my.signpost.com/external_link_click?url=https://mpalma.com/&link_target=website&link_source=message&source_type=email&sent_comm_fingerprint=619136d6081de736d78f4822c5a05e91b0dd73ca
301 Moved Permanently 464 B URL HTTP/1.1 my.signpost.com/external_link_click?url=https://mpalma.com/&link_target=website&link_source=message&source_type=email&sent_comm_fingerprint=619136d6081de736d78f4822c5a05e91b0dd73ca
IP
File type HTML document, ASCII text, with very long lines (464), with no line terminators
Hash 42da1bae967efe6e84208d203005ad5a
f48f01c1f0fca1bfbfb9e9f6319f87edf0717a8f
46f675f83e73ad64f8fc86f9755f3f0cf7676709f355548dd434fc3947d3086f
GET /external_link_click?url=https://mpalma.com/&link_target=website&link_source=message&source_type=email&sent_comm_fingerprint=619136d6081de736d78f4822c5a05e91b0dd73ca HTTP/1.1
Host: my.signpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 30 Jan 2023 01:51:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 464
Connection: keep-alive
X-Powered-By: Express
Vary: Origin, Accept, Accept-Encoding
Strict-Transport-Security: max-age=31536000
Cache-Control: no-store
Location: https://my.signpost.com/external_link_click?url=https://mpalma.com/&link_target=website&link_source=message&source_type=email&sent_comm_fingerprint=619136d6081de736d78f4822c5a05e91b0dd73ca
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14994
Expires: Mon, 30 Jan 2023 06:01:50 GMT
Date: Mon, 30 Jan 2023 01:51:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4863
Expires: Mon, 30 Jan 2023 03:12:59 GMT
Date: Mon, 30 Jan 2023 01:51:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 302c7548412192add063ad6c8b99cf3b
e5d178931a27db036ce8daae302594d3ff7050b8
fc2bd9091006189e67e8074093805ee5492ce16e1dbfba32e083abeeae34969d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FC2BD9091006189E67E8074093805EE5492CE16E1DBFBA32E083ABEEAE34969D"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12494
Expires: Mon, 30 Jan 2023 05:20:10 GMT
Date: Mon, 30 Jan 2023 01:51:56 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 30 Jan 2023 01:35:39 GMT
content-type: application/json
age: 977
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: K4Byn+47zPGjYNIPDlmurRTXXLNv6AFlS6TsiMDZr0Vhly5ItP2lJeS2hizLSekcG35YkkfCLXp7fpFdNv0pmg==
x-amz-request-id: Z1YBCQM5T3A6CPVA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 30 Jan 2023 01:21:36 GMT
age: 1820
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:56 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 406425deac06b0288a84ffd33767b79b
aa1758f73adaa5bd1fe1d15d5db3236783a4c54e
b22eee0d5f5275c63554efb05d6211ed5191f6179b8a7204fe0541326cc9ba75
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=138421
Date: Mon, 30 Jan 2023 01:51:57 GMT
Etag: "63d69c58-1d7"
Expires: Tue, 31 Jan 2023 16:18:58 GMT
Last-Modified: Sun, 29 Jan 2023 16:18:32 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: HdYuwt9MPBGColZvUYP8tSFZe9xgcPuFEkmWv8jPKKPR3lUPuuzwDg==
Age: 26
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 30 Jan 2023 01:49:04 GMT
age: 173
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
my.signpost.com/external_link_click?url=https://mpalma.com/&link_target=website&link_source=message&source_type=email&sent_comm_fingerprint=619136d6081de736d78f4822c5a05e91b0dd73ca
302 Found 82 B URL HTTP/2 my.signpost.com/external_link_click?url=https://mpalma.com/&link_target=website&link_source=message&source_type=email&sent_comm_fingerprint=619136d6081de736d78f4822c5a05e91b0dd73ca
IP
File type HTML document, ASCII text, with no line terminators
Hash f7816e3d7c4d5e341d201c7a4a1a7d24
5aef226a414e063205c830e4d3708bbcebbd2b70
5f0530b264966c4a985906cb9fed5f330d14c943da6ab25d81a19aee243897b7
GET /external_link_click?url=https://mpalma.com/&link_target=website&link_source=message&source_type=email&sent_comm_fingerprint=619136d6081de736d78f4822c5a05e91b0dd73ca HTTP/1.1
Host: my.signpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Mon, 30 Jan 2023 01:51:57 GMT
content-type: text/html; charset=utf-8
content-length: 82
location: https://mpalma.com/
x-powered-by: Express
vary: Origin, Accept, Accept-Encoding
strict-transport-security: max-age=31536000
cache-control: no-store
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5366
Expires: Mon, 30 Jan 2023 03:21:23 GMT
Date: Mon, 30 Jan 2023 01:51:57 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mNBCCzZYRmNTDehcJ0NYdw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: a+9hgos2kOVtgU3O7ZB/ydLJB/s=
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 270554
expires: Sat, 20 Jan 2024 01:51:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJE%2BEKFmFD5cgBEMYhS69ghGCRdPlkl1J6BQC83mZ8y3x181ttA0HT2HiT%2FBDF%2Bg%2FYRBFOxDJZ3Mais%2Fc%2Bzsba9m3x8BqnDPtcUhFf%2BRZr4T5WXv%2BEkCNTO1Pm7ITp3W8l90nOp1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 791690c41dc41c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 4f43bce4d132991fedec454aa5579541
ac50300f638e67e9c22c85bd62cad2fb2848f18a
dd4868fbd0fadba88cf8bae1aa864ff31ffd149d5da5b55522975b5d9498cffb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6522
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Last-Modified: Mon, 30 Jan 2023 00:03:16 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash b67335a8e235eacf68e4b7f98cc5dc40
887a9b34cf2ba9371bbe8c93e362c174668cf812
1ad2f6328af6d819acd85f4e4646afcafd945e17e555d5eeb54244db83cd48fa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?hl=en&ver=6.1.1
200 OK 556 B URL HTTP/2 www.google.com/recaptcha/api.js?hl=en&ver=6.1.1
IP
File type ASCII text, with very long lines (850), with no line terminators
Hash f678bcfbe98b4039961065c12543bfd0
31a000bba532f910d036c24c795ef3636450e4c3
1dabb56e42c7b0a90264a0e7d8884e4111eed0e1b6321cab5f6e26440d63da8d
GET /recaptcha/api.js?hl=en&ver=6.1.1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 30 Jan 2023 01:51:58 GMT
date: Mon, 30 Jan 2023 01:51:58 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-V3BTHVJ929
200 OK 79 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-V3BTHVJ929
IP
File type ASCII text, with very long lines (21849)
Hash aa74a42f4074d0e51899563134bbb484
067717f643d3a3561e1bf054714ad6012589ca15
ca70ed63e5a36e3e5f2a9e7af60d3b7558509aa0d02f573df575065640cc6db0
GET /gtag/js?id=G-V3BTHVJ929 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jan 2023 01:51:58 GMT
expires: Mon, 30 Jan 2023 01:51:58 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 78878
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 75bf326700e29b1b06e57fb96ee2b064
4f979f28905b65637a058cd44be6c25bb51a42e4
385f7a9c4112c4d674264d02229719e7f82e7039e681db8aaa6685ebab2be0c1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-736688956
200 OK 51 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-736688956
IP
