Report - bwpcontracts.com/wp-content/uploads/js

Report Overview

Submitted URL
bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html
IP
85.92.70.60
ASN
#34282 UKDedicated LTD
Submitted
2023-01-22 05:42:38
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
perdredupoidrapidement.fr	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	117 kB	185.61.152.57
partner.googleadservices.com	798	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	470 B	904 B	142.250.74.34
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.8 kB	172.64.155.188
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.228.230.125
w.sharethis.com	19320	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	797 B	9.2 kB	54.230.111.78
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	661 B	1.9 kB	142.250.74.106
mailfolder.us	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	447 B	158 B	185.38.110.121
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	737 B	93.184.220.29
ww62.mailfolder.us	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	8.9 kB	13.248.148.254
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	113 kB	142.250.74.164
afs.googleusercontent.com	12123	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	885 B	2.3 kB	142.250.74.97
bwpcontracts.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	771 B	11 kB	85.92.70.60
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.2 kB	142.250.74.163
d38psrni17bvxu.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	12 kB	54.230.245.130
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	56 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-22	medium	bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/jquery.js	Malware
2023-01-22	medium	ww62.mailfolder.us/	Malware
2023-01-22	medium	ww62.mailfolder.us/ls.php	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9	95 kB	2023-03-07	2024-04-26
Pretty URL perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9 IP 185.61.152.57 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:23 Last Seen2024-04-26 16:19:09 Times Seen13790 Hash b8d64d0bc142b3f670cc0611b0aebcae abcd2ba13348f178b17141b445bc99f1917d47af 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4 Loading...

	ww62.mailfolder.us/	110 B	2023-03-12	2023-03-13
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:56:36 Last Seen2023-03-13 06:13:29 Times Seen1 Hash 8867a43e960d3ea932eb42d9feeea0e2 aa8f9ab0e8106b2ed1c59c22d4a824575be32568 f33e7f65dc8689fa578ec9a08a20116025584e90503c0117055d81567f3710af Loading...

	ww62.mailfolder.us/	71 B	2023-03-08	2024-01-04
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:23:53 Last Seen2024-01-04 08:38:22 Times Seen25410 Hash 1a5a5e1b6a26f57b95e3dd42f60612f4 b62a27e55a59b49084e682bd3c1588f6a40881ab 4066da16910907c7962da8e7011bf0cd62b6f2dcddb1911e3ea2de03ce3e1dc7 Loading...

	mailfolder.us/script/ontv/eusyn/fr.js?ref=bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html&title=Commander%20Retin%20generique%20en%20pharmacie%20en%20France&httpref=	46 B	2023-03-09	2024-01-09
Pretty URL mailfolder.us/script/ontv/eusyn/fr.js?ref=bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html&title=Commander%20Retin%20generique%20en%20pharmacie%20en%20France&httpref= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:57 Last Seen2024-01-09 10:40:36 Times Seen14 Hash 158f41437e65bc08c4334374673120ce 3770e189589347b787791c3d8c1d203ca02ba197 c901802461c7790e15f4c5d892e098d3e3a521534e1fda2d1151171c3b5097d5 Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-03-13	2023-03-13
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:25:53 Last Seen2023-03-13 07:30:16 Times Seen1 Hash 2de2546e08f6efa5de1ea8fd7ae43e75 e69cda24ed472025a91eea28869f1a708b41c5fd e20afbb1ae54b37cce899167a2ec86b1d038be9354de6016fc432b8362418fe5 Loading...

	ww62.mailfolder.us/	7.0 kB	2023-03-12	2023-03-13
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 13:07:17 Last Seen2023-03-13 06:10:22 Times Seen1 Hash 087f7c086868890d34f85e4a2c8608c4 dbe4012808ffe48d894793f46518c1cc2de7fb29 f35f5d7e129dc87bbd6d5fa65bbd568e37955c10c9a257a940057808141fcd2a Loading...

	ww62.mailfolder.us/	29 B	2023-03-12	2024-01-03
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:56:36 Last Seen2024-01-03 12:53:29 Times Seen10974 Hash 5405126a58d646a09ad6d154c5d3a335 9e64f2a4ee55fef112fbd9654e76e8eabb751e28 76229fdaf8e9553878811c30cf5305bd2dab82248d0054d3fb2e760b35f32154 Loading...

	ww62.mailfolder.us/	325 B	2023-03-12	2023-03-13
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:56:36 Last Seen2023-03-13 06:13:29 Times Seen1 Hash 9359f4a6defa35f5c0096dbe324d0480 f76fd7235504d9494da4c14012ca0236d94149cd f49ddc9ffd4db2a85d906a9e0d7710f7e9bc0822a14909a47adfdd377f540059 Loading...

	ww62.mailfolder.us/	386 B	2023-03-07	2023-03-17
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:44:55 Last Seen2023-03-17 23:32:26 Times Seen1 Hash e0f461f5e786de00532cae23265f8fa7 00aeec0405f209f8e537dfce729fb7970d332c70 6cf19b1406d2f42b163e5a58b451e5e5f1c31f46e9bd30edd8a1b7ee643f987b Loading...

	partner.googleadservices.com/gampad/cookie.js?domain=ww62.mailfolder.us&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie	366 B	2023-03-13	2023-03-13
Pretty URL partner.googleadservices.com/gampad/cookie.js?domain=ww62.mailfolder.us&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie IP 142.250.74.34 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:19:39 Last Seen2023-03-13 05:19:39 Times Seen1 Hash de47968d4bdb7c274a2163d51f2f7bc4 c3543f679ff165f4aed2645ce8f113b5229655d4 b837b8d7a40eeb0b2a177d7d65913a5b4609dbdf5777fc6e366855222c6005db Loading...

