firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 15:54:51 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Yru0iEQmXJX1BzQNRzgN3OJ0-9ulHsFh5fqqIS8xrVCRV9iNBsOxcQ==
Age: 3136
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: -yAMwK9nqJbWl6tL7pWkuHYruKADsDfwCUEuyxFimEWecNkmp3vhWQ==
age: 40721
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 490c003436e215e91596f285fcba92f5
0c4c9a5802e7cdb699f4918c252dbdf8431c25ec
9fe6beb1cb3851018168765a243b6de69ec71d30770f8c2dcc57cae7d9978cc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9FE6BEB1CB3851018168765A243B6DE69EC71D30770F8C2DCC57CAE7D9978CC1"
Last-Modified: Wed, 28 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12631
Expires: Wed, 28 Sep 2022 20:17:38 GMT
Date: Wed, 28 Sep 2022 16:47:07 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 16:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 17:25:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7GO9uYnw6VnYQETcxeKWzIVbNSUH9qB6lzIXrp8ngXqxVSfUt40urg==
Age: 1055
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3526d5ce1381ba26cbc553db057e1915
fe01c920696448e8bf12e6fff877bce8281d34a2
09604aed7cbca7971bfcb5afcb53591600b944f28eff21aa65dc601e78cdda53
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3519
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:08 GMT
Last-Modified: Wed, 28 Sep 2022 15:48:29 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.69.181.45101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.69.181.45:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xjEZdqhY+W1sEaujd/I81Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Ea7oXLyCY5BXOYHkVsLyeRjjhOI=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4364fa358f76c1635458dab5d598f857
d15fc7359711b1651235fa1be66accc03fe26c1c
6449bf062dbb79683071f367ca142c175ef304485cb4d3711feb4763146e4fa7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10956
Expires: Wed, 28 Sep 2022 19:49:45 GMT
Date: Wed, 28 Sep 2022 16:47:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4364fa358f76c1635458dab5d598f857
d15fc7359711b1651235fa1be66accc03fe26c1c
6449bf062dbb79683071f367ca142c175ef304485cb4d3711feb4763146e4fa7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10956
Expires: Wed, 28 Sep 2022 19:49:45 GMT
Date: Wed, 28 Sep 2022 16:47:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4364fa358f76c1635458dab5d598f857
d15fc7359711b1651235fa1be66accc03fe26c1c
6449bf062dbb79683071f367ca142c175ef304485cb4d3711feb4763146e4fa7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10956
Expires: Wed, 28 Sep 2022 19:49:45 GMT
Date: Wed, 28 Sep 2022 16:47:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ad84ed0c5b2090df7996007514cf1984
651600f2ef18cecc2e38370069bbb5e1d86f68e0
a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fcxclGRP3zfWwb6opjYU2bL9VAq_mCSNjFtfp9iMLq6tbZu57EDqpQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
content-type: image/jpeg
age: 68225
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6139c878a7d2bd32c61fc8287996eb5b
9c4692ea64832895fbd107d91f879728b6a440c7
3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8500
x-amzn-requestid: 626c21ec-f29b-4b69-b275-c22c864c2409
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VmENnIAMFeTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c23-75eccc381fbd6e5d4ff59c06;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Eyy8qoYVCJbt6b6hTGJ-rOrYex9RuX1InyZbpHkeu9yQqPUEvowKcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
content-type: image/jpeg
age: 68291
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa5cad224dbddd71881bd07255beb4da
bc214d60be395d4cf753216ff8f9691c33d25e75
82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 68466
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea3890e460356d6ecc3ba4e405ac2e9e
b383135e2ebc23fe80eb0d594b198cb8c89327a5
8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yprErfM7s7P7jJPJT-HQZ2Z_AAN4946Tjwyn1g4r7yiA6IF0yLdQTQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 05:22:11 GMT
age: 41098
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreH5poAMFdxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:39:01 GMT