File type ASCII text, with very long lines (1759)
Hash 3a7da9ef2ac69ae86680cd910382eeca
e0595b55e8cac99524aaf12fdb47b96cf28a92f5
4e959e2826473a2f402da5fcae4d01321896d2b6567b70a170a1d3182d0e0fe9
GET /gtag/js?id=AW-736688956 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 30 Jan 2023 01:51:58 GMT
expires: Mon, 30 Jan 2023 01:51:58 GMT
cache-control: private, max-age=900
last-modified: Mon, 30 Jan 2023 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50830
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1141ae65ad448fb3438690d5042af728
aa8b236bb1099c9440bfe3e98530939623250c03
e55eeaf5cd454042706c3e2d7d2b0211e91087b430cb5bae6b9e030392f57b4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mpalma.com/wp-content/plugins/gravityforms/assets/css/dist/theme-components.min.css?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/assets/css/dist/theme-components.min.css?ver=2.6.9
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/plugins/gravityforms/assets/css/dist/theme-components.min.css?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
content-length: 0
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: "63bfaa5a-0"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash ba2ca6af7b23ce2e11aa4f9d86e66269
212aef55d64b6add292dcf6241b16e7c93d1bae2
f163a94d190f5aeeb05b2e344bc8e1544d9701772b08585e9c92b529c8652b3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
kit.fontawesome.com/a076d05399.js
403 Forbidden 22 B URL HTTP/2 kit.fontawesome.com/a076d05399.js
IP
File type ASCII text, with no line terminators
Hash fd97e4f669829c0ab67c2203a6840a09
3cf1ecf50b3c929fb32a43896505db3ff9602275
6ee8906b2c990cc0ccd14c16ed0482a5b6dcacf438908ff2d8a98a4c4d5a35e3
GET /a076d05399.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/plain; charset=utf-8
content-length: 22
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; preload
x-request-id: Fz7zNIjoIXDx1_7Bqy7B
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 791690c4af61b4eb-OSL
X-Firefox-Spdy: h2
mpalma.com/wp-content/uploads/2022/05/Palmaebook-cover-1280x1657.jpg
200 OK 201 kB URL HTTP/2 mpalma.com/wp-content/uploads/2022/05/Palmaebook-cover-1280x1657.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1280x1657, components 3\012- data
Size 201 kB (200778 bytes)
Hash 6c2928d35f82121e32042787c397e9a1
5bab69dd1df064826cd4f20a3878257f06593953
0f613d19e30a2dfa293cf24eeb819937cfc014bf567798d473d812f51db250e4
GET /wp-content/uploads/2022/05/Palmaebook-cover-1280x1657.jpg HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: image/jpeg
content-length: 200778
last-modified: Thu, 26 May 2022 10:38:07 GMT
etag: "628f588f-3104a"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash db3290a85d0ba4da27406ae9636aa618
4c69da45eddd66a1e26fce5562fc45eda7005309
19db4d0cc84bff9586883a5fa69c426af0b5fc1c2760ee7c259b0307c8afa6b2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mpalma.com/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.17
200 OK 2.7 kB URL HTTP/2 mpalma.com/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.17
IP
File type ASCII text, with very long lines (6194)
Hash af58aba551ebd670d6be3577e46d750c
020f0891f9f5df30302d8b4c0d81b28ae06b4989
f55c04f4339dc0da173901dee8992a4fb9a096f5175d138b2cf64cb42f953e11
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.17 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
etag: W/"5f735862-1940"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
200 OK 2.1 kB URL HTTP/2 mpalma.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
IP
File type ASCII text, with very long lines (4875)
Hash 40188508f91199645720362117108cb8
3df6c030dbeef67f6c8dd89f8b31d67d73735ffe
f04cb149378f311397e39668fcc79882a6b93db603e34310a2eecd03002b81fb
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: W/"6254194e-132e"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
200 OK 38 kB URL HTTP/2 mpalma.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 4b251795427f84d1c9b73306f50df052
fa1338405206f3b586567491228217adfc5258e6
c90042d34ed1b6631bbc23586b70ba944289de866bed2b17765e941e42846fc4
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 16 Nov 2022 08:24:04 GMT
etag: W/"63749e24-53c0"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1
200 OK 9.9 kB URL HTTP/2 mpalma.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1
IP
File type ASCII text, with very long lines (1191), with no line terminators
Hash 3c1c31c7f1563c76c697cf737d694087
64b9977e0203542908dcf0bb22e9dbb07a7e4f7f
ba043201fc2d5ea78313a8a8be80735f3f15ecb52c50bc8d7d72abba4d4e8ae0
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.1.1 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
etag: W/"625095f6-4a7"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
200 OK 38 kB URL HTTP/2 mpalma.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP
File type Unicode text, UTF-8 text, with very long lines (17819), with no line terminators
Hash 5a0418f5a6fb7efed048720b91713525
d19e3ab076eaa5690349914b268918a9bb1e633c
93032a39a64fada67bc205535bd8f9aeeabdef31083a8bd09c9248d8ff9f4b14
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 16 Nov 2022 08:24:04 GMT
etag: W/"63749e24-459f"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.6.9
200 OK 2.3 kB URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.6.9
IP
File type ASCII text, with very long lines (4172), with no line terminators
Hash 445695b1c52d4e3fb3edb76d720444dc
92a3c58ded8a0472cbf5c844b024d4e6a2d2ce62
c38a53c6ccf58e5a0b510dbe4475250cd9abda4f40d70e4a15a5f7955a5525e3
GET /wp-content/plugins/gravityforms/js/jquery.maskedinput.min.js?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-104c"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash f420ea1155b60c594ce4724160516c28
36181ff9653743b8f4583e6b3f3ed067f45aeb74
3b852c6ad4b55279dcfb577c70d3f7a9bbe8cd9d5ace266a6fbbaa581dceae35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2567
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:58 GMT
Last-Modified: Mon, 30 Jan 2023 01:09:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
mpalma.com/
200 OK 26 kB IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (10028), with CRLF, LF line terminators
Hash 496b11419ea41a63a71eb79498f92149
c201ff113d4c6d70b79226366cb1121d5bfd0fd1
7826195e3b87fdd89892f4d5110d1fd2e7eb58433b69fd66ab48e0166f8d5714
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
link: <https://mpalma.com/wp-json/>; rel="https://api.w.org/", <https://mpalma.com/wp-json/wp/v2/pages/8>; rel="alternate"; type="application/json", <https://mpalma.com/>; rel=shortlink
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 18
x-cache-group: normal
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3975
Expires: Mon, 30 Jan 2023 02:58:14 GMT
Date: Mon, 30 Jan 2023 01:51:59 GMT
Connection: keep-alive