	www.google.com/adsense/domains/caf.js	148 kB	2023-03-13	2023-03-13
Pretty URL www.google.com/adsense/domains/caf.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:25:03 Last Seen2023-03-13 07:31:44 Times Seen1 Hash 4e1f6373b82e4bc309521de9aeb007e0 1eb53304eb5363e22988c2b8d9040d1a5125e030 73261db4321a6b4e7c02a1a2dfb4cea59cd9f1824e1d2855b9edcafd5990723c Loading...

	bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/jquery.js	7.5 kB	2023-03-09	2023-03-29
Pretty URL bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/jquery.js IP 85.92.70.60 ASN #34282 UKDedicated LTD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 11:27:40 Last Seen2023-03-29 22:04:15 Times Seen3 Hash 937798f82adc8662712101f812f4d48b 43f1de86a84f30cabe2e450b541fa93e1431ab88 d4b9deaa8fd479ce2676aac3d654e94971b43d7c5f9d12ddcf7329d6bbc11a2f Loading...

	perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6	15 kB	2023-03-07	2024-04-25
Pretty URL perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6 IP 185.61.152.57 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-25 18:23:33 Times Seen960 Hash eea94f6013d8a939c0b4ace7753afe6e df8fa5affa60932e9aa1cfbda370c0c1bb3b380f 72ebfeb1ce24b152349b7a231f6fc29ff2a2b7a5ede91dcdb80d6b9de1779046 Loading...

	ww62.mailfolder.us/	1.2 kB	2023-03-13	2023-03-13
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:19:39 Last Seen2023-03-13 05:19:39 Times Seen1 Hash 59cd6547605af37294423348db361280 0a998e3b6f20dab64ed7450fbf866065d6030aa4 5006662e6fab4cba9fabb588f3f106b2ca3e9d8665b97ee295faba1267b137b6 Loading...

	ww62.mailfolder.us/	65 B	2023-03-12	2023-12-25
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 17:02:06 Last Seen2023-12-25 19:29:05 Times Seen83 Hash 575aefe49738f40861f72181e28cfb7b c584ffa302b6ec1b095a8b7828871c571b89089d ddd42ee20e47b1edd26d3ebcf0ef3f3f3c651cc932a0dd424f18ba3fcc1399b9 Loading...

	ww62.mailfolder.us/	2.5 kB	2023-03-13	2023-03-13
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:19:39 Last Seen2023-03-13 05:19:39 Times Seen1 Hash 8b97a2833c8993dfdf86337d7a50f4f3 439810690a83d9bbc167583b3badd1fdbffcdf6a 858e4b84a4f5838ae65dec222d35501e5c6033c7d607dc4690325e25afdeb37d Loading...

	ww62.mailfolder.us/	40 B	2023-03-08	2023-05-23
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:24:08 Last Seen2023-05-23 17:14:04 Times Seen4695 Hash bbf1d9896eb3544c767d965a657e142c 5df55c7669b87f414501ffc91de02e4756141a83 f73cb6aef53ef853b780335ddf7d4cb319edcf02c8c050f270639a91226a09bc Loading...

	www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww62.mailfolder.us%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2M2NjY2NjNDViYTYxfHx8MTY3NDM2NjE0OC4zODE1fDcxZDc1ZGU0YzVjNDEwMjIwY2I3OWQxYjFlNTE2ZTk3NGNiOWZhZDZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxhYjRlMjhlNDY2OGUxNzU4Y2Q4NDk5N2FlNWEwN2JkYzUwZDMzMmEyfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=2801674366147686&num=0&output=afd_ads&domain_name=ww62.mailfolder.us&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1674366147688&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=502576190&uio=--&cont=tc&jsid=caf&jsv=502576190&rurl=http%3A%2F%2Fww62.mailfolder.us%2F&referer=http%3A%2F%2Fbwpcontracts.com%2F&adbw=master-1%3A530	6.2 kB	2023-03-13	2023-03-13
Pretty URL www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww62.mailfolder.us%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2M2NjY2NjNDViYTYxfHx8MTY3NDM2NjE0OC4zODE1fDcxZDc1ZGU0YzVjNDEwMjIwY2I3OWQxYjFlNTE2ZTk3NGNiOWZhZDZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxhYjRlMjhlNDY2OGUxNzU4Y2Q4NDk5N2FlNWEwN2JkYzUwZDMzMmEyfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=2801674366147686&num=0&output=afd_ads&domain_name=ww62.mailfolder.us&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1674366147688&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=502576190&uio=--&cont=tc&jsid=caf&jsv=502576190&rurl=http%3A%2F%2Fww62.mailfolder.us%2F&referer=http%3A%2F%2Fbwpcontracts.com%2F&adbw=master-1%3A530 IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:19:39 Last Seen2023-03-13 05:19:39 Times Seen1 Hash c94b708065e30c2090a29162df7985ad 78c1adcb788515eb4cb5e1cdd3b1e51d1771fae5 78d9eead68f6e235145320eb7df47d28fbc8ba1d9f5d0ebc8c2d5781709330ed Loading...

	w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare	27 kB	2023-03-08	2023-03-13
Pretty URL w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare IP 54.230.111.78 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:07:42 Last Seen2023-03-13 14:54:45 Times Seen1 Hash 78b8dfcf998cba77bf9eed65b1cf04e2 6a4ee5a3a295bbb018561d0fcf7ed29650e3556d a0dc45b07153920d06e669676d8d6a7592971683f1381aefc5c95b83dd62a2bf Loading...

