Overview

URL dongtrieu.ml/
IP49.12.81.114
ASNHetzner Online GmbH
Location Germany
Report completed2022-09-25 03:08:48 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-25 2 99pokerdewa.tk/ Phishing
2022-09-25 2 99pokerdewa.tk/wp-includes/css/dist/block-library/style-rtl.min.css?ver=5.4.11 Phishing
2022-09-25 2 99pokerdewa.tk/wp-content/themes/news-theme-static/assets/css/main.css?ver= (...) Phishing
2022-09-25 2 99pokerdewa.tk/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 Phishing
2022-09-25 2 99pokerdewa.tk/wp-content/themes/news-theme-static/assets/js/slick.min.js?v (...) Phishing
2022-09-25 2 99pokerdewa.tk/wp-content/themes/news-theme-static/assets/css/bootstrap.min (...) Phishing
2022-09-25 2 99pokerdewa.tk/wp-includes/js/wp-embed.min.js?ver=5.4.11 Phishing
2022-09-25 2 99pokerdewa.tk/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp Phishing
2022-09-25 2 99pokerdewa.tk/wp-content/themes/news-theme-static/assets/fnt/IRANSans/woff (...) Phishing
2022-09-25 2 99pokerdewa.tk/wp-content/themes/news-theme-static/assets/fnt/IRANSans/woff (...) Phishing
2022-09-25 2 99pokerdewa.tk/wp-content/themes/news-theme-static/assets/fnt/IRANSans/woff (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (11)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS raoskalvinilayam.cf (1) 0 2017-06-29 04:53:30 UTC 2022-03-30 00:37:06 UTC 104.21.50.195 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-24 19:30:16 UTC 93.184.220.29
mnemonic passive DNS sstatic1.histats.com (1) 65269 2012-06-20 10:01:45 UTC 2022-09-24 14:24:15 UTC 192.99.13.63
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-24 05:36:42 UTC 52.89.255.30
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-24 04:22:29 UTC 34.120.237.76
mnemonic passive DNS dongtrieu.ml (1) 0 2019-05-31 02:18:10 UTC 2022-09-16 10:32:48 UTC 49.12.81.114 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-24 19:48:02 UTC 143.204.55.115
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-24 04:22:23 UTC 34.117.237.239
mnemonic passive DNS 99pokerdewa.tk (22) 0 2018-09-21 06:56:01 UTC 2022-05-16 01:33:19 UTC 95.217.197.89 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-24 04:21:50 UTC 23.36.77.32
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-24 04:26:56 UTC 143.204.55.25


Recent reports on same IP/ASN/Domain/Screenshot

Last 1 reports on IP: 49.12.81.114

Date UQ / IDS / BL URL IP
2022-09-25 03:08:48 +0000
0 - 0 - 11 dongtrieu.ml/ 49.12.81.114

Last 5 reports on ASN: Hetzner Online GmbH

Date UQ / IDS / BL URL IP
2022-12-07 17:42:40 +0000
0 - 0 - 146 wrapnfloor.com/ci/index.php?QBOT.zip 135.181.142.201
2022-12-07 17:30:26 +0000
0 - 0 - 3 78.46.72.253/d/ryxmnvsznlgpv7w7lg6i6hsm3xzzdp (...) 78.46.72.253
2022-12-07 17:01:54 +0000
0 - 0 - 1 65.21.119.56/update.zip 65.21.119.56
2022-12-07 16:57:45 +0000
0 - 0 - 1 116.203.19.97/1/lib32.hta 116.203.19.97
2022-12-07 16:57:44 +0000
0 - 0 - 1 116.203.19.97/1/lib.hta 116.203.19.97

Last 1 reports on domain: dongtrieu.ml

Date UQ / IDS / BL URL IP
2022-09-25 03:08:48 +0000
0 - 0 - 11 dongtrieu.ml/ 49.12.81.114

No other reports with similar screenshot



JavaScript

Executed Scripts (8)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (41)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: dongtrieu.ml
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         49.12.81.114
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Connection: Keep-Alive
Content-Length: 707
Date: Sun, 25 Sep 2022 03:08:37 GMT
Location: http://99pokerdewa.tk/