mpalma.com/wp-content/plugins/genesis-blocks/dist/style-blocks.build.css?ver=1666034849
200 OK 7.2 kB URL HTTP/2 mpalma.com/wp-content/plugins/genesis-blocks/dist/style-blocks.build.css?ver=1666034849
IP
File type Unicode text, UTF-8 text, with very long lines (7511)
Hash a74dda5cc251ad59c518ce61ac161209
539f17623f1cf642d3a13ef3537a352145538cbb
9ad39ac53843cdb2d56a073e60b3320f4fa48bd005a2df3b55099668b833b66c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/genesis-blocks/dist/style-blocks.build.css?ver=1666034849 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 17 Oct 2022 19:27:29 GMT
etag: W/"634daca1-b1a9"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/cool-timeline/includes/cool-timeline-block/dist/blocks.style.build.css
200 OK 4.0 kB URL HTTP/2 mpalma.com/wp-content/plugins/cool-timeline/includes/cool-timeline-block/dist/blocks.style.build.css
IP
File type ASCII text, with very long lines (322), with CRLF line terminators
Hash a5a408d443ce4bf23b343e0a7e47dcc4
23c09592a350313b15afebf5279d5d4b934f55a6
fb3e863c90fa2d69d2391e1dd62c19a7c6064af1a45ca2e757a81970d6180b0b
GET /wp-content/plugins/cool-timeline/includes/cool-timeline-block/dist/blocks.style.build.css HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 11 Jan 2023 21:50:58 GMT
etag: W/"63bf2f42-690f"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:100
200 OK 6.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:100
IP
Hash 94faaeb9f4cbc403ff73c97794fe4dd9
69c7ed90efefa610787318b46ae704c9ab0deffc
070f4f5c2706015e87583a84636086b96903ae61cc4b4f2d50490675a47dcbc1
GET /css?family=Montserrat:100 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 30 Jan 2023 01:51:58 GMT
date: Mon, 30 Jan 2023 01:51:58 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc895bb6-fa1f-4972-a2f8-5ce71b0c72c0.jpeg
200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc895bb6-fa1f-4972-a2f8-5ce71b0c72c0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d200552d23c85c199558b79cc24348f
8cc20b9ce98eeacd5b826268da24955a82e78a01
09b05ae6f75b5141401ddc49014e0eb2eac0856ba3b5020bc85f4a9a64d3d2a6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc895bb6-fa1f-4972-a2f8-5ce71b0c72c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9700
x-amzn-requestid: 9f944a46-7e39-44c3-a640-3c7e9b778bca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkoEEkJIAMFs0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7cd-4b29196f5bd1b2fb04e6363f;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WdAuArY0X2z4d6i17ZJ0521rzGRJS8FtaN-Kqvzg0fqW3F-HptEvNA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:10:01 GMT
age: 13318
etag: "8cc20b9ce98eeacd5b826268da24955a82e78a01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mpalma.com/wp-content/themes/Divi/js/scripts.min.js?ver=4.19.4
200 OK 62 kB URL HTTP/2 mpalma.com/wp-content/themes/Divi/js/scripts.min.js?ver=4.19.4
IP
File type ASCII text, with very long lines (65467)
Hash 02f6be75c6d5f36b0efa54f58297eead
cd801b069ea4de7a58c7255ac4551bbd6a48a556
eecc4f77e5547f960427140325a3324172ffb141685cef900536bf20d6f6a077
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/Divi/js/scripts.min.js?ver=4.19.4 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 22 Dec 2022 10:43:41 GMT
etag: W/"63a434dd-42f69"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 17:35:56 GMT
age: 29763
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe31ee140c2fd62e616c8a1edc9e78bb
7aa5fbdc8156514770ae620e81f1afef1c77890f
799af4bf9fa07ed27ebdc9d1a3344ee8a2b6529f076c263495b93290c47a1cc4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52796f60-dafe-46ba-9c7a-a08ce5e16c34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8464
x-amzn-requestid: bf2cf356-ebb1-469b-ba35-a79bb009cad6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj3qGeboAMFzNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e697-7c96841f52b6a96d1b0eaf34;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:19 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: y6bDvcD7a3-A4DLC3cSdZT-yewV1kkFqcGr7AMuqvUeGA4A0pgF4wQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:59:27 GMT
age: 13952
etag: "7aa5fbdc8156514770ae620e81f1afef1c77890f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1
200 OK 366 kB URL HTTP/2 mpalma.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1
IP
File type HTML document, ASCII text, with very long lines (906), with no line terminators
Size 366 kB (366382 bytes)
Hash e402e42c66ae7459579f3804faad9b5e
f537781116462e79fbaec9fb5297f0cd6436fb74
57ce1bd3e883cc63861f4175f777850b8a4f42164817c24698a30ce486d0c169
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.1.1 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 20 Jan 2021 13:35:18 GMT
etag: W/"60083196-38a"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash f420ea1155b60c594ce4724160516c28
36181ff9653743b8f4583e6b3f3ed067f45aeb74
3b852c6ad4b55279dcfb577c70d3f7a9bbe8cd9d5ace266a6fbbaa581dceae35
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2568
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:59 GMT
Last-Modified: Mon, 30 Jan 2023 01:09:11 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65c02d8a1b0d6a210cb2a649c5c67469
027dbc7a104c922904f067ed15d696c363c11774
89d5443a1d313c632d09a583ef602aa4645a16986076387329f434262d15b0a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72e6599c-6a41-4dd2-a346-b15fa84cb20a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10997
x-amzn-requestid: a6fac0ab-1acf-4808-8785-3b4ec5e32edf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj30FX7IAMFa5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e698-005109ec2e76529e793678d6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: skGKI_MWvDwpAbGibUcr8wTlimgoPU9ZYhEHltd3uhdJZ_GoNznVAA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 22:08:57 GMT
etag: "027dbc7a104c922904f067ed15d696c363c11774"
content-type: image/jpeg
age: 13382
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mpalma.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.19.4
200 OK 10 kB URL HTTP/2 mpalma.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.19.4
IP
File type HTML document, ASCII text
Hash e29f47c66dd017e3dd63eae16a0b81a6
b4ddf95c573c4b41c50caefb7ac2402d76eef1dd
83ce6c5b9dafe80d38eca984aaee98f90bd7fc5158b87c4cd7fa1dc3cb658c3b
GET /wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/jquery.fitvids.js?ver=4.19.4 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 22 Dec 2022 10:43:41 GMT
etag: W/"63a434dd-d15"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1670181251&ver=1.17.1
200 OK 186 kB URL HTTP/2 mpalma.com/wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1670181251&ver=1.17.1
IP
File type Unicode text, UTF-8 text, with very long lines (65398)
Size 186 kB (185941 bytes)
Hash 0a77100e78aaddce90ac8b15750218b9
980fe11593f2744e5a938d445921d135df3390d9