	ww62.mailfolder.us/	968 B	2023-03-08	2024-04-26
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:24:08 Last Seen2024-04-26 14:33:42 Times Seen27737 Hash c77554570ae0fa8e4fb31747dc213058 e989fbde07e6a68975c7a31e1d4df76afd90b96f c3f831fe1717c6d76a8950ac5e7dc88ceee7440d079b11584be5c6c5b3269e77 Loading...

	ww62.mailfolder.us/	814 B	2023-03-13	2023-03-13
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:19:39 Last Seen2023-03-13 05:19:39 Times Seen1 Hash 15085324eb3b761f2ba09f83e779f129 efd869c7bd3e1ed3b9d795724b564ebecb005aac 42c70e272c41efda1c4135a656eb8b3a241c48fb65c2cfd8534d5f8898e4e0c2 Loading...

	ww62.mailfolder.us/	245 B	2023-03-13	2023-03-13
Pretty URL ww62.mailfolder.us/ IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 05:19:39 Last Seen2023-03-13 05:19:39 Times Seen1 Hash 43dd28508b0cba5d25a269285def2e0d 02fd786b5719838b830c04c10f2b6aef79b2ec2f 64fa32526a50838e408247c939ed66f077a873044466d2c6a4b0d77824e7dd6f Loading...

		Size	First Seen	Last Seen
	#1 Write - 6a4d528fc1afa1618ad6a704d999c19b	270 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 05:19:39 Last Seen2023-03-13 05:19:39 Times Seen1 Hash 6a4d528fc1afa1618ad6a704d999c19b 955ad7de7b7890f0eb2e55fcf9af5c56a5ac9a20 5b59fa45a40a6df39e6c6a60bb441dac3ea217b4c8ba45ec6c5b96cb374702a2 Loading...

HTTP Transactions (78)

URL IP Response Size

bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html

85.92.70.60

200 OK

9.1 kB

URL HTTP/1.1
bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html
IP
85.92.70.60:0
ASN
#34282 UKDedicated LTD

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1723), with CRLF, LF line terminators
Size
9.1 kB (9140 bytes)
Hash
9e34082ed5ce7ee061517a08268147a1
bd690f978f4eff2f52544fd7d6b73150c5a44fdf
e5486298bb783f8ad52a3090f0473b682c1ce867562c7fd37a72f23d90db6b89

HTTP Headers

GET /wp-content/uploads/js_composer/pharmacie/retin.html HTTP/1.1
Host: bwpcontracts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
last-modified: Sun, 03 Sep 2017 20:41:26 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 9140
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8997fa58a7262e8fd559d64b40511a1b
0aa1c4365c28f45e4d7a8a234fbcf51cd009e083
1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12797
Expires: Sun, 22 Jan 2023 09:15:44 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4714c95a0c854e38f9be444f9343bf14
07ce5eb635448f2b3bafbe51e4dfeef47cdf4f7b
4d47e08c9afb704096e93a51f6e95c0dc7c7bc31e67ded39998ff37ed56e0965

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D47E08C9AFB704096E93A51F6E95C0DC7C7BC31E67DED39998FF37ED56E0965"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16695
Expires: Sun, 22 Jan 2023 10:20:42 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 04:42:28 GMT
content-type: application/json
age: 3599
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
38c102db4bcfb9c4fb19174986950fd3
51c2cc8a3aca4da5c9ab3438467c29203fc0b0c3
dad6b64bc9f4dd827471ccc2e5273fceee574685376083aaa80f9d2f918037f2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAD6B64BC9F4DD827471CCC2E5273FCEEE574685376083AAA80F9D2F918037F2"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6763
Expires: Sun, 22 Jan 2023 07:35:10 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: JEiuKSvmYEQr3ym2ONSAcoa38V1TvVvw8dbMggQno1IzhWEXYr8K9ybVkhLosWb/xuANvYE3vbzwIaAC76w95Q==
x-amz-request-id: AWM24NV086ST18CG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 04:47:09 GMT
age: 3318
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/jquery.js

85.92.70.60

200 OK

828 B

URL HTTP/1.1
bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/jquery.js
IP
85.92.70.60:0
ASN
#34282 UKDedicated LTD

File type
ASCII text, with very long lines (7529), with no line terminators
Size
828 B (828 bytes)
Hash
a7e766ee71dc073aa3e5536efd2894b1
62ee289cb42798dfb37f57ead846bc35cc636aab
af2a86cebf4c66e4bdcd49a9024de1fffa6ba32ee33dc2249342da18d47694bf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/uploads/js_composer/pharmacie/jquery.js HTTP/1.1
Host: bwpcontracts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Sat, 02 Sep 2017 21:51:18 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 828
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed

w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare

54.230.111.78

301 Moved Permanently

167 B

URL HTTP/1.1
w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
IP
54.230.111.78:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
X-Cache: Redirect from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LFGS0t0Bve9z8fVbsr9bvl_a7uxu_10Uuff5ITTRpw2POEfD0MEe5g==

fonts.googleapis.com/css?family=Ubuntu:400,700&subset=latin,latin-ext

142.250.74.106

200 OK

527 B

URL HTTP/1.1
fonts.googleapis.com/css?family=Ubuntu:400,700&subset=latin,latin-ext
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
527 B (527 bytes)
Hash
cc8960c81727305e87f6f37e1f60b8be
22dbd0d26f52ef8b26d3f09d3a55a122aff6ce78
277d72e03993c31bffad39e9870f4f1506697325c4defce022d488ea7d4933f8

