r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a8b4f1afb0e830b797238d34ab9254aa
e011acef3d05c959a65205d53b651ecd18a889fe
f7ceff5b4fda083c7449b7298c232224cf48a632dcb87233b646790de207d49c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7CEFF5B4FDA083C7449B7298C232224CF48A632DCB87233B646790DE207D49C"
Last-Modified: Thu, 12 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7114
Expires: Sat, 14 Jan 2023 22:51:20 GMT
Date: Sat, 14 Jan 2023 20:52:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3063227f59d1935298b0620fa7919145
478e1d8bef04b1f95381cac01829c03b6779d420
619281d3b9753bc6d2845786da75e8566687362769517aacf90f953ffbb8407c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "619281D3B9753BC6D2845786DA75E8566687362769517AACF90F953FFBB8407C"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17450
Expires: Sun, 15 Jan 2023 01:43:36 GMT
Date: Sat, 14 Jan 2023 20:52:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 14 Jan 2023 20:48:56 GMT
content-type: application/json
age: 230
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7bd85a261739c122eefb74ffddaec99
e2e059b0740592e8591d432249aafe5fcb8af23c
71bdd130b8d143f228542f678e91c98ab4e5844fb9f47b036e15372660be25fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71BDD130B8D143F228542F678E91C98AB4E5844FB9F47B036E15372660BE25FD"
Last-Modified: Sat, 14 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9229
Expires: Sat, 14 Jan 2023 23:26:35 GMT
Date: Sat, 14 Jan 2023 20:52:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: XHg93lwoG14MJTbS8KrHnUwER3hFMMDmz2vEP0u/KKdWD/3IZfl2Wcd66b3eAEbo0JPLWa4KOno=
x-amz-request-id: H8FS588S5KX41GA5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 14 Jan 2023 20:43:52 GMT
age: 534
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 14 Jan 2023 20:52:46 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
bdfcahi.naughtywhors.com/s/626e195e025c5?track=69
178.162.199.80200 OK 1.8 kB URL HTTP/1.1 bdfcahi.naughtywhors.com/s/626e195e025c5?track=69
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 6dac44aa44d769c03754f433ac244721
b5fde2a09451b1c98b13c3475a68c30d9d528194
4adec49350908bb7e7869a33fa1ae60e1a0573655c2aa28d09eff5b5fbacae75
Analyzer Verdict Alert fortinet Phishing
GET /s/626e195e025c5?track=69 HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4; expires=Sun, 15-Jan-2023 20:52:46 GMT; Max-Age=86400; path=/; domain=naughtywhors.com
SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtywhors.com
ESID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtywhors.com
Content-Encoding: gzip
bdfcahi.naughtywhors.com/bundle/275/assets/js/functions.js
178.162.199.80200 OK 389 B URL HTTP/1.1 bdfcahi.naughtywhors.com/bundle/275/assets/js/functions.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (381), with CRLF line terminators
Hash 7be0a389385d045c27842522fed8530e
930956308fe93dee12fc7689a8684c82a137745c
f179811dfa8ab006893bb729eb43c956e86f5f86047a093325aa31f8e8632f51
Analyzer Verdict Alert fortinet Phishing
GET /bundle/275/assets/js/functions.js HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/s/626e195e025c5?track=69
Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:47 GMT
Content-Type: application/javascript
Content-Length: 389
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
Vary: Accept-Encoding
ETag: "5e78a7f4-185"
Accept-Ranges: bytes
cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css
104.17.24.14200 OK 3.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (52592)
Hash 9266f9107ebcfd5961b230047eb0bb94
082cca30d08963a57887613907e9c397889d3c10
d134df9ecd44a8aa61a0c0f309bc44664472f0555bdb7948021f2ed3b329368c
GET /ajax/libs/animate.css/3.5.2/animate.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 20:52:47 GMT
content-type: text/css; charset=utf-8
content-length: 3279
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d2a-ce35"
last-modified: Mon, 04 May 2020 16:04:58 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3813194