e47449451485300f6edbc476ea3b5bc7ab51205f28005213d7e7e1262efaa5dd
GET /wp-content/uploads/pum/pum-site-scripts.js?defer&generated=1670181251&ver=1.17.1 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Sun, 04 Dec 2022 19:14:11 GMT
etag: W/"638cf183-110dc"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/dist/dom-ready.min.js?ver=392bdd43726760d1f3ca
200 OK 18 kB URL HTTP/2 mpalma.com/wp-includes/js/dist/dom-ready.min.js?ver=392bdd43726760d1f3ca
IP
File type ASCII text, with very long lines (463)
Hash fc2f8ce9f510e95fc8ec50cec8c8498a
5c1dae5868b7026f226487db51e551c081a991d0
7c6a39590b0f1ec808d2b079d94bdaaa3e2a37052f54d5867362faeb50f4ad22
GET /wp-includes/js/dist/dom-ready.min.js?ver=392bdd43726760d1f3ca HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: W/"6254194e-1f2"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 14681339fc16ac120967600c85c37d96
589ed56dc45067e35e26a667ad3d9a12d0f61884
c7a020eb97f372e9325a03c89aa4d97d023f8583ea94af56ae1ffc2363ab8547
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6233
Cache-Control: max-age=88873
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:59 GMT
Etag: "63d5c28f-1d7"
Expires: Tue, 31 Jan 2023 02:33:12 GMT
Last-Modified: Sun, 29 Jan 2023 00:49:19 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www.gstatic.com/wcm/loader.js
200 OK 1.3 kB URL HTTP/2 www.gstatic.com/wcm/loader.js
IP
File type ASCII text, with very long lines (1123)
Hash 22300d54ba7faf32360c95915053014c
ea83f097bd99413f9d8fcb08d0312ba7ba1be99f
2c4c9c9d6af1ad12556ab11c8021eb5c254025ce04500bc885b69984dd562ce5
GET /wcm/loader.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1339
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 01:20:45 GMT
expires: Mon, 30 Jan 2023 02:20:45 GMT
cache-control: public, max-age=3600
age: 1874
last-modified: Mon, 15 Mar 2021 16:45:00 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e9eba61fbe87bc53d60d0fdd1ba6adb4
8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07
9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js
IP
File type ASCII text, with very long lines (771)
Size 164 kB (163774 bytes)
Hash 57c909ab73fc27ec24f737bbf1cb1de8
89b2c02e9e7a9a764518fca545d3eec2044fd6d9
7e407e2b00bb7c238c71d96472f7ab030de4e610b1048f0f77b25cb85c2d166b
GET /recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 17:09:34 GMT
expires: Tue, 23 Jan 2024 17:09:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
content-type: text/javascript
age: 549745
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP
File type ASCII text, with very long lines (64348)
Hash 541db4f3f0ba067bfb58cdac34cb86f4
20e6883f068568888ce37c6b9ef8f5d12be257c0
83898f3b2da2a11996d2eb3a5115ef301255030fdf231b8bf7971916769bc7be
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: V/14P+aPEwEJy+bW+H+cE4dJ/V+1DGlRDKhlGAHCO9nbR5VeryghGMNBsJY0c7vdFhv4SwWlJkSpkQrTl5DKdA==
content-length: 27815
x-fb-trip-id: 1679558926
date: Mon, 30 Jan 2023 01:51:59 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.gstatic.com/call-tracking/call-tracking_7.js
200 OK 21 kB URL HTTP/2 www.gstatic.com/call-tracking/call-tracking_7.js
IP
File type ASCII text, with very long lines (2828)
Hash 23db67cc80ab227aeab0967306bd9c1c
7ebb71850d2ebf5d58b26c085a4aa1bbfa11c6ba
58d50b1c5787d1c2d790f6cb3b8bd41378ef47599b0d3050feb9c9ebadf5068d
GET /call-tracking/call-tracking_7.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-telephony"
report-to: {"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
content-length: 21020
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 02:06:05 GMT
expires: Sat, 27 Jan 2024 02:06:05 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 03 Feb 2021 22:45:00 GMT
content-type: text/javascript
age: 258354
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/736688956/?random=1675043529129&cv=11&fst=1675043529129&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fmpalma.com%2F&tiba=CPA%20%7C%20Accountant%20%7C%20Tax%20Planning%20%7C%20Bookkeeping%20%7C%20Palma%20Financial&auid=1226906248.1675043529&data=event%3Dgtag.config&rfmt=3&fmt=4
200 OK 910 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/736688956/?random=1675043529129&cv=11&fst=1675043529129&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fmpalma.com%2F&tiba=CPA%20%7C%20Accountant%20%7C%20Tax%20Planning%20%7C%20Bookkeeping%20%7C%20Palma%20Financial&auid=1226906248.1675043529&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
File type ASCII text, with very long lines (1971), with no line terminators
Hash dad122dee3a0b7676a57b92d0d110785
fa7dd4d786c784e919a221f7b956e71142ea6d94
f3ffd74611ef50843f041151738740ce3898e8ac18e37800d78962dcd8f03f89
GET /pagead/viewthroughconversion/736688956/?random=1675043529129&cv=11&fst=1675043529129&bg=ffffff&guid=ON&async=1>m=2oa1p0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fmpalma.com%2F&tiba=CPA%20%7C%20Accountant%20%7C%20Tax%20Planning%20%7C%20Bookkeeping%20%7C%20Palma%20Financial&auid=1226906248.1675043529&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 01:51:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 910
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 30-Jan-2023 02:06:59 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mpalma.com/wp-content/uploads/2021/09/cropped-palma-logo-1-192x192.png
200 OK 8.7 kB URL HTTP/2 mpalma.com/wp-content/uploads/2021/09/cropped-palma-logo-1-192x192.png
IP
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash f5b6f5bb061d7cac9430dd32197241b4
70db1bc80a1d979d0bef2b93614fe15dc137f49d
37dcd05b1193e97d5546feef2c2e8276189a0ffeab85e812765cadc47ed2bd26
GET /wp-content/uploads/2021/09/cropped-palma-logo-1-192x192.png HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Cookie: _gcl_au=1.1.1226906248.1675043529
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:59 GMT
content-type: image/png
content-length: 8676
last-modified: Thu, 26 May 2022 10:38:11 GMT
etag: "628f5893-21e4"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e9eba61fbe87bc53d60d0fdd1ba6adb4
8dbb3dfacfaad4ce0fd3a355790cb9b245e01e07
9c0233792f873315e75ce5396d1a210f2df665db23ab858a0724f66bbb4528e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mpalma.com/wp-content/uploads/2021/09/cropped-palma-logo-1-32x32.png
200 OK 1.1 kB URL HTTP/2 mpalma.com/wp-content/uploads/2021/09/cropped-palma-logo-1-32x32.png
IP
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 71ae724ac36b78f6f55ed562be6702f6
abce919dbe64c86612d903cfa0c06263452d212e
e3f344f05b9f440ce06671a8428a674b7e910068990d49e5e8e1777c65c60917
GET /wp-content/uploads/2021/09/cropped-palma-logo-1-32x32.png HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Cookie: _gcl_au=1.1.1226906248.1675043529
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:59 GMT
content-type: image/png
content-length: 1088