HTTP Headers

GET /css?family=Ubuntu:400,700&subset=latin,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 22 Jan 2023 05:42:27 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

fonts.googleapis.com/css?family=Indie+Flower&ver=4.5.9

142.250.74.106

200 OK

279 B

URL HTTP/1.1
fonts.googleapis.com/css?family=Indie+Flower&ver=4.5.9
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
279 B (279 bytes)
Hash
c268c7598dd2b29ef10b4c3080f0678a
2caac383121bfd26619677416ff4f19256695818
9997cf2423183740e3b6b142405a3684d4450399c7d6bf2b2346f1ca2a5b05b9

HTTP Headers

GET /css?family=Indie+Flower&ver=4.5.9 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 22 Jan 2023 05:42:27 GMT
Date: Sun, 22 Jan 2023 05:42:27 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 05:42:27 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/themes/iconic-one/style.css?ver=1.7.8 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/themes/iconic-one/custom.css?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/plugins/global-body-mass-index-calculator/css/tab.css HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/plugins/simple-share-buttons-adder/js/ssba.min.js?ver=4.5.9

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/plugins/simple-share-buttons-adder/js/ssba.min.js?ver=4.5.9
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/plugins/simple-share-buttons-adder/js/ssba.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/simple-share-buttons-adder/js/ssba.min.js?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/themes/iconic-one/js/selectnav.js?ver=1.0 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare

54.230.111.78

200 OK

7.9 kB

URL HTTP/2
w.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare
IP
54.230.111.78:0
ASN
#16509 AMAZON-02

File type
C source, ASCII text, with very long lines (27236), with no line terminators
Size
7.9 kB (7903 bytes)
Hash
990365ccdf4eebf164214f992d8ddfbc
b485f83e096515d93dfec5d8dc420d571ef06254
947238672d5912dffc77bde8e413752ecd69e6062c68c09ae20274b55f37ffdd

HTTP Headers

GET /button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bwpcontracts.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 7903
cache-control: max-age=259200
content-encoding: gzip
date: Sun, 22 Jan 2023 02:10:02 GMT
etag: W/"634f185a-6a64"
expires: Wed, 25 Jan 2023 02:10:02 GMT
server: nginx/1.20.1
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VCjwtYDWvEJhzKPfavYr2N6L7lc7qt7Uzfhi_6rm1B6YfjfgMQEVMA==
age: 12745
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-includes/js/wp-embed.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/themes/iconic-one/img/facebook.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/themes/iconic-one/img/gplus.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/themes/iconic-one/img/rss.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png

185.61.152.57

301 Moved Permanently

707 B

URL HTTP/1.1
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

HTTP Headers

GET /wp-content/themes/iconic-one/img/twitter.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
location: https://perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f767091bb4f9-OSL

perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css

185.61.152.57

200 OK

348 B

URL HTTP/2
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/tab.css
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
348 B (348 bytes)
Hash
6bb6d0ce18dcabab36166679fc8fc015
3bf11dc849665ad6ee7814c2020b94827ac341d3
b476ee6d0f47ffe2e975bb8e11cedb41283bd5bf97cfbf8595861f4a64f8f18c

HTTP Headers

GET /wp-content/plugins/global-body-mass-index-calculator/css/tab.css HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:52:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 348
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9

185.61.152.57

200 OK

69 B

URL HTTP/2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/custom.css?ver=4.5.9
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with CRLF line terminators
Size
69 B (69 bytes)
Hash
ac131ee47a4e54ba133d5927cb949c76
d7244e004163f3ec031e77854324f11398edcb67
14b9bdc15584540d4e072ff690279f5bc8b15df337b227115bb12af5acb2c704

HTTP Headers

GET /wp-content/themes/iconic-one/custom.css?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 69
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png

185.61.152.57

200 OK

227 B

URL HTTP/2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/facebook.png
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 32 x 32, 4-bit colormap, non-interlaced\012- data
Size
227 B (227 bytes)
Hash
8f69de1b25549ea138a6b68d962a0b9a
b420c5ae1142e5dff026925c67569f4abb4ce383
b20fcbdd7ee6dffbdc12befe16d60fa72120c3949b17a61d27afa0578c06cb33

HTTP Headers

GET /wp-content/themes/iconic-one/img/facebook.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: image/png
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 227
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0

185.61.152.57

200 OK

1.4 kB

URL HTTP/2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/js/selectnav.js?ver=1.0
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
1.4 kB (1402 bytes)
Hash
0412ceb5224481268ec4e9ac1b7341f8
c4a5c0f0811f512063b16e1e76a53e65f01350c4
1b7d48dff9fa2ebb51137fd46d01908b374144fd422779835794bf9a0e9b73aa

HTTP Headers

GET /wp-content/themes/iconic-one/js/selectnav.js?ver=1.0 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1402
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6

185.61.152.57

200 OK

3.8 kB

URL HTTP/2
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
3.8 kB (3788 bytes)
Hash
9980ce2ec4b0150ff105eb03ca50b743
19f0c67ce317a6cef1dffb073951a776ceb1b79d
810d96a7cd880676b25d00030434d0d4e80fa2fe98e9b5ecc450c26ba7f1be22

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.6 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 15:51:59 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3788
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9

185.61.152.57

200 OK

663 B

URL HTTP/2
perdredupoidrapidement.fr/wp-includes/js/wp-embed.min.js?ver=4.5.9
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (1391)
Size
663 B (663 bytes)
Hash
992198ff853eb696f88bb0ec8586d015
a6262428de1b6c68cccf617d2a503f5a3bd3aecd
ae0480bd571a7f57cccdbd08f77706edca84029f95bd90bc325224169528d21c