expires: Thu, 04 Jan 2024 20:52:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dB4JcSSxpPIlCQVIPtBfkyftl6eomBG5itYToyHwPSxQTHn0KIdNzIIjL%2BXitco6cL0NsMTVrh7dwmJxVKJFU4SpYzXutCDtOcaKovG6on06n1%2F3PTw2Fy0MM4mdmzl%2B63Xt%2BSE8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 789941e298da0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bdfcahi.naughtywhors.com/bundle/275/assets/css/style.css
178.162.199.80200 OK 16 kB URL HTTP/1.1 bdfcahi.naughtywhors.com/bundle/275/assets/css/style.css
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with CRLF line terminators
Hash dbc14074261efe7a301b4ec0554cd210
9ba275b540b9929b7e04dc55f3342971cd00f1fc
ed416a64ba763bf65cc02caf79a7163306667720a4b1e039e13ad3a97692ca99
GET /bundle/275/assets/css/style.css HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/s/626e195e025c5?track=69
Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:47 GMT
Content-Type: text/css
Content-Length: 15642
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
Vary: Accept-Encoding
ETag: "5e78a7f4-3d1a"
Accept-Ranges: bytes
bdfcahi.naughtywhors.com/js/click.js?8
178.162.199.80200 OK 5.3 kB URL HTTP/1.1 bdfcahi.naughtywhors.com/js/click.js?8
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
Hash 8207d083c909c6386927c5197eff584c
a5f1148a0e9923191d3f8ed4c1750240374af2a9
f71ae9723255b00dcc8e3631fe419cbbb56a80b3034f184ca5292127d7b3eea9
Analyzer Verdict Alert fortinet Phishing
GET /js/click.js?8 HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/s/626e195e025c5?track=69
Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:47 GMT
Content-Type: application/javascript
Content-Length: 5260
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 12:44:44 GMT
Vary: Accept-Encoding
ETag: "63b6c63c-148c"
Accept-Ranges: bytes
code.jquery.com/jquery-2.2.4.min.js
69.16.175.10200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-2.2.4.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32065)
Hash 82885772205f23cd59e25a221521b059
96ed36f45544295f28df1ab251e7e38faceeff0e
8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215
GET /jquery-2.2.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://bdfcahi.naughtywhors.com
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 14 Jan 2023 20:52:47 GMT
content-encoding: gzip
content-length: 29811
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-sp-metadata: HS256.CK/IjJ4GEocBCiRkMDczNDg1ZC1mOWI0LTRjODYtYmQzNS0yZDdhYTdkZjA5ZDMQ+OiCoKvU+wIaBgifrIyeBiIMOTEuOTAuNDIuMTU0KOuDATADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkNDE1YzNmMDctNzhkOS00MzMyLThhYjQtZjIwNTk3NDkwMjIxGPPoASIYCAISFGNkczIxNC5zazEuaHdjZG4ubmV0.gVY6ZrtHyZr9LVyERyjqzfjvWy89E5BBydqQr3bO3B4=
x-hw: 1673729567.dop014.sk1.t,1673729567.cds071.sk1.hn,1673729567.cds214.sk1.c
X-Firefox-Spdy: h2
bdfcahi.naughtywhors.com/bundle/275/assets/img/yes.png
178.162.199.80200 OK 3.5 kB URL HTTP/1.1 bdfcahi.naughtywhors.com/bundle/275/assets/img/yes.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 3d0dab8337c085af1541ee5b7d63b53b
b8bc0b819b1f4259f179049edb58ed16cc8caf0e
6bfdecff876226c1e233f71e7b0b1a6e0eb238281a52156c39f051691dd88a43
GET /bundle/275/assets/img/yes.png HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/bundle/275/assets/css/style.css
Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:47 GMT
Content-Type: image/png
Content-Length: 3480
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-d98"
Accept-Ranges: bytes
bdfcahi.naughtywhors.com/bundle/275/assets/img/pattern.png
178.162.199.80200 OK 2.8 kB URL HTTP/1.1 bdfcahi.naughtywhors.com/bundle/275/assets/img/pattern.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced\012- data
Hash f06b5903c3ed5ef39db9b98b60deba70
f2d93c7d32069d157fa3047b550ef406bea1aa05
5cbc28ef1cf07ab8956014b581aa2b96baac861237975813702e63c886b0c004
GET /bundle/275/assets/img/pattern.png HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/bundle/275/assets/css/style.css
Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:47 GMT
Content-Type: image/png
Content-Length: 2801
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-af1"
Accept-Ranges: bytes
bdfcahi.naughtywhors.com/bundle/275/assets/img/1.jpg
178.162.199.80200 OK 90 kB URL HTTP/1.1 bdfcahi.naughtywhors.com/bundle/275/assets/img/1.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1040x660, components 3\012- data
Hash 9a350f9b30c1f5f5635f896bf2487345
82fcc5cbc8e1ba0ab697d27017ab9fe8c6dc5f19
15d4127cd56e1b50b5d57340161ff54d22713da009df6904925833779ab125d0
GET /bundle/275/assets/img/1.jpg HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/bundle/275/assets/css/style.css
Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:47 GMT
Content-Type: image/jpeg
Content-Length: 90519
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-16197"
Accept-Ranges: bytes
bdfcahi.naughtywhors.com/bundle/275/assets/fonts/Lato-Regular.ttf
178.162.199.80200 OK 120 kB URL HTTP/1.1 bdfcahi.naughtywhors.com/bundle/275/assets/fonts/Lato-Regular.ttf
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 30 names, Macintosh, Copyright (c) 2010-2011 by tyPoland Lukasz Dziedzic with Reserved Font Name "Lato". Licensed und\012- data
Size 120 kB (120196 bytes)
Hash 7f690e503a254e0b8349aec0177e07aa
127f241871a9fe42cd8d073a0835410f3824d57c
7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7
Analyzer Verdict Alert fortinet Phishing
GET /bundle/275/assets/fonts/Lato-Regular.ttf HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/bundle/275/assets/css/style.css
Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:47 GMT
Content-Type: application/octet-stream
Content-Length: 120196
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-1d584"
Accept-Ranges: bytes
bdfcahi.naughtywhors.com/js/fp2.min.js
178.162.199.80200 OK 31 kB URL HTTP/1.1 bdfcahi.naughtywhors.com/js/fp2.min.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (30507)
Hash e7d6b85edb141824af8951e19333337c
76600b2cb1978ca24d9fe39b1412f052da855ddb
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e
Analyzer Verdict Alert fortinet Phishing
GET /js/fp2.min.js HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/s/626e195e025c5
Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4; CF=1fQnM2QtMV8Trr1x039YOA__
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:47 GMT
Content-Type: application/javascript
Content-Length: 30685
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 12:44:44 GMT
Vary: Accept-Encoding
ETag: "63b6c63c-77dd"
Accept-Ranges: bytes
bdfcahi.naughtywhors.com/bundle/275/assets/img/favicon.png
178.162.199.80200 OK 796 B URL HTTP/1.1 bdfcahi.naughtywhors.com/bundle/275/assets/img/favicon.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash a6ad4df9ec78d77e3ba0b6cd82fe297a
1314387b8238a472e68db26bcc1cf29948cc1730
6c0f700fed24177a4ba0d9032fc78f9d34254bb9dfae532fd28d28ec4e105b28
GET /bundle/275/assets/img/favicon.png HTTP/1.1
Host: bdfcahi.naughtywhors.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bdfcahi.naughtywhors.com/s/626e195e025c5?track=69
Cookie: s=3wQI411zAAJjzQrKqbRVBGYrnxnvVP8IinCj48tdf%2FIXW9IJhyRVQDgkXmBXyJKSWoNtta%2BUF4iKfnm5XaUIaSB%2BNvinHptV%2FTS4T4wKZQmP2BKsfV%2BiD5WVF9VF39I5zOAjuTw8S7wI5AezHcvEqXOQe%2FlHI%2FTQfdC9oGl8LRfSqQywccmNsuILRdj5lEQIbehH74X7%2FtcOtnCvkn9C0fRHNXb5gRjYjH1oLE%2B%2BQ98CDblUkQnkrtdl%2Bmt4ctccO5kckNX2e%2FEQFjY%2B3e9j1PuKEvlIYH61W8ED4J7Z%2FMIn0Y3mymrN%2F7%2FfHuszF%2Bx0LcosrnCcqlb3bnmohLfdKyzOgI4YShiMB6a9talPnlQyobO8ad2rcO7EcOrAZn9bF6%2FyPeLfGKt1%2BkmW4nHNTlcaCUYwP5HVHw%2Bic0xaAutNIEM8nKjrBB0Xb4vGXbjfpQq%2BZKgznIdhZ%2ByXR8Q%2Fssf1l3CYJaqVpZSdMjgwTckrCqU7IsxcRXjGpeTHFkVWC0admiDwdl5%2FCCWF3Qr3y00%2FMw113lFunnIytVuS0i46uVnljnRDfTlZHDEfND1XJjpwo%2FjZumUM9T%2FJhiLpojEsen9oZvSYnWOjvfCSO0mVdFfg2taUc2%2Ftok%2BrV0gx38l9oOSQI4D4MLqPNuy1VOuRFa%2BpOyw1BsRABeUn03TW2I06SAVauIHJpaSZB1Vn2P79xhxGAN720Rp69ilV0MGy10FDndiM%2BAI9hwBWah4RpyFcLLZZdKwUxLsa1Y4vjszhpfohQsWqMVIolScep8TiPpv0oOPxeaajdKVxI%2FJuxHyxWJ%2BvZuxIVGihyPOuhW6O%2Fzw4m5jRWLHoLcw3XvkAohrDNf%2BZ3Vzhd6BfTpWI10%2FXrzGF65Nmi7ZiGZ2kgQomtIkRKHYS6dAbKA%2FlC%2FnzsMhI4gQ7obY4gvoPp6CE%2FzifsRBVFv0waKQ0aDNiSWYWZ1A88hJOenjcUO2rmwOwq%2BJpAMTPtzqkXL4v8s0t0sDyG%2BuRgc2v7WD4%2BwGoRr%2FjM6HSYSSQKypISIPCxRUQc7G6rEkPTRu1wVPUhO7x7%2BwQJV%2F2SdvJJalmZayM1HMclaIicl8RiXuZ%2B0k63%2BSlBgjBXcaAZ0tfz%2Bqw39t0mrg9H2uR3%2BlXkGQX3CglIbHjwWkA3Paat1atsOiAAWmtNLcqH5%2Bl1RV%2FWTBPmPcaHlIbYK2nfk99vLg06JVJGmqh4pQGcRN6mEl2sEYDdoO6p%2BrIKS0lKutjQgUmvhF%2Bkb1ihPUISCgH5kwsEhMSa3OX36QXvXNufxPM%2FIl2IV6AfoS0CENUk5q6zpLenf%2FP40fniFlI3NKju3CqAOpDooqktreW9njlKlbPuCsV7kUTb4AQOxdwsMBMyn2yvIjEZ5EFMMbL7r1chiNfIyAlvy30ZUb%2F5STTk8lCbX97HVGarjgob95cC467w9nS1u9rcbdAHr3HUbsuchO%2B7ZH0UXXT5h0doIRQywdZ1c49IZ%2FWRAhZNwlUZCNDDrqVL%2FEW1LPAI9%2BhzKGkR7LrjSgUV38w8zLqMEjY6CTzz41cPOqChIVZcLVeTpBtIXrMwbcmivo4; CF=1fQnM2QtMV8Trr1x039YOA__
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 14 Jan 2023 20:52:47 GMT
Content-Type: image/png
Content-Length: 796
Connection: keep-alive
Last-Modified: Mon, 23 Mar 2020 12:13:40 GMT
ETag: "5e78a7f4-31c"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 14 Jan 2023 20:17:25 GMT
age: 2122
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c01ec61f7ca77158f474b3ab519c12fa
fc82ae0fcd73a83a980b75709a08e65239894e4a
f533e0fac9b92e79d4fbd6e70b42a83067de95f0a13cc737d7e5fa459baa4c54
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 506
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 14 Jan 2023 20:52:47 GMT
Last-Modified: Sat, 14 Jan 2023 20:44:21 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.164.47.95101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.47.95:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9LPdyNfcYxq9kplnNd4wkA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Tpl07BffiHEdWdgZGQXNeOc6yNA=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11352
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 20:52:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11352
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 20:52:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11352
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 20:52:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11352
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 20:52:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 256e39696ba05f2324bbc49b2a396115
e1cf8b15abd0a20eb1218be517c03459514a59e0
d576a66e6b39751bdbc7b662454d37866b75efef1aa51761daba61783d755bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D576A66E6B39751BDBC7B662454D37866B75EFEF1AA51761DABA61783D755BC9"
Last-Modified: Thu, 12 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11352
Expires: Sun, 15 Jan 2023 00:02:01 GMT
Date: Sat, 14 Jan 2023 20:52:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64ba27a2f0a3bc61bd325f1fb317b755
c65c58476b66cbb6269ba1d8412d270a0a003ae3
5f7f03752f8a7c8c08d92512ae93b193ea37f59354503c3129d33fd2910f87e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b0d4bc-9eea-491e-9fed-be68e71088e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9135
x-amzn-requestid: 2c5e9de0-9244-43ac-b7c4-712cbcf7038c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAnoG6roAMFzgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7afd-7fb640b30bab63bc1979a173;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:14:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SUGIIWi8jWe9RoRu-3dQXvLAddjwjH05V1ubKzEOEQrFonzVjQdbtw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 03:33:07 GMT
age: 62382
etag: "c65c58476b66cbb6269ba1d8412d270a0a003ae3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d24ea1f095f492934a1f1c63f5d8590c
dade37148c9b9a941f93a8535d8ddc5de3952623
2d8e3f90eb347eb3479a6c5d20a1c2ca6a0560f335a6c6800948db2640e4c878
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F917985a1-aa8d-4c0a-860c-0b16c203387e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8181