age: 68888
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b794c6812cb546de0295e087ebe66a7
a54803cca7d3c509c195f65961e1110c8ec56f55
6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 68311
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hegodev.com/tds/aietqu
184.168.97.137301 Moved Permanently 1 B IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /tds/aietqu HTTP/1.1
Host: hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
x-powered-by: PHP/7.4.30
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-litespeed-tag: 6ff_HTTP.404,6ff_HTTP.301
x-redirect-by: WordPress
set-cookie: slicevisitor=1; expires=Wed, 28-Sep-2022 16:49:09 GMT; Max-Age=120; path=/
location: https://www.hegodev.com/tds/aietqu
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Wed, 28 Sep 2022 16:47:08 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e2875a9e06f892f0d4fa46c0f98a1c49
9c0e332f55a592367b602494642ee2127699b543
74692ca89ddc427d0c55f56aedb738b107a9761c44ed5201f932f54950a6f406
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e2875a9e06f892f0d4fa46c0f98a1c49
9c0e332f55a592367b602494642ee2127699b543
74692ca89ddc427d0c55f56aedb738b107a9761c44ed5201f932f54950a6f406
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-154422125-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-154422125-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (2039)
Hash 04189dceee55f23d5c0d987004bdf270
30243fcfd0f5de52b1cf1e2bedc0b0f37b7bba39
5a61441b66d9f141f73c34da1587672d35c086951c21886cf2002ce5b791dd9b
GET /gtag/js?id=UA-154422125-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 28 Sep 2022 16:47:11 GMT
expires: Wed, 28 Sep 2022 16:47:11 GMT
cache-control: private, max-age=900
last-modified: Wed, 28 Sep 2022 16:03:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42333
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e2875a9e06f892f0d4fa46c0f98a1c49
9c0e332f55a592367b602494642ee2127699b543
74692ca89ddc427d0c55f56aedb738b107a9761c44ed5201f932f54950a6f406
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2f76d47ed4f3c90f557522303bb760bc
f34542cabea7a4517debf64c298b59fc009ea56c
5ce5c216b7cb6a4425f12453e447ad364bcc1cd7d23a9d2468a8a40adfc2cb10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hegodev.com/tds/aietqu
184.168.97.137404 Not Found 15 kB URL HTTP/2 www.hegodev.com/tds/aietqu
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39232), with CRLF, LF line terminators
Hash 1716066ba6d8be1afa0578e317ad7976
3cd0988e70d29b9c31092b584c4c23ace45466c7
ed7fdc6d080f84cfac5204c80ed796254818e7e3ba4015179d9a1276c31a654e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /tds/aietqu HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
x-powered-by: PHP/7.4.30
x-litespeed-tag: 6ff_HTTP.404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.hegodev.com/wp-json/>; rel="https://api.w.org/"
set-cookie: slicevisitor=1; expires=Wed, 28-Sep-2022 16:49:10 GMT; Max-Age=120; path=/
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 14914
content-type: text/html; charset=UTF-8
date: Wed, 28 Sep 2022 16:47:10 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2
184.168.97.137200 OK 493 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 34c447fc8b7747ca0cbb40fec67c28cb
5ef14f89ead8d0d496271cc4a0e482419fe4f667
bdb8e3868d4d8efd5135931edd978ed4f16111f110994ff161e44bd7c3d44467
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2862-767-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 493
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2
184.168.97.137200 OK 774 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 6e67560034ebfe1a21ca7838a79b3602
98c217a0786d8196f58ac0046e5572f765f50050
447874e04268e1cd9e1269a6df0d7e1a78fdde489d27c7f247052e59aed4c5b1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2861-d15-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 774
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2
184.168.97.137200 OK 2.0 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9062), with no line terminators
Hash 5c569f4b806cef7bae156536de7a6bbe
e333c2951afcd43c3f67af65eec7798142f3b693
87dfa898fa648e03706e8fa4153e5cada9e2c6dc8954607b419d1aa21f3c55f7