HTTP Headers

GET /wp-includes/js/wp-embed.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Thu, 07 Jan 2021 01:59:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 663
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png

185.61.152.57

200 OK

968 B

URL HTTP/2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/gplus.png
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
968 B (968 bytes)
Hash
5a1c013d3dd9230a47d2cbb3569f70e3
c9d274740fc27f02d4985103c8b110198f1302b5
1eea6ab33ec870bc824df8fb4c993679ea65c5dfa61a28e6ae67b3c48fb8ceed

HTTP Headers

GET /wp-content/themes/iconic-one/img/gplus.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: image/png
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 968
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png

185.61.152.57

200 OK

289 B

URL HTTP/2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/twitter.png
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Size
289 B (289 bytes)
Hash
ffc9166b6bd086f15ba7c8cd7f70e13a
8b75d73edc6235a9e0940a00f609aca290f3e14d
57fa4360672d84b0fd7a176044608953627364a02b773c0c327369e1661ed027

HTTP Headers

GET /wp-content/themes/iconic-one/img/twitter.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: image/png
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 289
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png

185.61.152.57

200 OK

365 B

URL HTTP/2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/img/rss.png
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Size
365 B (365 bytes)
Hash
3682a440db6109f5b7d89579ef8bc4b6
05307ae9e6b4e076176416656ce550fac8252498
b6e4226348001a2675a401a336383e2ea70716fde8de85596b84a0796917cd65

HTTP Headers

GET /wp-content/themes/iconic-one/img/rss.png HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: image/png
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-length: 365
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6

185.61.152.57

200 OK

585 B

URL HTTP/2
perdredupoidrapidement.fr/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
585 B (585 bytes)
Hash
61f9263cc89c8cb5082a12f95c95fd2a
b7f07aed7ff5e847d17f4a0c2738449537f4de97
fa350263ad0bdd47247e13d4c547c7ad0c816d0095d7e61784eef9b10b9849de

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.6 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:51:59 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 585
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f766de80b4fa-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f7674a830b61-OSL

perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9

185.61.152.57

200 OK

32 kB

URL HTTP/2
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Size
32 kB (32504 bytes)
Hash
4060e3a933e6ecf568a0cda1af26e5ff
f74affee4978e722c9d61a1d5cf76b66fbb4f8ea
2f08107c5c0cdcd291c201b786aa679b7dfff6b35234d3a9bdb0b3159c8ec015

HTTP Headers

GET /wp-content/plugins/global-body-mass-index-calculator/js/jquery.min.js?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 15:52:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 32504
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f767593ab4f9-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e7f8b6dd4e630fc7b391ed1605c0cb6d
3dfd0b788ac1ba15bcec770479727f2b9d9aee1b
9d0a20e7ebf35b214182f099d351ae817de5e2113d8946fd9b88d7c8e19e3922

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 20 Jan 2023 03:22:14 GMT
Expires: Fri, 27 Jan 2023 03:22:13 GMT
Etag: "3dfd0b788ac1ba15bcec770479727f2b9d9aee1b"
Cache-Control: max-age=422985,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78d5f7677beeb50f-OSL

perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8

185.61.152.57

200 OK

8.7 kB

URL HTTP/2
perdredupoidrapidement.fr/wp-content/themes/iconic-one/style.css?ver=1.7.8
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
Unicode text, UTF-8 text, with very long lines (736), with CRLF line terminators
Size
8.7 kB (8716 bytes)
Hash
5587fe4c690e2974c232371f06731e2b
51f75e0e160f00e14f63598095a71ea3027ea6bd
7f9a97062d15820b2d3aec5226d812ffd16c10341468f3c53b6a6e2245464d00

HTTP Headers

GET /wp-content/themes/iconic-one/style.css?ver=1.7.8 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:53:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8716
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9

185.61.152.57

200 OK

596 B

URL HTTP/2
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
596 B (596 bytes)
Hash
beab868b3b083af3915b733004b04400
8184a74e076e88a2c74910c05f3ca4ffb41709d0
d47fe297716a99ce14822623c9c3a3c62f93215c73072a0262dc5ba4d9d10d8c

HTTP Headers

GET /wp-content/plugins/global-body-mass-index-calculator/css/front.css?ver=4.5.9 HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: text/css
last-modified: Mon, 25 May 2020 15:52:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 596
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 04:48:58 GMT
age: 3210
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

mailfolder.us/script/ontv/eusyn/fr.js?ref=http://bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html&title=Commander%20Retin%20generique%20en%20pharmacie%20en%20France&httpref=

185.38.110.121

200 OK

46 B

URL HTTP/1.1
mailfolder.us/script/ontv/eusyn/fr.js?ref=http://bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html&title=Commander%20Retin%20generique%20en%20pharmacie%20en%20France&httpref=
IP
185.38.110.121:0
ASN
#60592 Gransy s.r.o.

