 OK 0 B URL GET HTTP/2 kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b314bdf1b3/110588222/kit-upload.css HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rfdcxz.com/
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: text/css
content-length: 0
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
etag: 54af53b207eef226d6511e0a88e3038e
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F3HEz91sxmKZH5yginzj
cf-cache-status: HIT
age: 2439271
accept-ranges: bytes
server: cloudflare
cf-ray: 7fbd956e1baf0b45-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/icon?family=Material+Icons
200 OK 565 B URL GET HTTP/2 fonts.googleapis.com/icon?family=Material+Icons
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint2A:06:F9:5A:FD:FC:89:5C:D7:C5:CC:38:F0:25:78:FB:15:9F:5A:67
ValidityMon, 31 Jul 2023 08:22:19 GMT - Mon, 23 Oct 2023 08:22:18 GMT
File type ASCII text, with very long lines (588), with no line terminators
Hash bdcf60bde5544e1017e1f2e60888a9c7
6fb24309b7ff90c1c99d19c0c7a127a16508840e
d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952
GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 24 Aug 2023 18:15:58 GMT
date: Thu, 24 Aug 2023 18:15:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
kit.fontawesome.com/b314bdf1b3.js
200 OK 12 kB URL GET HTTP/2 kit.fontawesome.com/b314bdf1b3.js
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (11213)
Hash 4fc6cefe553c0690d16534ebf9d89181
aa7c5a51a88e2dcbdf8b67e8648d35682d19e31f
8f3a8661dafbfffde857c6bbc7abc7c63e929047dfc5e6cc1a805ab8e98dacbb
GET /b314bdf1b3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://rfdcxz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 24 Aug 2023 18:15:58 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F3a06yrBdhpxMJgACU0C
cf-cache-status: HIT
server: cloudflare
cf-ray: 7fbd956b784b0b45-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
200 OK 7.8 kB URL GET HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
IP
Requested by https://rfdcxz.com/247d89cdb0a2b432/?epcvip=48.1246.a9lf&email=&password=&firstname=&lastname=&zip=&act=vip63.47370-682463.typein&epccid=n2u3ub4dmfi7qfcdgcp0b48e0fu2e395k&rtid=82253692801&epcCID=42j3Ubedzft7qfwdzcZ0Q4MeMf62Z3k5O
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintB4:FE:48:07:8D:40:C5:C8:CB:74:41:13:3F:8E:10:8B:6F:1C:F4:CB
ValidityMon, 31 Jul 2023 08:22:18 GMT - Mon, 23 Oct 2023 08:22:17 GMT
File type Web Open Font Format (Version 2), TrueType, length 7840, version 1.0\012- data
Hash 8d91ec1ca2d8b56640a47117e313a3e9
a9e9bafe64666f4595051a0e895b47a5fa39e67e
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
GET /s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rfdcxz.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Aug 2023 15:08:24 GMT
expires: Fri, 23 Aug 2024 15:08:24 GMT
cache-control: public, max-age=31536000
age: 11254
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
207.120.33.5
104.18.23.52