x-amzn-requestid: 7ada8fbd-58e6-4433-a532-b4a4ef93ac9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0paH-OIAMFg5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce3c-582529522dbb67ee728484f8;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AHjOmYxva5avyA3gt9DvYLas_B2ACimer5QRQOi919HDtSjnKq22lw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 10:27:20 GMT
age: 37529
etag: "dade37148c9b9a941f93a8535d8ddc5de3952623"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a23d61d610c7b55d943fcb2636a01b65
82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065
28bf3039cc8c1213e64893c71bc150eda573223feb2cc15ad0814a44960d434a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33bbc100-e509-4a4f-8b98-1d44a52a7a3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9539
x-amzn-requestid: eb427fd6-c342-4a22-af45-ecc528cf4a8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: epfDqEAZIAMFudQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c0787d-4f61ecd2422081224869da76;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 21:15:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RRMRT2BC5p1x0Vh20ut0Kjbz2mnaNToUIbzIg9oczduvzYCckvFORA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 12:46:14 GMT
age: 29195
etag: "82c4c5170c7b586c2a7a1f2d2d5c9ff0219af065"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2363dbe7bb6a459853d8d19cab50e70b
ded76de1dd453e40dbf6eaa8607cf19fac7f71a4
f96da6354cec52143768014c36ba2b298224a58b0bf38bd2aa5f3bfce69d8670
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc0a5cc8b-8d62-447a-a39c-733e1afdd415.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7447
x-amzn-requestid: dd3543b7-4e6b-4605-acea-a21d39af02ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0qSFjAIAMF7HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce41-56e2ccc63669032d70cba0ba;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AYaeawnEmwHkyx3h-yliVx-ARcRB3W5kbtFH5tARnL3YMD6e4WYAQw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:49:01 GMT
age: 83028
etag: "ded76de1dd453e40dbf6eaa8607cf19fac7f71a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4eac26ee-70ec-4eca-8e10-c7a79b5575b3.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4eac26ee-70ec-4eca-8e10-c7a79b5575b3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4f04f55a9d261ddda8128b0bb721446
5e8df480a1650606937ee493660177bf09c49c14
3a357fbbd9f41d384a06e151a0daff50b345520d4816e70cc1b2c694949ce79f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4eac26ee-70ec-4eca-8e10-c7a79b5575b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4936
x-amzn-requestid: f1808de3-5712-4a65-8394-c1624668cdb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: es0pZFbIIAMFnvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c1ce3b-48c4b0cd36319a2634c0c5f0;Sampled=0
x-amzn-remapped-date: Fri, 13 Jan 2023 21:33:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rudCuuUXfxE8aRq8-FFIwHE4tqeSWxYrd8uilWI-8DZSY9A-8EiLQQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 13 Jan 2023 21:49:06 GMT
age: 83023
etag: "5e8df480a1650606937ee493660177bf09c49c14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1378f107c1996ade14a8fe7fd728072
f52d98d9a0d1d343a539689ea14acf99e148cf8c
4be994757ec7ec42929590169de199e927889261334e258903a0929a1055047d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78b55aad-884c-40db-a779-021d0c2305b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9154
x-amzn-requestid: fbb1140d-7ec2-4f86-8761-5d04601af70e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: enAkCEN2IAMFuMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63bf7ae6-4baebf1104f9cf2a0ee8a538;Sampled=0
x-amzn-remapped-date: Thu, 12 Jan 2023 03:13:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jlRcVyQppaQaPPMKaqadtaEHfdOYXXXbnfrr44l_2E2qaOoh_O0Mog==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 14 Jan 2023 04:10:18 GMT
age: 60151
etag: "f52d98d9a0d1d343a539689ea14acf99e148cf8c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2