File type
ASCII text
Size
46 B (46 bytes)
Hash
158f41437e65bc08c4334374673120ce
3770e189589347b787791c3d8c1d203ca02ba197
c901802461c7790e15f4c5d892e098d3e3a521534e1fda2d1151171c3b5097d5

HTTP Headers

GET /script/ontv/eusyn/fr.js?ref=http://bwpcontracts.com/wp-content/uploads/js_composer/pharmacie/retin.html&title=Commander%20Retin%20generique%20en%20pharmacie%20en%20France&httpref= HTTP/1.1
Host: mailfolder.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Date: Sun, 22 Jan 2023 05:42:27 GMT
Content-Length: 46

perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js

185.61.152.57

200 OK

39 kB

URL HTTP/2
perdredupoidrapidement.fr/wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js
IP
185.61.152.57:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (820)
Size
39 kB (39198 bytes)
Hash
5ff55b34596c5d489413a37f630f4896
6933354b833bb02882c0627ef78de5d6b32e563c
ce14a962a55a1128a2fd005b1efdb318bd50779afa062def5a9b33d55bc82baa

HTTP Headers

GET /wp-content/plugins/global-body-mass-index-calculator/js/jquery.tools.min.js HTTP/1.1
Host: perdredupoidrapidement.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bwpcontracts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 29 Jan 2023 05:42:27 GMT
content-type: application/javascript
last-modified: Mon, 25 May 2020 15:52:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 39198
date: Sun, 22 Jan 2023 05:42:27 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fc96297d0b59147e8f6052b16f1ca13f
23aeddfa143bb9be19b2ed06f2024a3a8aa120ce
034327c6ada560c662f451f3c95cd8531482d4ab51629e95875fab54c8f3e49a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3457
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:28 GMT
Last-Modified: Sun, 22 Jan 2023 04:44:51 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ww62.mailfolder.us/

13.248.148.254

200 OK

7.0 kB

URL HTTP/1.1
ww62.mailfolder.us/
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2270)
Size
7.0 kB (6983 bytes)
Hash
e5881eb3108cbc45f14548d87b8f020a
5d8f7a06eb29ee21844543fea9a00d5848b622ec
84caaa87f210b4b04fdeecad288bc220f1a90c5ea973212528f4704e372636ab

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: ww62.mailfolder.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bwpcontracts.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_trTPm6h6HShMBgLwy3wBIiqw9z4BA30kXNP3ONG30NaGR+/iFAG4B6DZDyKXYY4z76jG3kRKoNMohq/cFg7s1Q==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip

www.google.com/adsense/domains/caf.js

142.250.74.164

200 OK

54 kB

URL HTTP/1.1
www.google.com/adsense/domains/caf.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1883)
Size
54 kB (53771 bytes)
Hash
aa4adcdd1142e60a49d28554968aad01
a5d4847fa4b67c3d8258bcb1e4e215c51030ea48
5a09ad1d4fa9a4a5b283f411b33359069718a4fe43cf2eef7df39ffd4b794dfa

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.mailfolder.us/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sun, 22 Jan 2023 05:42:28 GMT
Expires: Sun, 22 Jan 2023 05:42:28 GMT
Cache-Control: private, max-age=3600
ETag: "4566009177702764754"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0

push.services.mozilla.com/

44.228.230.125

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.228.230.125:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MPpjBf9nvlyU5fyRoWzWbQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 2fYCKVoD6TtO2R1C2ETdwGWg44o=

ww62.mailfolder.us/track.php?domain=mailfolder.us&toggle=browserjs&uid=MTY3NDM2NjE0OC4zNzU0OmU5YjY1YzRjYWZlNWE4ZGJkYTg5MzE1ZmE2MTUxNWU1N2ViOTNmOGM4M2E1MWFhZTJmMzEyMGMxNDBhYTI5NDc6NjNjY2NjYzQ1YmE3OA%3D%3D

13.248.148.254

200 OK

20 B

URL HTTP/1.1
ww62.mailfolder.us/track.php?domain=mailfolder.us&toggle=browserjs&uid=MTY3NDM2NjE0OC4zNzU0OmU5YjY1YzRjYWZlNWE4ZGJkYTg5MzE1ZmE2MTUxNWU1N2ViOTNmOGM4M2E1MWFhZTJmMzEyMGMxNDBhYTI5NDc6NjNjY2NjYzQ1YmE3OA%3D%3D
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?domain=mailfolder.us&toggle=browserjs&uid=MTY3NDM2NjE0OC4zNzU0OmU5YjY1YzRjYWZlNWE4ZGJkYTg5MzE1ZmE2MTUxNWU1N2ViOTNmOGM4M2E1MWFhZTJmMzEyMGMxNDBhYTI5NDc6NjNjY2NjYzQ1YmE3OA%3D%3D HTTP/1.1
Host: ww62.mailfolder.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.mailfolder.us/

HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 05:42:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f4d171538addb3e350e03876c9c23d81
9874648e426c9a8b65ddcb1d3fc944b8464be9f5
e89b056e51c85f967d05f0cb23a2212d0f391838df414dda9f61e67a96dbefff

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

54.230.245.130

200 OK

11 kB

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
IP
54.230.245.130:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11375 bytes)
Hash
0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865

HTTP Headers

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww62.mailfolder.us/

HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sun, 22 Jan 2023 01:21:27 GMT
Last-Modified: Thu, 23 Jun 2022 10:44:43 GMT
Accept-Ranges: bytes
ETag: "62b4441b-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZfFK-yTZRviiC4LVyibqNwXNY1Cllm-dX-9O-wAUi-a3WIrr3Z7IxQ==
Age: 15661

ww62.mailfolder.us/ls.php

13.248.148.254

201 Created

0 B

URL HTTP/1.1
ww62.mailfolder.us/ls.php
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /ls.php HTTP/1.1
Host: ww62.mailfolder.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2222
Origin: http://ww62.mailfolder.us
Connection: keep-alive
Referer: http://ww62.mailfolder.us/