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   707
Md5:    1304294c0823ca486542ba408ed761e3
Sha1:   b2a70fb2d810ca13985882e6981f33998823e83e
Sha256: 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 02:14:46 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BccrJ4Gx0N1VL_fY0U8rbTOT8CkQo8RxrilwYs2T6cIxVt_9DtFLJw==
Age: 3231


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6906
Expires: Sun, 25 Sep 2022 05:03:43 GMT
Date: Sun, 25 Sep 2022 03:08:37 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nmtXCvgLGUxi-sDDgkzdF-SkOPVD5usZUWpAfJWDH6Zxpidn4C0Jow==
age: 81203
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 25 Sep 2022 03:08:37 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET / HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Connection: Keep-Alive
Link: <http://99pokerdewa.tk/wp-json/>; rel="https://api.w.org/"
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1942), with CRLF, LF line terminators
Size:   9730
Md5:    44208b9b4ba40c4888da9f6aebab7fce
Sha1:   8e79552cc5a63aebb674ee5e3f634703c095007c
Sha256: 9e800f9be71f1dd53119444183b74e9befcccdae5b275987704071e9428ed0cf

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/css/dist/block-library/style-rtl.min.css?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:56 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 7568
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (53367), with no line terminators
Size:   7568
Md5:    3c71f1b9e676f5127e11a57f231105c2
Sha1:   634831664d161da1db0bfa8b861d371746db4f6b
Sha256: 0d8221148d12a34f34130ac8c91acf11b0fa42a2c3f0af920fefea13d322292f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/news-theme-static/assets/css/slick/slick.css?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 566
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text
Size:   566
Md5:    d979503c94235e3d7c63804334eae591
Sha1:   927ae013d52d4b540539d6923201f42ccf78a77b
Sha256: 12bc72121ec549a084158825b575260a3feb5e67d795bce84d18874deec2f6df
                                        
                                            GET /wp-content/themes/news-theme-static/assets/css/slick/slick-theme.css?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 867
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   867
Md5:    7ed4b09bb604ec2dee14becfc955fc66
Sha1:   d945855fed49aa7d73ff98534069394fd949d3e3
Sha256: aaf6776c80230d4a47310b1e0f8ec865195f92826a079932f2765d64414a5a30
                                        
                                            GET /wp-content/themes/news-theme-static/assets/css/main.css?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 2857
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2857
Md5:    661e11b43825f04a1d5d2bc3a837bb6f
Sha1:   e3596c5092ce8edf595ce6a17861fd265a0ea23d
Sha256: d25ed915486295d82cc4a6349f0f528720d432fddafcf07c8481dd221556aa0a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:56 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 4034
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (9959)
Size:   4034
Md5:    2f89b08855471c7476435ce0bec33ba7
Sha1:   970533f152623df03b5fc6fb793b21889e4e0349
Sha256: d200586b6dd1ff779b6c30947361ff736e076d8c7d502505ab3174ca33455ea0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/news-theme-static/assets/js/slick.min.js?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 10730
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (32026)
Size:   10730
Md5:    08af7f4082c9819f8e75ad9254c9241b
Sha1:   6f404d94d47a8c5a9ce6b3ed914c7a851dc7ad0f
Sha256: 0330eada900b12e43d974f45f2fd372cc4178ff7c32aec6ee8c03caead916081

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/news-theme-static/assets/js/js.cookie.min.js?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 730
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (1464), with CRLF line terminators
Size:   730
Md5:    1a0b2844b1289182719f9b0d661f0432
Sha1:   dff193e4f66da48d129b03b67acff0ef8df8eb03
Sha256: 9f8511f68378195c34b6cfbdf7458c9f9717f366fb9f90bf33b6380a34ea6d17
                                        
                                            GET /wp-content/themes/news-theme-static/assets/css/bootstrap.min.css?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 23287
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (65324)
Size:   23287
Md5:    c9b2f93d0a1c36f2f88eebf3e3ce8210
Sha1:   adddc95ba8502c64dd72a212b6a21a5572f1f0bd
Sha256: c65dabb23328e18da176ff813a2d4f965755cfebe797cc555c16ff4518d40790

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/news-theme-static/assets/js/main.js?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 690
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   690
Md5:    34a25cc13a3f67126632aa23a9a7d558
Sha1:   d25243efb0ed2dd32e7dc2c5256ea76ae25ec865
Sha256: 2acbf0a53ba757964cd5da9eece9e160ac126c323cd59ed5d8b19457e07d079c
                                        
                                            GET /wp-includes/js/wp-embed.min.js?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:05:02 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 769
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (1391)
Size:   769
Md5:    82e67f050afdb38c20ac6eb305f97c17
Sha1:   df1349df76d66a9cf64377cf335c67c337d85470
Sha256: 5f6c33116e2106cd0f2f28c16062f1d584e74b8539a14ed45e17957634d71b7e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/news-theme-static/assets/css/fontiran.css?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 401
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size:   401
Md5:    41e0e3893a159f5b70840f7216048702
Sha1:   ce46febf1c70780db0451ee7d88672ea160fdd20
Sha256: 8a0d2706435a31be7271612fa56fbef4ffbc80ff129a6739ebee0c26127efa03
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:05:02 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 4655
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (10927)
Size:   4655
Md5:    6d2660ddf1328851cc8b3ebf018a6a3b
Sha1:   d5dd0b74984ec56d7ce608dfbadc62d1b368d39d
Sha256: 38412119e2c14432fed8388c668e128a92c2f94ddfee23c43cca96e4ad03b13b
                                        
                                            GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:56 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 33836
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text, with very long lines (31997)
Size:   33836
Md5:    167b4b3aef1415384a1d72a851584464
Sha1:   7edb972190b2048300fb5eb1668e54ec049b91a2
Sha256: 2d29b6f8700dbeda5b83991887d89ef850f3d570946b8eef360a86b9adcb0fb3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/news-theme-static/assets/css/fontawesome.css?ver=5.4.11 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 34328
Date: Sun, 25 Sep 2022 03:08:37 GMT


--- Additional Info ---
Magic:  ASCII text
Size:   34328
Md5:    3cbb15b25878411d63c7734b8a6478a8
Sha1:   63cc4ca6f086984b6e5355887102c675b2c80337
Sha256: b20ce34fd4797024096444974a8335d0de62b0b0dc406db05b565f4c4f2f8910
                                        
                                            GET /wp-content/themes/news-theme-static/assets/img/bnr1.png HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Length: 92601
Date: Sun, 25 Sep 2022 03:08:37 GMT
Vary: User-Agent


--- Additional Info ---
Magic:  PNG image data, 800 x 300, 8-bit colormap, non-interlaced\012- data
Size:   92601
Md5:    24eef0cd6f964a3cb3de14959cde1990
Sha1:   12142ab9c02db9edaed1577ccf0db197f1c3f384
Sha256: a66559799087af27af0d006a1f782a875a00910d5987b5d959991e729f09d5b1
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 25 Sep 2022 03:04:17 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 25 Sep 2022 04:03:29 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: qVXPmvdHtCN0uThIJNUyWXYVwqAjUCqKr3gogBlNCLNEv8cMN0cfzw==
Age: 259


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /wp-content/uploads/2020/05/index.jpg HTTP/1.1 
Host: raoskalvinilayam.cf
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         104.21.50.195
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Date: Sun, 25 Sep 2022 03:08:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://99pokerdewa.tk/wp-content/uploads/2020/05/index.jpg
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXzSXU78nMbeaEDSnKUfSFjgw04RFgm%2FCFqYrh7Awoo30zBg%2BXFTJXcl2XGhQYKMkxS4bsUPwlM%2FwXkEdMpFaCUaN3AiZgO8dnsLWCPyAORkdPwX2TUfDFNaqKddXcyNU%2F54DEX7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75008e705df60b45-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   707
Md5:    1304294c0823ca486542ba408ed761e3
Sha1:   b2a70fb2d810ca13985882e6981f33998823e83e
Sha256: 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
                                        
                                            GET /wp-content/themes/news-theme-static/assets/fnt/IRANSans/woff2/IRANSansWeb_Medium.woff2 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://99pokerdewa.tk/wp-content/themes/news-theme-static/assets/css/fontiran.css?ver=5.4.11

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:56 GMT
Accept-Ranges: bytes
Content-Length: 27008
Date: Sun, 25 Sep 2022 03:08:37 GMT
Vary: User-Agent


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 27008, version 1.0\012- data
Size:   27008
Md5:    9c66b762719d40d1f18e678a1405459a
Sha1:   75182e5ed3ce5347042cb8289740853020856d65
Sha256: 5e8559023c88d8bd7c7c91c55f05d89620c836c37cf7a49f33212b966efed2ff

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/news-theme-static/assets/fnt/IRANSans/woff2/IRANSansWeb_Bold.woff2 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://99pokerdewa.tk/wp-content/themes/news-theme-static/assets/css/fontiran.css?ver=5.4.11

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:56 GMT
Accept-Ranges: bytes
Content-Length: 29692
Date: Sun, 25 Sep 2022 03:08:37 GMT
Vary: User-Agent


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 29692, version 1.0\012- data
Size:   29692
Md5:    43a0ecf3c7f2af819b192d1284f95ed9
Sha1:   26f5e3c0b2d4c38509ed98b51dea5048bd290c75
Sha256: d8ec49de9c004f18b228d28027b6f25dd854da6aa5f9b901777e593c59371ea7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/news-theme-static/assets/img/bg-static.jpg HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/wp-content/themes/news-theme-static/assets/css/main.css?ver=5.4.11

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Length: 133835
Date: Sun, 25 Sep 2022 03:08:37 GMT
Vary: User-Agent


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=15, height=3535, bps=194, PhotometricIntepretation=RGB, description=OLYMPUS DIGITAL CAMERA, manufacturer=OLYMPUS CORPORATION, model=PEN-F, orientation=upper-left, width=5056], baseline, precision 8, 1200x677, components 3\012- data
Size:   133835
Md5:    8640875478a960d5b5a829da049d0d06
Sha1:   26abd9277d76baca34f5fd82f9421cbf2e4b91d9
Sha256: 713414297f4ca136213a894ee3d82b229740c9cc97a9c818c4fd7877c301aac4
                                        
                                            GET /wp-content/themes/news-theme-static/assets/fnt/IRANSans/woff2/IRANSansWeb.woff2 HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://99pokerdewa.tk/wp-content/themes/news-theme-static/assets/css/fontiran.css?ver=5.4.11

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:37 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:56 GMT
Accept-Ranges: bytes
Content-Length: 31564
Date: Sun, 25 Sep 2022 03:08:37 GMT
Vary: User-Agent


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 31564, version 1.0\012- data
Size:   31564
Md5:    0b5055ac357359f8c23320ea3dc0f78b
Sha1:   fddfa795d2aa5451a5ac2910326b889a82c3ed75
Sha256: f8d61fa1ee0a23f68a0322d69d7c67263f9e0b3786015752b4daf5fb4f21bf9d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         95.217.197.89
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Sun, 02 Oct 2022 03:08:38 GMT
Last-Modified: Sat, 30 Oct 2021 10:04:55 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 2808
Date: Sun, 25 Sep 2022 03:08:38 GMT


--- Additional Info ---
Magic:  MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   2808
Md5:    51f3bf041519c9d078269217171d2d2e
Sha1:   0716134f0fd2e37e7743f375eb551bfd8174632c
Sha256: 16d759d6cf8becf7ddc4622f701d33c936870fd51498dbc956755535eb1e2518
                                        
                                            GET /wp-content/uploads/2020/05/index.jpg HTTP/1.1 
Host: 99pokerdewa.tk
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://99pokerdewa.tk/
Connection: keep-alive

                                         
                                         95.217.197.89
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Connection: Keep-Alive
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://99pokerdewa.tk/wp-json/>; rel="https://api.w.org/"
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Date: Sun, 25 Sep 2022 03:08:38 GMT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1902), with CRLF, LF line terminators
Size:   4449
Md5:    4bac4eb9292bc65bd61427f603c3dbb3
Sha1:   5cf56f4d90e4e6499e6694d5c79059c8cf30cf0e
Sha256: 8150b7de23fd709ac248f21c3d9caec9d2f577ceab95239d7a8618897bacb4cc
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5427
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 03:08:38 GMT
Last-Modified: Sun, 25 Sep 2022 01:38:12 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /0.gif?4397424&101 HTTP/1.1 
Host: sstatic1.histats.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://99pokerdewa.tk/

                                         
                                         192.99.13.63
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sun, 25 Sep 2022 03:08:38 GMT
Content-Length: 43
Connection: close


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    07fff40b5dd495aca2ac4e1c3fbc60aa
Sha1:   e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
Sha256: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: atdkCiIlukJ7AhKQlzq5Hw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.89.255.30
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8ULmkbFn/cD9RvMNwLlEanGxU5A=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11841
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 03:08:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11841
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 03:08:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11841
Expires: Sun, 25 Sep 2022 06:26:00 GMT
Date: Sun, 25 Sep 2022 03:08:39 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8914
x-amzn-requestid: 8cfdc32e-f04a-4fd6-a1f1-632934a682fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EUHqJoAMF7MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-14a6d8ef126409964607e0aa;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kdF6En2vbJhRH1bkYMOuNm5XOIsT1qs3FE281N1SKn1FbyW-oNZsEw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
age: 19893
etag: "2b6e37596e88b62f288dc8e8c937fd904fae28d5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8914
Md5:    dfdacc8edea3c24dad020d7e9c11b3f4
Sha1:   2b6e37596e88b62f288dc8e8c937fd904fae28d5
Sha256: 338a44f3bcc01bdd197f037dd8f8bf58a18dea00127465488efe76fb72a6fdff
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff440191a-84ee-43b5-bafa-0bb36c962f39.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5293
x-amzn-requestid: a35423bc-9112-48da-85e0-93ac41794d29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--PkGehoAMF1pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7730-450fad077885fae416572443;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IAon_ZYxu87A9OB775Q1unI4sdLHdE-Ij9QNYaB2mqftP0IoAsgnvQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:39:22 GMT
age: 19757
etag: "6a02487368bbe41b87feeef1f70f7320392d72a3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5293
Md5:    b156552f4d76fd964b279ebcf8cd1f8e
Sha1:   6a02487368bbe41b87feeef1f70f7320392d72a3
Sha256: ceddf1a515c64d0071a4d90c26de60a27ee2bf2af341bf1572fb05743d2cc644
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0693f3eb-ed7b-4594-b2db-7432590f4d49.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4723
x-amzn-requestid: 4be5e73a-e648-40a4-8566-cb3417e5843b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EKHYcoAMFgMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7880-4682134275162910149d09ec;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: NdyoW-aALNbALUNnUAWgJafG47WQBKHxeOEQhLHWS1ie8YlUH9z9uA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:58:11 GMT
age: 18628
etag: "8324b383c89771a2b1155ec6d069bf5a47338acd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4723
Md5:    3d35df1f57d0736995615b0d8f50b8a3
Sha1:   8324b383c89771a2b1155ec6d069bf5a47338acd
Sha256: 9f381d59d2e4b086d43d784d7660e27f6f7760dc2b4eb9beee4b6e94801cb6db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 19867
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size:   12826
Md5:    b3a72e81317074689a71dac7059e4b6a
Sha1:   b6d56333d7f1ea7ddc8838d84de498ff913c5464
Sha256: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78aaf154-de5d-4fec-94c5-4e185b4c0cc1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4320
x-amzn-requestid: 72d102a6-8552-473f-b3f8-99450722017d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--PmHEgIAMFXvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7730-7e4789b1723913e2500ea5f2;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Pai6CsC8F_VDgt6BkP9aRekL5WzUkwNdrvetIijRKlGByWm6skpb6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:01:14 GMT
age: 18445
etag: "1ec47b0f11a2b1173a1dcd32d541e5680b0088b1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4320
Md5:    7eba9d4ed7413abb8e8824cc86071b50
Sha1:   1ec47b0f11a2b1173a1dcd32d541e5680b0088b1
Sha256: 399622d6099137974fa30a332c145b45182a7be272523a325418c63bfe70e5a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30df3bb6-8eae-49ae-ba75-f6dd462463ac.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4237
x-amzn-requestid: ae2729cb-a956-4214-b3be-b510a3f62698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y9FNDGu7oAMF7oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632eb586-097d52637dc131002d4ac57d;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 07:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TUT-wNEcMOArWarvrWvtkVVf4ZfrTv6CtG7a_aBZN9mZ6L-GawZkZA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 01:14:25 GMT
age: 6854
etag: "2d97861b35e3d0ffe6a614037e4ff7946018b4ef"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4237
Md5:    8abddb2cad9c262667f358ecb9b084ae
Sha1:   2d97861b35e3d0ffe6a614037e4ff7946018b4ef
Sha256: 9b4878cf451b7bc5c7467d1e35e2fa12f54e516c878dd54d0293a4ef4947ba5b