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281c-2366-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1955
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2
184.168.97.137200 OK 1.4 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1023), with CRLF line terminators
Hash 73ee631a66b856896702d8f5992129ad
e2a34ecd904e4ae9de4583a545c2717334c385f7
e5f555322926d2339db8f05008e17b35b453350b8ac8c173542845a9b58f571d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa-business/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 15 Apr 2022 11:47:32 GMT
etag: "e3f67-df4-5dcaff9d452af-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1361
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
184.168.97.137200 OK 6.6 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (30429)
Hash de7a7b0a7cefd6f77d360ab9819ce7c5
73ab1b9dbc0f89e39140965f7f6cc4edb723ff77
f085f338dd26cfc96e4b338ffe0a6b2fe8e4eb7477bfa14883646c08f6b49634
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:25 GMT
etag: "e4836-777f-5ac8557aaea40-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 6581
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2
184.168.97.137200 OK 691 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (2414), with CRLF line terminators
Hash 70e97a82cb2bd23c0544142f7ec5e48f
99ce9a22208dc751c6dab5b3bfbe99a73a0ce01a
807b94feb5ee85ba59311b80b2e6a15dbcf06336949e10c5a28eae5d22bfbe9f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281f-9cd-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 691
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
184.168.97.137200 OK 12 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (59158), with CRLF line terminators
Hash 37a0cc3233ba8513c0996bf4220250fd
e15ddd5aab9ee220054be8d22178b37ce7862a0e
0c23d7e2429213ce557799efab8f3d55d175b6b40ebc650bd01f70bbf6d1c162
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2808-e7d4-5e4d4065d283a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 12405
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
184.168.97.137200 OK 11 kB URL HTTP/2 www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (43771)
Hash 069a79d16ded6a02071f286cd2025c44
dd5970e01b8a10dadcf074f72a1c8095f25e947a
78261bccee805c6913bf7e23e2e25314f05f690300a77a40ca36e1e516b20203
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 04 Jul 2022 12:10:37 GMT
etag: "125f63-15b64-5e2f99fa9e940-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10912
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
184.168.97.137200 OK 628 B URL HTTP/2 www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1626)
Hash 5b31f9f2f4e068d0932e615b4c1430d7
a84aad0dae77532f66a7777d67facca9a2e6ab6f
af3fdfe4f024a9ae6bad6e550e63a4636396208b9554a2eb5aa4f8a4de716d0e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 18 Aug 2016 18:55:30 GMT
etag: "164a9e-71b-53a5d2030ec80-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 628
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2
184.168.97.137200 OK 1.7 kB URL HTTP/2 www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (5477)
Hash b1ead9e078b8c6a5044a583ef6fbbd5e
577658f92d2657f1131a97b6f128dfdb50d21d1a
b337360f9345d0763a9394d9a2b032459e0fe6199bee2a4b76f2b8ca24d8b867
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/imagesloaded.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126622-15fd-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1733
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8
184.168.97.137200 OK 993 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 0880979edd9517f9a7b7307495d2e853
9680cf285e27e869e1b90baaea045cc375e0a2c1
a25525fac97c4a6cb0c565349aeeae0f79b5bdedc77c88f7521e946bb7567924
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/navigation.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287a-17ab-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 993
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0
184.168.97.137200 OK 3.0 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1577)
Hash c42db5fc087004f61b1fd52f2fa6589a
d315714e57e1b83e3851a3261bcb6f3a8f8aedbd