HTTP/1.1 201 Created
Date: Sun, 22 Jan 2023 05:42:28 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 63ccccc4d296af02337e2f15
Charset: utf-8
Access-Control-Allow-Origin: http://ww62.mailfolder.us
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_ekHhDIVRPgr1oFv8ZZCO3GkMfw36a1VzXLndXGuy2x5r3L0/+tPasJTJ89gEWGnpow+LCune6lilEVuIc7jhVw==

www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww62.mailfolder.us%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2M2NjY2NjNDViYTYxfHx8MTY3NDM2NjE0OC4zODE1fDcxZDc1ZGU0YzVjNDEwMjIwY2I3OWQxYjFlNTE2ZTk3NGNiOWZhZDZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxhYjRlMjhlNDY2OGUxNzU4Y2Q4NDk5N2FlNWEwN2JkYzUwZDMzMmEyfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=2801674366147686&num=0&output=afd_ads&domain_name=ww62.mailfolder.us&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1674366147688&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=502576190&uio=--&cont=tc&jsid=caf&jsv=502576190&rurl=http%3A%2F%2Fww62.mailfolder.us%2F&referer=http%3A%2F%2Fbwpcontracts.com%2F&adbw=master-1%3A530

142.250.74.164

200 OK

2.3 kB

URL HTTP/2
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww62.mailfolder.us%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2M2NjY2NjNDViYTYxfHx8MTY3NDM2NjE0OC4zODE1fDcxZDc1ZGU0YzVjNDEwMjIwY2I3OWQxYjFlNTE2ZTk3NGNiOWZhZDZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxhYjRlMjhlNDY2OGUxNzU4Y2Q4NDk5N2FlNWEwN2JkYzUwZDMzMmEyfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=2801674366147686&num=0&output=afd_ads&domain_name=ww62.mailfolder.us&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1674366147688&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=502576190&uio=--&cont=tc&jsid=caf&jsv=502576190&rurl=http%3A%2F%2Fww62.mailfolder.us%2F&referer=http%3A%2F%2Fbwpcontracts.com%2F&adbw=master-1%3A530
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6106)
Size
2.3 kB (2267 bytes)
Hash
e369e7c6d4fa7923f32b2dad1932705c
6f012feaf3fa2af13fa97b2f655c49835fa9b984
2f19b684fb980d1ed1ce794f48b14629d16115434993f5585d5b467129930981

HTTP Headers

GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2Cbucket103&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww62.mailfolder.us%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQxMDN8fHx8fHw2M2NjY2NjNDViYTYxfHx8MTY3NDM2NjE0OC4zODE1fDcxZDc1ZGU0YzVjNDEwMjIwY2I3OWQxYjFlNTE2ZTk3NGNiOWZhZDZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfGV5Sm9iQ0k2SW1WdUluMD18fDF8VzEwPXxhYjRlMjhlNDY2OGUxNzU4Y2Q4NDk5N2FlNWEwN2JkYzUwZDMzMmEyfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2737784835408106&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003&format=r3%7Cs&nocache=2801674366147686&num=0&output=afd_ads&domain_name=ww62.mailfolder.us&v=3&bsl=8&pac=0&u_his=1&u_tz=0&dt=1674366147688&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=760&frm=0&cl=502576190&uio=--&cont=tc&jsid=caf&jsv=502576190&rurl=http%3A%2F%2Fww62.mailfolder.us%2F&referer=http%3A%2F%2Fbwpcontracts.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww62.mailfolder.us/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sun, 22 Jan 2023 05:42:28 GMT
expires: Sun, 22 Jan 2023 05:42:28 GMT
cache-control: private, max-age=3600
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 2267
x-xss-protection: 0
set-cookie: NID=511=POlUMhrLvXF5pyQHQOWjhBAFRRS8WoLCt_x_CYoqpNZQ5IVa0F6yuRpVKM0Fn1nt9PeweQTaomJ1tse8tKJ7gxih16z6rEW1-m-quxhFIy99DIgole1pQ6US0daeVNbZyhDWCH9boFQ_Od-5gx4eCsvO0IxIE5hBrU_yYiFP_ZA; expires=Mon, 24-Jul-2023 05:42:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+036; expires=Tue, 21-Jan-2025 05:42:28 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6f395936694ad6425512fdf9f562c4bf
f58cfa08b44f9ddde774026b92bc4e10fc9b99f5
1944b3b16c3b38fe6cc4f3447c1e410ba3d13b8ee098a2e3471e5921a0ce1361

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

partner.googleadservices.com/gampad/cookie.js?domain=ww62.mailfolder.us&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie

142.250.74.34

200 OK

241 B

URL HTTP/2
partner.googleadservices.com/gampad/cookie.js?domain=ww62.mailfolder.us&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (366), with no line terminators
Size
241 B (241 bytes)
Hash
32e8543adf62c5799293103054a2b9dc
29fa75e969c70d4ec7820065c8232fbc3f482078
35dbd3e9a4c98d4043f52d6366a4e178f2c355c3bddae8c1460e53156920d650

HTTP Headers

GET /gampad/cookie.js?domain=ww62.mailfolder.us&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww62.mailfolder.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 22 Jan 2023 05:42:28 GMT
server: cafe
cache-control: private
content-length: 241
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ace90ee2f1ce8ca0d69556c6398555a6
49b53ab37b77ebf26525ef3a84aaa9a817af9df4
6d66736ed5245c62987c88f0c3570eefd8f45c09f60dc9b2e1d585f05d1f00e2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/adsense/domains/caf.js

142.250.74.164

200 OK

54 kB

URL HTTP/2
www.google.com/adsense/domains/caf.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
data
Size
54 kB (54217 bytes)
Hash
8a6926106a7cc7d84148513fe36f77c3
acb87a8bfa3804ca32846d36e4afa289c44ee35f
f2a635331e66ddaae2d66dfa1f42ffc8c52c1e99d206e3ac2ae98ad2b5f829f7