last-modified: Thu, 26 May 2022 10:38:11 GMT
etag: "628f5893-440"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
prism.app-us1.com/?a=26530340&u=https%3A%2F%2Fmpalma.com%2F
200 OK 20 kB URL HTTP/2 prism.app-us1.com/?a=26530340&u=https%3A%2F%2Fmpalma.com%2F
IP
File type ASCII text, with very long lines (1490)
Hash 6202706cbb3d37d90bd44855d7bab3c8
49ee61dd559f2cfc2250e41830f0704cbd6b5d33
a42287833da6d4a579a21aba0c1253b236f631870a639ef460f637df80f7750c
GET /?a=26530340&u=https%3A%2F%2Fmpalma.com%2F HTTP/1.1
Host: prism.app-us1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:51:59 GMT
content-type: application/javascript
cache-control: no-cache, private
set-cookie: prism_26530340=dcaa53bb-c7f5-4b5e-9dd1-5a1e443760a3; expires=Wed, 01-Mar-2023 01:51:59 GMT; Max-Age=2592000; path=/; secure; httponly; samesite=none
x-envoy-upstream-service-time: 54
x-powered-by: PHP/7.4.33
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 791690cd6c5eb4e8-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash a369a4445d1fccf2ce045c3c4c3f3d67
d6f618e6150a4f9ac6eb5df4a503141a635605a2
d62c7913686c10d4c4b8d691d533256534da77cecc9fcf3f8aa885380dcc148b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 2aeb375d07c6797557862a1e95e25902
8d9a4232f162756acee686c8bc130f96b9800889
80b36ee610a970ba64d36a42cfb9ee93f44c1eea03b7da2257f5a85e68055bf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash c27465c026dec5dc97d446a7bbfbd359
f3be1459cbc1524872d89e3a973f50f5acf98f71
98fa49e814654fd7d16176c9ec1c06c2c574150ef9db2ac9e685443b605109ee
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4339
Cache-Control: max-age=136653
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:59 GMT
Etag: "63d68499-117"
Expires: Tue, 31 Jan 2023 15:49:32 GMT
Last-Modified: Sun, 29 Jan 2023 14:37:13 GMT
Server: ECS (amb/6B8F)
X-Cache: HIT
Content-Length: 279
mpalma.com/wp-content/uploads/2021/11/Palma-Homepage-Video.mp4
206 Partial Content 33 kB URL HTTP/2 mpalma.com/wp-content/uploads/2021/11/Palma-Homepage-Video.mp4
IP
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Hash a0f58d03eb1e885dd4abe98df7a1b1f7
aeb9fa6f3c38b64298d3a539af2a84575a3df172
ab7a86b9620595fcb444bc7a076c2fa56c14d27ff2b6afc27ffb23336cafde4a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/2021/11/Palma-Homepage-Video.mp4 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mpalma.com/
Cookie: _gcl_au=1.1.1226906248.1675043529; _ga_V3BTHVJ929=GS1.1.1675043529.1.0.1675043529.0.0.0; _ga=GA1.1.1595333820.1675043529
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Mon, 30 Jan 2023 01:51:59 GMT
content-type: video/mp4
content-length: 4621745
last-modified: Thu, 26 May 2022 10:38:09 GMT
etag: "628f5891-4685b1"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
content-range: bytes 0-4621744/4621745
X-Firefox-Spdy: h2
www.googleadservices.com/pagead/conversion/736688956/wcm?cc=ZZ&dn=8508293733&cl=Jdp2CJu3q6MBELz2o98C&ct_eid=2
302 Found 0 B URL HTTP/2 www.googleadservices.com/pagead/conversion/736688956/wcm?cc=ZZ&dn=8508293733&cl=Jdp2CJu3q6MBELz2o98C&ct_eid=2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/conversion/736688956/wcm?cc=ZZ&dn=8508293733&cl=Jdp2CJu3q6MBELz2o98C&ct_eid=2 HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://www.google.no/pagead/attribution/wcm?cc=ZZ&dn=8508293733&cl=Jdp2CJu3q6MBELz2o98C
access-control-allow-origin: https://mpalma.com
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 30 Jan 2023 01:51:59 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 3cdf7a37df5fd660125c11f6c7f44064
929c5ec370ad00ff0508f86174d450407ac680bd
22ffbbc922da324c956478cfd8cb5bcc269831ac5c85e22ef6ecdd69e3512a7c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 30 Jan 2023 01:51:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-V3BTHVJ929>m=2oe1p0&_p=308588746&cid=1595333820.1675043529&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675043529&sct=1&seg=0&dl=https%3A%2F%2Fmpalma.com%2F&dt=CPA%20%7C%20Accountant%20%7C%20Tax%20Planning%20%7C%20Bookkeeping%20%7C%20Palma%20Financial&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-V3BTHVJ929>m=2oe1p0&_p=308588746&cid=1595333820.1675043529&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675043529&sct=1&seg=0&dl=https%3A%2F%2Fmpalma.com%2F&dt=CPA%20%7C%20Accountant%20%7C%20Tax%20Planning%20%7C%20Bookkeeping%20%7C%20Palma%20Financial&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-V3BTHVJ929>m=2oe1p0&_p=308588746&cid=1595333820.1675043529&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675043529&sct=1&seg=0&dl=https%3A%2F%2Fmpalma.com%2F&dt=CPA%20%7C%20Accountant%20%7C%20Tax%20Planning%20%7C%20Bookkeeping%20%7C%20Palma%20Financial&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://mpalma.com
date: Mon, 30 Jan 2023 01:51:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
trackcmp.net/t_prism_sitemessages.php?trackid=26530340&prismid=dcaa53bb-c7f5-4b5e-9dd1-5a1e443760a3&url=https%3A%2F%2Fmpalma.com%2F
200 OK 0 B URL HTTP/2 trackcmp.net/t_prism_sitemessages.php?trackid=26530340&prismid=dcaa53bb-c7f5-4b5e-9dd1-5a1e443760a3&url=https%3A%2F%2Fmpalma.com%2F
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /t_prism_sitemessages.php?trackid=26530340&prismid=dcaa53bb-c7f5-4b5e-9dd1-5a1e443760a3&url=https%3A%2F%2Fmpalma.com%2F HTTP/1.1
Host: trackcmp.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:51:59 GMT
content-type: text/javascript;charset=UTF-8
content-length: 0
cache-control: no-cache, private
p3p: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
x-envoy-upstream-service-time: 12
x-powered-by: PHP/8.1.14
x-privacy-policy: You can find our privacy policy here: https://www.activecampaign.com/help/privacy-policy/
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 791690cf2f970b41-OSL
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=704324777514937&ev=PageView&dl=https%3A%2F%2Fmpalma.com%2F&rl=&if=false&ts=1675043530043&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675043530042.890683238&it=1675043529367&coo=false&rqm=GET
200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=704324777514937&ev=PageView&dl=https%3A%2F%2Fmpalma.com%2F&rl=&if=false&ts=1675043530043&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675043530042.890683238&it=1675043529367&coo=false&rqm=GET
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=704324777514937&ev=PageView&dl=https%3A%2F%2Fmpalma.com%2F&rl=&if=false&ts=1675043530043&sw=1280&sh=1024&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675043530042.890683238&it=1675043529367&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Mon, 30 Jan 2023 01:52:00 GMT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 21:48:03 GMT
expires: Fri, 26 Jan 2024 21:48:03 GMT
cache-control: public, max-age=31536000
age: 273837
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-runtime.js
200 OK 3.4 kB URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-runtime.js
IP
File type ASCII text, with very long lines (2306), with no line terminators
Hash 369413a5b7e26d74dc3741f338e34407
da8f4be638957ab28a09f357af347af5e0f9c161
43c7d57a60286315c0f98f3d70b64eb1ceddd7c294767857674decfcf3de4115
GET /_s/v4/app/63b77dcd282/js/twk-runtime.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:00 GMT
content-type: application/javascript
age: 35
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"de21d01e9f8b6cc35ea67267d0ba80ec"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d31c97b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-common.js
200 OK 42 kB URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-common.js
IP
File type ASCII text, with very long lines (65466)
Hash 2ade72bc6f66b3ad5bded7ebe7157d4c
2bd81e5f4493e08ff91c079b380978da63b4ede8
8e807591d165d2c36010facd8ccdca419e5690708bacb72687deb58844651957
GET /_s/v4/app/63b77dcd282/js/twk-chunk-common.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:00 GMT
content-type: application/javascript
age: 35
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"385105148a50079bafff97e9c9476109"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d31c96b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/css/min-widget.css
200 OK 61 kB URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/css/min-widget.css
IP
File type ASCII text, with very long lines (24880), with no line terminators
Hash 7892e7354a03dcdf84f7ac1513e7c064
25e781c22fdb13510ddb185dd806f56a073dbc27
d8855d49ca858cef9caefe8d0bd386ad378854791e430492510edb74d70a03d5
GET /_s/v4/app/63b77dcd282/css/min-widget.css HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:01 GMT
content-type: text/css
cache-control: public, max-age=2592000, immutable
cf-bgj: minify
cf-polished: origSize=24960
access-control-allow-origin: *
age: 1700828
etag: W/"80df9814fe6b98404ccc1df3c455ceaa"
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-cache-status: HIT
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690da0fa2b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-2d0b9454.js
200 OK 4.6 kB URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-2d0b9454.js
IP
File type ASCII text, with very long lines (546), with no line terminators
Hash 61298b556246799f4191be42d648491b
1b036648c37b950f365559209d79a06afdb6d18a
15c2044f7eba33ffa638ec55f8ebe6a246f39bf5d802c351eff6c9795ef05405
GET /_s/v4/app/63b77dcd282/js/twk-chunk-2d0b9454.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:01 GMT
content-type: application/javascript
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"09c3819d373bd4178a620d721429fada"
age: 1700829
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d96f5db512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-vendors.js
200 OK 66 kB URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-vendors.js
IP
File type Unicode text, UTF-8 text, with very long lines (65464)
Hash c6a344a18da79d9e95b213ae986c280b
8db95ac13bdc881411708e923054a6c6f33d97de
eac94688ccb6359ca4257477de0f138cdea4a3e602f13305f1d6a76ad6c5e4e1
GET /_s/v4/app/63b77dcd282/js/twk-chunk-vendors.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:00 GMT
content-type: application/javascript
age: 35
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"70dac54eca3bb2143032bc4db3237623"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d30c95b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/assets/css/dist/theme.min.css?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/assets/css/dist/theme.min.css?ver=2.6.9
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/gravityforms/assets/css/dist/theme.min.css?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-777e"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/et-cache/8/et-core-unified-8.min.css?ver=1674600312
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/et-cache/8/et-core-unified-8.min.css?ver=1674600312
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/et-cache/8/et-core-unified-8.min.css?ver=1674600312 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 24 Jan 2023 22:45:12 GMT
etag: W/"63d05f78-3ff0"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-32507910.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-32507910.js
IP
GET /_s/v4/app/63b77dcd282/js/twk-chunk-32507910.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:01 GMT
content-type: application/javascript
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"b931365947ecaea657544f82994716af"
age: 938842
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d96f61b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 0 B URL HTTP/2 mpalma.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
etag: W/"5fb4e3fe-2bd8"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/dist/a11y.min.js?ver=ecce20f002eda4c19664
200 OK 0 B URL HTTP/2 mpalma.com/wp-includes/js/dist/a11y.min.js?ver=ecce20f002eda4c19664
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/a11y.min.js?ver=ecce20f002eda4c19664 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: W/"6254194e-9cc"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:100,200,300,regular,500,600,700,800,900,100italic,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic&subset=latin,latin-ext&display=swap
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:100,200,300,regular,500,600,700,800,900,100italic,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic&subset=latin,latin-ext&display=swap
IP
GET /css?family=Montserrat:100,200,300,regular,500,600,700,800,900,100italic,200italic,300italic,italic,500italic,600italic,700italic,800italic,900italic&subset=latin,latin-ext&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 30 Jan 2023 01:51:58 GMT
date: Mon, 30 Jan 2023 01:51:58 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
200 OK 0 B URL HTTP/2 mpalma.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1
IP
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.1.1 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
etag: W/"5cfaccce-105a"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/assets/css/dist/basic.min.css?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/assets/css/dist/basic.min.css?ver=2.6.9
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/gravityforms/assets/css/dist/basic.min.css?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-b83f"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.6.9
IP
GET /wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-ad4d"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
200 OK 0 B URL HTTP/2 mpalma.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 16 Nov 2022 08:24:04 GMT
etag: W/"63749e24-27f6"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.6.9
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-121f"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-696bc286.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-696bc286.js
IP
GET /_s/v4/app/63b77dcd282/js/twk-chunk-696bc286.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:01 GMT
content-type: application/javascript
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"2aa8e4d8fcf9760a324a8b2e7902f6ca"
age: 1700829
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d95f53b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mpalma.com/wp-content/et-cache/8/et-core-unified-tb-40-tb-48-8.min.css?ver=1674600312
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/et-cache/8/et-core-unified-tb-40-tb-48-8.min.css?ver=1674600312
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/et-cache/8/et-core-unified-tb-40-tb-48-8.min.css?ver=1674600312 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 24 Jan 2023 22:45:12 GMT
etag: W/"63d05f78-b52"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/uploads/2022/09/GMT20220823-165619_Recording_1920x1080.mp4?_=1
206 Partial Content 0 B URL HTTP/2 mpalma.com/wp-content/uploads/2022/09/GMT20220823-165619_Recording_1920x1080.mp4?_=1
IP
GET /wp-content/uploads/2022/09/GMT20220823-165619_Recording_1920x1080.mp4?_=1 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mpalma.com/
Cookie: _gcl_au=1.1.1226906248.1675043529; _ga_V3BTHVJ929=GS1.1.1675043529.1.0.1675043529.0.0.0; _ga=GA1.1.1595333820.1675043529
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Mon, 30 Jan 2023 01:51:59 GMT
content-type: video/mp4
content-length: 231408451
last-modified: Fri, 30 Sep 2022 07:20:29 GMT
etag: "633698bd-dcb0343"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
content-range: bytes 0-231408450/231408451
X-Firefox-Spdy: h2
diffuser-cdn.app-us1.com/diffuser/diffuser.js
200 OK 0 B URL HTTP/2 diffuser-cdn.app-us1.com/diffuser/diffuser.js
IP
GET /diffuser/diffuser.js HTTP/1.1
Host: diffuser-cdn.app-us1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
last-modified: Thu, 21 Oct 2021 17:42:06 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
cache-control: public, max-age=300
etag: W/"4d482a43613d3966f353ec9d97452e0c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ddf05588239a53ffcc4f78bf3b76aac4.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: sCYVe7QzQN-Z21TJriJfx73OXUWjIpkRFGlKaQ5OGjoofuNYUJz1gA==
cf-cache-status: HIT
age: 159
server: cloudflare
cf-ray: 791690c9995cb4ee-OSL
X-Firefox-Spdy: h2
va.tawk.to/log-performance/v3
200 OK 0 B URL HTTP/2 va.tawk.to/log-performance/v3
IP
OPTIONS /log-performance/v3 HTTP/1.1
Host: va.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mpalma.com/
Origin: https://mpalma.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:02 GMT
x-served-by: visitor-application-preemptive-1hgj
access-control-allow-origin: https://mpalma.com
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: content-type,x-tawk-token
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690dd58eab512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mpalma.com/wp-content/themes/Divi_Child/style.css?ver=4.19.4
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/themes/Divi_Child/style.css?ver=4.19.4
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/Divi_Child/style.css?ver=4.19.4 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 26 May 2022 10:38:12 GMT
etag: W/"628f5894-1366"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/legacy/css/formsmain.min.css?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/legacy/css/formsmain.min.css?ver=2.6.9
IP
GET /wp-content/plugins/gravityforms/legacy/css/formsmain.min.css?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-12fe5"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/legacy/css/readyclass.min.css?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/legacy/css/readyclass.min.css?ver=2.6.9
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/gravityforms/legacy/css/readyclass.min.css?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-726e"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/genesis-blocks/dist/assets/js/dismiss.js?ver=1666034849
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/genesis-blocks/dist/assets/js/dismiss.js?ver=1666034849
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/genesis-blocks/dist/assets/js/dismiss.js?ver=1666034849 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 17 Oct 2022 19:27:29 GMT
etag: W/"634daca1-39b"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
200 OK 0 B URL HTTP/2 mpalma.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.17 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 16 Nov 2022 08:24:04 GMT
etag: W/"63749e24-26935"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.19.4
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.19.4
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/Divi/core/admin/js/common.js?ver=4.19.4 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 22 Dec 2022 10:43:41 GMT
etag: W/"63a434dd-53f"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-4fe9d5dd.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-4fe9d5dd.js
IP
GET /_s/v4/app/63b77dcd282/js/twk-chunk-4fe9d5dd.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:01 GMT
content-type: application/javascript
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"5f434bdd806571a4e1b385bee9316ff6"
age: 1700830
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d96f5cb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-48f46bef.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-48f46bef.js
IP
GET /_s/v4/app/63b77dcd282/js/twk-chunk-48f46bef.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:01 GMT
content-type: application/javascript
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"d9f3d1c4504d77c3e7c2e3e2f126fd9b"
age: 1700829
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d96f5bb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/tablepress/css/build/default.css?ver=2.0.4
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/tablepress/css/build/default.css?ver=2.0.4
IP
GET /wp-content/plugins/tablepress/css/build/default.css?ver=2.0.4 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 19 Jan 2023 20:13:15 GMT
etag: W/"63c9a45b-17b4"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/legacy/css/browsers.min.css?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/legacy/css/browsers.min.css?ver=2.6.9
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/gravityforms/legacy/css/browsers.min.css?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-2015"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
200 OK 0 B URL HTTP/2 mpalma.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Wed, 16 Nov 2022 08:24:04 GMT
etag: W/"63749e24-15e54"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.6.9
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-72c"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: W/"6254194e-194b"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-app.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-app.js
IP
GET /_s/v4/app/63b77dcd282/js/twk-app.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:00 GMT
content-type: application/javascript
vary: X-Goog-Allowed-Resources, Accept-Encoding
age: 35
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"e736e189edb5d0d9d5b8e7f23dd9114a"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d31c99b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/assets/css/dist/theme-ie11.min.css?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/assets/css/dist/theme-ie11.min.css?ver=2.6.9
IP
GET /wp-content/plugins/gravityforms/assets/css/dist/theme-ie11.min.css?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-6d9"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/gravityforms/legacy/css/formreset.min.css?ver=2.6.9
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/gravityforms/legacy/css/formreset.min.css?ver=2.6.9
IP
GET /wp-content/plugins/gravityforms/legacy/css/formreset.min.css?ver=2.6.9 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 12 Jan 2023 06:36:10 GMT
etag: W/"63bfaa5a-f14"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.19.4
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.19.4
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/Divi/includes/builder/feature/dynamic-assets/assets/js/easypiechart.js?ver=4.19.4 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 22 Dec 2022 10:43:41 GMT
etag: W/"63a434dd-2466"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-main.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-main.js
IP
GET /_s/v4/app/63b77dcd282/js/twk-main.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:00 GMT
content-type: application/javascript
age: 35
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"da5bb1dc647470204df0e49f5afac2de"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d2fc85b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-vendor.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-vendor.js
IP
GET /_s/v4/app/63b77dcd282/js/twk-vendor.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mpalma.com
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:00 GMT
content-type: application/javascript
age: 35
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"7dcb496e4882926f93f2e73fa87062c0"
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d30c94b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/languages/en.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/languages/en.js
IP
GET /_s/v4/app/63b77dcd282/languages/en.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:01 GMT
content-type: application/javascript
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"585ba00b2c167b90c210161454f843b5"
age: 1700830
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d66dd3b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-f1596d96.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-f1596d96.js
IP
GET /_s/v4/app/63b77dcd282/js/twk-chunk-f1596d96.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:01 GMT
content-type: application/javascript
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"058710526a0979b9e77a4babe9adfcd7"
age: 1700830
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d96f57b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/wpls-public.css?ver=3.2.2
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/wpls-public.css?ver=3.2.2
IP
GET /wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/wpls-public.css?ver=3.2.2 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 09 Dec 2022 21:15:39 GMT
etag: W/"6393a57b-e4b"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/slick.css?ver=3.2.2
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/slick.css?ver=3.2.2
IP
GET /wp-content/plugins/wp-logo-showcase-responsive-slider-slider/assets/css/slick.css?ver=3.2.2 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Fri, 09 Dec 2022 21:15:39 GMT
etag: W/"6393a57b-591"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
200 OK 0 B URL HTTP/2 mpalma.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
etag: W/"5f735862-2bf8"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/uploads/pum/pum-site-styles.css?generated=1670181251&ver=1.17.1
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/uploads/pum/pum-site-styles.css?generated=1670181251&ver=1.17.1
IP
GET /wp-content/uploads/pum/pum-site-styles.css?generated=1670181251&ver=1.17.1 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Sun, 04 Dec 2022 19:14:11 GMT
etag: W/"638cf183-4600"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-f163fcd0.js
200 OK 0 B URL HTTP/2 embed.tawk.to/_s/v4/app/63b77dcd282/js/twk-chunk-f163fcd0.js
IP
GET /_s/v4/app/63b77dcd282/js/twk-chunk-f163fcd0.js HTTP/1.1
Host: embed.tawk.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 30 Jan 2023 01:52:01 GMT
content-type: application/javascript
last-modified: Fri, 06 Jan 2023 01:49:34 GMT
etag: W/"a92075fd9ac5ba130387a80453676099"
age: 1700830
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
x-cache-status: HIT
strict-transport-security: max-age=0; includeSubDomains; preload
cf-cache-status: HIT
vary: Accept-Encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 791690d96f5fb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mpalma.com/wp-content/themes/Divi/style-static.min.css?ver=4.19.4
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/themes/Divi/style-static.min.css?ver=4.19.4
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/Divi/style-static.min.css?ver=4.19.4 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Thu, 22 Dec 2022 10:43:41 GMT
etag: W/"63a434dd-c9550"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
mpalma.com/wp-content/et-cache/8/et-core-unified-tb-40-tb-48-deferred-8.min.css?ver=1674600312
200 OK 0 B URL HTTP/2 mpalma.com/wp-content/et-cache/8/et-core-unified-tb-40-tb-48-deferred-8.min.css?ver=1674600312
IP
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/et-cache/8/et-core-unified-tb-40-tb-48-deferred-8.min.css?ver=1674600312 HTTP/1.1
Host: mpalma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mpalma.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 30 Jan 2023 01:51:58 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
last-modified: Tue, 24 Jan 2023 22:45:12 GMT
etag: W/"63d05f78-3930"
cache-control: public, max-age=31536000
access-control-allow-origin: *
content-encoding: br
X-Firefox-Spdy: h2
44.209.189.217
104.17.146.91
157.240.205.35
188.114.99.234
93.184.220.29
23.36.77.32