47bec89c01cd4cc1e52ab92fcd1d1f50d73342d368064fd693a619e8072d4f93
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:38 GMT
etag: "105ac6-2e7a-5e4d403037d5f-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 3018
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
184.168.97.137200 OK 19 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65319), with CRLF line terminators
Hash a08b37e95872eb5945c89f729fe74d26
a4e542358e28aacc01fb2ca977feaf1567a35bc9
1210d07107cc6e06709991d7e78d50039183e90962f7e8a92744134a40a37878
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2811-2268e-5e4d4065d2c22-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 18894
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2
142.250.74.10200 OK 2.4 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2
IP 142.250.74.10:0
Hash 96761bc4aad59e4de37752c7cc4e49b2
2b9faa807ecaa54ca1fc6cb2decf7065d160e804
5ca3a97356acdbb7cc0cfac7a1b09969ae994c5f9c7a83be736c5322f2d1b7f4
GET /css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 16:47:11 GMT
date: Wed, 28 Sep 2022 16:47:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
184.168.97.137200 OK 4.6 kB URL HTTP/2 www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (11126)
Hash 55050b24c45c4eb4288d37c787febc62
0e2e51876c68c377021c7ca922b671df43f40667
6f37b7fe435d863f1b2e3671ae9ccdab95189f4bfba860383e48cf2d1306467a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 12:05:35 GMT
etag: "164a9d-3602-5e942e0f8e243-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4641
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8
184.168.97.137200 OK 338 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 295d8e7be879e4b8f375f36a9ac45e07
616274653f472969eaa37880ce42db18be993aae
ace732d52491f3fafa3b95770ce6e10b0ef7ce9c87ea178cb8f75927b2379417
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2876-2cc-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 338
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2
184.168.97.137200 OK 23 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1137)
Hash 951d728eb6833d22f9c81d65f0b86125
2eb36f396caa9da773c34cade2459e2b39d7153f
61703f377447272f82b6f36cbaaee9a0f31a037c64a6f4e9b803aafae34b6efc
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "12338a-2948d-5e4d4065d0ce2-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 22726
content-type: text/css
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8
184.168.97.137200 OK 2.5 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (8320), with CRLF line terminators
Hash f4d1dc17a8b538c2c3ea8ff13ea6d10b
a0bac998d0ac28f0e5b6a2993190daa435861724
2e2949f1f3b9db6036a9c9d97b431623572ce674e9944e44d2f2807061fcfe64
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287e-20e6-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 2504
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2
142.250.74.10200 OK 2.6 kB URL HTTP/2 fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2
IP 142.250.74.10:0
Hash 0b52112ec18c1ce6030e6ef90732911c
9615d4d22b3b57f3efa6618b3ce470efc279472e
e7d3c4a343439d096bb344fcaf5e062b925450c8fd28d16a8c8f11643a0e3efe
GET /css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 28 Sep 2022 16:47:11 GMT
date: Wed, 28 Sep 2022 16:47:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8
184.168.97.137200 OK 1.6 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (5370), with CRLF line terminators
Hash e74167fd14ae4f773d3afd5138ad81f2
9062953647b497a403cec22ad1ca2d31f76d96b2
b3539412526d3a6c6f18e32b9bcacb4274e51b44e876fb6ad9a02f8449c61c52
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2875-1537-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1636
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
184.168.97.137200 OK 31 kB URL HTTP/2 www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (62845)
Hash 7e34be448eebf21b9ab8cfcd8fde9504
a4e968811822f988b09ad62e4701286a6fad2e75
7893733ef7a787b4d182abf64a9fc6cbc40c9cced8b203dca707d4d09bc8bd6f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 13:07:21 GMT
etag: "164aa5-167db-5e943bde0430c-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 30937
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670
184.168.97.137200 OK 4.7 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (12498), with no line terminators
Hash 178e76046eb0e7272c90d4c8f5c6a582
0f6b3d54c1630ac1fe511a9de4dc6963c0f66c0c
4c78ef5db663c8ceb5185f1ed58195e871afd4f036eb89a83776f8851ad79c2b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:33 GMT
etag: "1059d1-30d2-5e4d402ba7d82-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4706
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
184.168.97.137200 OK 4.6 kB URL HTTP/2 www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (15660)
Hash a0083d25b89ea80ecd2393db9f865d62
24eaf2df7c722fb13f2b5bf77ada5ee446720c25
f7533cb93f2efbb9e3bccfa9ff4036a2cafa7dd1bd4d66bea4833306b321e957
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
etag: "126637-48b9-5dc6eb878efc0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4614
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2
184.168.97.137200 OK 7.1 kB URL HTTP/2 www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (23966)
Hash b15709b26cbed268be463aeb7221d12d
8ece754f196cdbace087ee39d77784626f1bac9a
381c481a826838b8eadc28c8290f1928bea7edb660da92dfc08dd6bdf2d37122
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126636-5e4a-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 7130
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8
184.168.97.137200 OK 10 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (42862), with CRLF line terminators
Hash 73b81ca4bccda384885bffd32b65d8e8
f66055b3dbf1ede1f0c2fa56a888981c3961bfe6
668d4731db28264dbce69d3dd601d722b0dcb1c785e8b2e8a58d81f1cfba00d6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e286a-a770-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10104
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8
184.168.97.137200 OK 14 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (50758), with CRLF line terminators
Hash 0ee8c174de1686d6078ac63eda46404e
cc0de71ae4dde2bf22a32776e517d80777f204ad
53c30939a24897a873222ecebb9228316342f1b96bdd5849f9bcf847b707fa45
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2815-c765-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 13455
content-type: application/javascript
date: Wed, 28 Sep 2022 16:47:11 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2
142.250.74.163200 OK 11 kB URL HTTP/2 fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10840, version 1.0\012- data
Hash 1dfdc31ff2064daaaf92877a90bed3b8
a538ee943a4cc54748827e91b91fb5932d3fde50
f5346003928ce35756d754b207e777261fc6b226caf252f5c07e302a3ed2accd
GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 10:56:22 GMT
expires: Thu, 28 Sep 2023 10:56:22 GMT
cache-control: public, max-age=31536000
age: 21050
last-modified: Tue, 19 Apr 2022 18:13:26 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 341147
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2
142.250.74.163200 OK 11 kB URL HTTP/2 fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10808, version 1.0\012- data
Hash 813e62d2193672e925a80aa9c4a85696
248768195074f87fd8bee6b45e87ab265d4ce7f1
2a257de7d16cbc56379bbeba00afc1533e9aee044331ef5d618ec6db47ba103c
GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10808
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 07:12:59 GMT
expires: Fri, 22 Sep 2023 07:12:59 GMT
cache-control: public, max-age=31536000
age: 552853
last-modified: Tue, 19 Apr 2022 18:08:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fc82211401f793132f7d43c2fd253af5
605d8371709b5d2a41967fd390c34fa649f89ea3
b23fd36ec037710672ac1aa6fea284e3869c4bae7941d9b53c771cff8743478e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 28 Sep 2022 16:47:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg
184.168.97.137200 OK 30 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 360x203, components 3\012- data
Hash 624934584c27faf93df0f15f1ab5f7c3
ecd3df25050330a2ce11d4e1f7e8e22b2229eb95
29d4c1b20b4ed7a5c8e399e46879567e0f31f7b75205dd6355cc455382b14aa1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/images/bosa-360-200.jpg HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Cookie: slicevisitor=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e282f-739a-5e4d4065d33f2"
accept-ranges: bytes
content-length: 29594
content-type: image/jpeg
date: Wed, 28 Sep 2022 16:47:12 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0
184.168.97.137200 OK 98 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Web Open Font Format, TrueType, length 98024, version 4.7\012- data
Hash fee66e712a8a08eef5805a46892932ad
28b782240b3e76db824e12c02754a9731a167527
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
Cookie: slicevisitor=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:28 GMT
etag: "e483e-17ee8-5ac8557d8b100"
accept-ranges: bytes
content-length: 98024
vary: Accept-Encoding,User-Agent
content-type: font/woff
date: Wed, 28 Sep 2022 16:47:13 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff
184.168.97.137200 OK 104 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Web Open Font Format, TrueType, length 104280, version 331.-31327\012- data
Size 104 kB (104280 bytes)
Hash 4bfbf7eb4b19d9ff9293eb177b6d0070
18d9a334e7184ae08e3a1c0468afb56a2a5b51cc
54b246419327b460f37af4f2dfaa4ac9cb901f62ea517ab95c06ae8605cf51e6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
Cookie: slicevisitor=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e27f9-19758-5e4d4065d206a"
accept-ranges: bytes
content-length: 104280
vary: Accept-Encoding,User-Agent
content-type: font/woff
date: Wed, 28 Sep 2022 16:47:13 GMT
server: Apache
X-Firefox-Spdy: h2
cdn.weatherplllatform.com/result.js?v=000
91.211.91.114200 OK 2.1 kB URL HTTP/2 cdn.weatherplllatform.com/result.js?v=000
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
File type ASCII text, with very long lines (6188), with no line terminators
Hash d868962b4e4d69fd837a3e1556c7381b
b8652d5ae1fb0f2d0fd0c5743a53c838a4a392ae
675e3090a5bd969bd83b2db91451dcb981568b53f63b383069b92fd5eb305170
GET /result.js?v=000 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:46:59 GMT
vary: Accept-Encoding
etag: W/"6331bb63-182c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
91.211.91.104302 Found 0 B URL HTTP/2 away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /track.php?nid=54889&yid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hegodev.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
91.211.91.104200 OK 816 B URL HTTP/2 away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 158636bd94d6293314d30df78496ca4f
64b9c3738b143d180e274a0d8015f5e5074b0c35
09f6a0fd9e385aebf884555e2c898a3c49d2d1590207ee874b6c8b0f6019795a
Analyzer Verdict Alert quad9 Sinkholed
GET /track.php?tid=54889&lid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hegodev.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
content-type: text/html; charset=UTF-8
content-length: 816
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9e78811da7e103e73261ab022d74a10b
8efd6d841ef786645cd5a0fcf2676fb9e8c6397e
1a763759c4e128a6bac5bacb72e88d4d21f5650bd9196ae87618e1247f3bcd98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A763759C4E128A6BAC5BACB72E88D4D21F5650BD9196AE87618E1247F3BCD98"
Last-Modified: Tue, 27 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4141
Expires: Wed, 28 Sep 2022 17:56:15 GMT
Date: Wed, 28 Sep 2022 16:47:14 GMT
Connection: keep-alive
silverlinetogther.net/b81698fd2.js
185.177.94.152200 OK 54 B URL HTTP/2 silverlinetogther.net/b81698fd2.js
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 30c1fd0f847f40d79960103f317ec07d
a0d13efcd4192c63adc1eabfb05717ad1cebd931
556ec061bb60ac3e9a1769e325fa43e4e6c1351216161560bdd37356956dbd1f
GET /b81698fd2.js HTTP/1.1
Host: silverlinetogther.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Sat, 02 Jul 2022 04:59:02 GMT
etag: "62bfd096-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
silverlinetogther.net/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 silverlinetogther.net/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: silverlinetogther.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.net/go/he2tszrzmq5dcmbugayq?sub2=dpicer8
Cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14f6289b0a75e05290efe60d88641e14
a33856565cc264bb6a2c3e2d75d5399180ea3074
98a3c1d48b09b9b17f6cdfeef9bd6c87e3980d1b46873b7c9634784c24dd10e3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A3C1D48B09B9B17F6CDFEEF9BD6C87E3980D1B46873B7C9634784C24DD10E3"
Last-Modified: Tue, 27 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6863
Expires: Wed, 28 Sep 2022 18:41:38 GMT
Date: Wed, 28 Sep 2022 16:47:15 GMT
Connection: keep-alive
cdn.weatherplllatform.com/events.js?v=2.141
91.211.91.114200 OK 633 B URL HTTP/2 cdn.weatherplllatform.com/events.js?v=2.141
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
Hash 659c9651712b354b7023f0561ad5d6a4
fe44771a7dbf12854925d1d8e23c85d8c5858c3c
36a705c45e5326adf23f4db13f1b8d1b883f44e3834f04566771708f8a2b126e
GET /events.js?v=2.141 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:49:44 GMT
vary: Accept-Encoding
etag: W/"6331bc08-920"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8
185.177.94.152200 OK 53 kB URL HTTP/2 0.silverlinetogther.net/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334)
Hash c56a440d7195db53a724974c116657f7
2052f1eed7a9c5943f64099a49bdc74e37600a6b
337163acfb1fa3e1af4b90a9572661fe071b738f4254dace3423383e9e9912ba
GET /index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer8 HTTP/1.1
Host: 0.silverlinetogther.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.net/
Cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:15 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa; expires=Fri, 28-Oct-2022 16:47:15 GMT; Max-Age=2592000; path=/; domain=0.silverlinetogther.net
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
browork3er.cc/sw/bro.js
51.15.18.159200 OK 1.9 kB IP 51.15.18.159:0
Hash f4be42785bf387902bac0d5780496e69
9eefde87f4a8e8a9279ad83d935da4380bbdfbf0
7a28a6668b4ab5b34fea7fd17ac87a664636e2488ecb44118e30661e2ba62005
GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.silverlinetogther.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 28 Sep 2023 16:47:15 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
browork3er.cc/sw/bro.js
51.15.18.159200 OK 1.4 kB IP 51.15.18.159:0
Hash 57b44c6c58640afa1dbc8ea67a60dfd9
2a94bc42bbe9487e11514c56920713b98e287ea5
abf988b1596979ad8ef5719d82e2c159a2fb4023e174339344e972a74a554e5d
GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 28 Sep 2023 16:47:15 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2
184.168.97.137200 OK 0 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
Cookie: slicevisitor=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e27f7-1397c-5e4d4065d206a"
accept-ranges: bytes
content-length: 80252
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Wed, 28 Sep 2022 16:47:12 GMT
server: Apache
X-Firefox-Spdy: h2
silverlinetogther.net/go/he2tszrzmq5dcmbugayq?sub2=dpicer8
185.177.94.152200 OK 0 B URL HTTP/2 silverlinetogther.net/go/he2tszrzmq5dcmbugayq?sub2=dpicer8
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
GET /go/he2tszrzmq5dcmbugayq?sub2=dpicer8 HTTP/1.1
Host: silverlinetogther.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.bettershitecolumn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:14 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=689c85ff-ad1a-4740-a75f-25d53a51aeaa; expires=Fri, 28-Oct-2022 16:47:14 GMT; Max-Age=2592000; path=/; domain=silverlinetogther.net
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
di4.biz/?auf=mrsdiyrzhe5dcnrqgixtcmbugays6nbpheztgzbvgm3gelzsgqxtcnrwgqztqmzwgm2q&p=b&sub1=&sub2=dpicer8&sub3=&sub4=&cpc=0&cpm=0
185.177.92.179200 OK 0 B URL HTTP/2 di4.biz/?auf=mrsdiyrzhe5dcnrqgixtcmbugays6nbpheztgzbvgm3gelzsgqxtcnrwgqztqmzwgm2q&p=b&sub1=&sub2=dpicer8&sub3=&sub4=&cpc=0&cpm=0
IP 185.177.92.179:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /?auf=mrsdiyrzhe5dcnrqgixtcmbugays6nbpheztgzbvgm3gelzsgqxtcnrwgqztqmzwgm2q&p=b&sub1=&sub2=dpicer8&sub3=&sub4=&cpc=0&cpm=0 HTTP/1.1
Host: di4.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.silverlinetogther.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 28 Sep 2022 16:47:15 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=4b24b250-b1c1-4f24-8ba3-6d1abad30f19; expires=Fri, 28-Oct-2022 16:47:15 GMT; Max-Age=2592000; path=/
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2