HTTP Headers

GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sun, 22 Jan 2023 05:42:28 GMT
expires: Sun, 22 Jan 2023 05:42:28 GMT
cache-control: private, max-age=3600
etag: "14724921511993132664"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
734914122d719ab9651f0bf7a4c1fe2f
6dab619cf1acaa1645caf9658fc31c1ee8530bec
9f81a0f9e79924cbbeb56efd122ad30c1e2097eac0d96ca27435027514c57241

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
734914122d719ab9651f0bf7a4c1fe2f
6dab619cf1acaa1645caf9658fc31c1ee8530bec
9f81a0f9e79924cbbeb56efd122ad30c1e2097eac0d96ca27435027514c57241

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff

142.250.74.97

200 OK

270 B

URL HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Size
270 B (270 bytes)
Hash
5100391430a00e10ce60aa159f525b5c
231a4492d73b225f441b1e9028dc33c89862e498
52b1432a6e3002e41ed1d8f4c84b258fdc4c6dac863e3c0e5c06360c81be6067

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 270
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 07:14:54 GMT
expires: Sun, 22 Jan 2023 06:14:54 GMT
cache-control: public, max-age=82800
age: 80855
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff

142.250.74.97

200 OK

174 B

URL HTTP/2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
174 B (174 bytes)
Hash
4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a

HTTP Headers

GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 17:57:36 GMT
expires: Sun, 22 Jan 2023 16:57:36 GMT
cache-control: public, max-age=82800
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
age: 42293
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
734914122d719ab9651f0bf7a4c1fe2f
6dab619cf1acaa1645caf9658fc31c1ee8530bec
9f81a0f9e79924cbbeb56efd122ad30c1e2097eac0d96ca27435027514c57241

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 05:42:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10289
Expires: Sun, 22 Jan 2023 08:33:58 GMT
Date: Sun, 22 Jan 2023 05:42:29 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1212765-ab80-4510-9edf-e5d05f2825be.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1212765-ab80-4510-9edf-e5d05f2825be.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11381 bytes)
Hash
4c261979fbd99d06ccb31a5cd3bb332a
48f93d2153179e1a48d7d01f2a169b17f723cc4e
ca71c5eced499cd48fee627ddb51776755e9523d00c1b92899b3b8ec1312244e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1212765-ab80-4510-9edf-e5d05f2825be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11381
x-amzn-requestid: 223e4fd8-552f-49b2-a4cf-3be859b43fb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHN85EChIAMFhPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d1f-5c88a5ce367f274775b3f0cd;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:46:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TkpeHjduFTshsAwjLXz0N_-ZMo6KjEOAeAoMWLaBeQQMahzo-FCTTQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:07 GMT
age: 28462
etag: "48f93d2153179e1a48d7d01f2a169b17f723cc4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90d50df9-567e-4e6a-a190-fd1b649dde3d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11221 bytes)
Hash
4cae5f4a74f4b00ff3c61d2cd3341258
233ab9ac6868f41ec6867e9e3a7c31b841635d43
cdd1237a972119a23f58c24d6299e3d128053222b0d131f46116db4f3f010af5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90d50df9-567e-4e6a-a190-fd1b649dde3d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11221
x-amzn-requestid: ca32141f-8e87-4402-b0da-efd4f32ea1ce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHN7UGsGIAMFtOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d15-7cb3dc065176bdad0451f511;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:45:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: B_PmZd5KeMmKQ3EQte_iZsLt1qoU6jPxe1Yo4Cb86rLRv9Xx5eMmyA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
age: 28463
etag: "233ab9ac6868f41ec6867e9e3a7c31b841635d43"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.1 kB (3084 bytes)
Hash
ce9c90c64a81cfd16050966c2b5ddf57
a2929122b2d2e252f39d23857cd7a2ed4651bb27
6647be8f5be621ef9b0cfe6585cb92c868951a95acf8c9c66d9eec6dc95d34c9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3084
x-amzn-requestid: 034173f8-edba-45b9-bbbc-a7d737b45e26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFM68EDMIAMF3Iw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb8eac-3a22865376bbdcde3ef17088;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 07:05:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lPrb0OiQtQrd0-1R9wmsMzYwRydWPW9lBTAFUu9SPchT7WZUIVzGdw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 08:05:30 GMT
age: 77819
etag: "a2929122b2d2e252f39d23857cd7a2ed4651bb27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10988 bytes)
Hash
5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RlbJymJhU6Ti5RZCSIvPzloackAiBEBGapKI440u4ZIfB5FYBNugLw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 03:24:49 GMT
age: 8260
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4796 bytes)
Hash
2aec02a691f126259e2a3c701e322ffe
af9161eefc1ee381a8f531c593ea7354d73493eb
e0094d54ca9bbbc4154abec2ce152453ddb1544e020b4a859e5da1f7073a26d0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4796
x-amzn-requestid: 9ad3dcbc-3d19-4619-a8cb-b316a8d51290
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7ULpHgKIAMFmYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79a4a-769bcf2f4d7787d007ec30e2;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:05:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -TjivJmHgT_N2QWC1rn8ng1sl5h53FcgoU9ALMINJEY6onseYEWGRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 08:08:25 GMT
age: 77644
etag: "af9161eefc1ee381a8f531c593ea7354d73493eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8057 bytes)
Hash
4e71636bb9a13ad7d52d253e16cd6a3f
401dd58e34982d3434739b9a2f7182487ea1cac5
1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: j3SoP46ER0JjOaLh363bQ9QW4ZIW19_rbgeQ7Ey8W-zgyGMMLSLccA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:17 GMT
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
age: 28452
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML