r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19644
Expires: Tue, 07 Feb 2023 18:41:09 GMT
Date: Tue, 07 Feb 2023 13:13:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2289
Expires: Tue, 07 Feb 2023 13:51:54 GMT
Date: Tue, 07 Feb 2023 13:13:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16227
Expires: Tue, 07 Feb 2023 17:44:12 GMT
Date: Tue, 07 Feb 2023 13:13:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 07 Feb 2023 12:34:08 GMT
content-type: application/json
age: 2377
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: p5c37TZl8l5UiGXaDEuC+XYjhfilgIrfGfuhIL6B7Uka2wlSI8oR+Jumsr2MabkHr1lejAiWmno=
x-amz-request-id: KJ36MA0WQ6X4E12F
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 07 Feb 2023 12:35:31 GMT
age: 2294
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 07 Feb 2023 13:13:45 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 07 Feb 2023 12:51:19 GMT
age: 1346
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5645
Expires: Tue, 07 Feb 2023 14:47:51 GMT
Date: Tue, 07 Feb 2023 13:13:46 GMT
Connection: keep-alive
narayaniinterior.com/ad/ZS/ae8221d7060b7cd4fb9de10169f82d4a/enterpassword.php
302 Moved Temporarily 145 B URL HTTP/1.1 narayaniinterior.com/ad/ZS/ae8221d7060b7cd4fb9de10169f82d4a/enterpassword.php
IP
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash ca35f86083c327b09ec3df0adfe284e7
bd680276bffaf6fdb304657003d51a74b5c2f998
84c1fdfe0e68e2ed14b46fd867e91688936072ad51471ea9fa0c7616480ab912
Analyzer Verdict Alert fortinet Malware
GET /ad/ZS/ae8221d7060b7cd4fb9de10169f82d4a/enterpassword.php HTTP/1.1
Host: narayaniinterior.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.20.1
Date: Tue, 07 Feb 2023 13:13:46 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: http://narayaniinterior.com/
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j2KlT4lhQiNBsNjZdv2ddA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7AB2AmshqwYlJNetiuVmNqh0ZgA=
narayaniinterior.com/
200 OK 252 B IP
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 0641ef81db326bece91032bb28c31e63
298fa0e12f3972192283b7eb6aa2de7c609b4846
911dcd817feb4a25a7755866af5b4b9c3476ba3061eff7a51598b662c8912b44
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata medium ET ADWARE_PUP Win32/Zonebac Traffic Redirect
GET / HTTP/1.1
Host: narayaniinterior.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 07 Feb 2023 13:13:46 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
narayaniinterior.com/favicon.ico
404 Not Found 114 B URL HTTP/1.1 narayaniinterior.com/favicon.ico
IP
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4dda89292ffda632595d8e4040ef07c8
55c26cf87340555b3c09ba932bbabfc066a8d0ea
2615795f2aaccceaee3a5a92bcb488c122aed8a152f042633e41657fff9f7278
GET /favicon.ico HTTP/1.1
Host: narayaniinterior.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://narayaniinterior.com/
HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Tue, 07 Feb 2023 13:13:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4624
Expires: Tue, 07 Feb 2023 14:30:51 GMT
Date: Tue, 07 Feb 2023 13:13:47 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4624
Expires: Tue, 07 Feb 2023 14:30:51 GMT
Date: Tue, 07 Feb 2023 13:13:47 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4624
Expires: Tue, 07 Feb 2023 14:30:51 GMT
Date: Tue, 07 Feb 2023 13:13:47 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4624
Expires: Tue, 07 Feb 2023 14:30:51 GMT
Date: Tue, 07 Feb 2023 13:13:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 38c58626-f4ad-4e2b-ad71-a628519d2ea2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmEdHFwCoAMFhxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8b453-7da6d0c1093468d320caaa1e;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 06:25:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AFal52_Srd2lOpZS7RF7Nit-8jPqmbmXDTT57d8Ax-1AjBce6LxlFQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 04:57:38 GMT
age: 29769
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hLrbI5Acy2RBlg7VqGE2b83zuqgt-bx0kD0nlH8uYaJ8tii2FqMLfw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 15:25:12 GMT
age: 78515
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg
200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eedb4de12585c70ddb5b8f94fe6a59e2
83c9437e71a0a03b3e8ff652155a85eafa76cdda
d4493a30f62e9ad224b3595ba3af8a322e2d4a3d9238a1847973f962bdcc0c82
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ada2635-3335-4f49-9e7f-22d2ae016030.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4227
x-amzn-requestid: b45f2ab7-0102-4542-9514-54fb93a0e27f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f77sTH4jIAMFnsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1731b-4a24bcb1102e58543cd81343;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: V_4NzIAVBOZMjf_YIM3bowFdlP1y4peI5JI-jO105s3NVjmyYnC0Tg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:48:48 GMT
age: 55499
etag: "83c9437e71a0a03b3e8ff652155a85eafa76cdda"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c86a61b-07c3-45f6-b564-e556eb788d04.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c86a61b-07c3-45f6-b564-e556eb788d04.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 59419fb1cf4689bed183d0e9a6aed782
47d4a4bb26fafff0c6aebfe3dc7ddfa4970f8e9a
e6009407bd61bee1ae16ec30ea5914be77c56ee65dfb30595b10a1cedc6798c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c86a61b-07c3-45f6-b564-e556eb788d04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12682
x-amzn-requestid: d858d90a-b1ca-401c-8e00-8ccd9c0a7504
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f78mUEsfIAMFreg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1748e-2783de3e3de9c520246bf06e;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 21:43:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: eq8Kle9uYWJ3vmaJD50r-oaTb_O2ObQgLNlTcYn9XQoHCyAO3isqyQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 21:44:49 GMT
age: 55738
etag: "47d4a4bb26fafff0c6aebfe3dc7ddfa4970f8e9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c48c35-4645-41c0-a6fa-b700208324c7.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c48c35-4645-41c0-a6fa-b700208324c7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 75b0935816ca54d5d20a9fffa5531e0d
bd8374980c16b7d5a28e55b8bef2215713b1ebb2
4ab6f49d22d029681754b617001f93467d63035acdaf12905c2314cab77991af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c48c35-4645-41c0-a6fa-b700208324c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13390
x-amzn-requestid: 0664e077-13a4-4a97-afc2-3969cee56958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f2pu6Fb7oAMF_0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63df565f-057ee8fa26aa83d21f875d73;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 07:10:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cAwOWu-_JYTMa0l-1A07FxgOGtG7P59D7XlovXByRA9dQxfsS2An7w==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 18:44:40 GMT
age: 66547
etag: "bd8374980c16b7d5a28e55b8bef2215713b1ebb2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a62e65-5d07-4259-aa47-d2491847eee9.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a62e65-5d07-4259-aa47-d2491847eee9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d29e7077f69b88a0108efeb7a2efe7e9
1958f83edeb8c6b68f17cead3fb5714f44e619eb
371f02a5b36ac3e52cc6c4e78f0980107a0f92105e79ee53278089ae5ff6de93
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a62e65-5d07-4259-aa47-d2491847eee9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10788
x-amzn-requestid: 8e1c8026-1eea-4eb0-810e-7ea43ed11f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyymWEsSoAMFykg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddcaf5-20fc23b535fa86f56a34fbae;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 03:03:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -OEG4deGxPaXCxA16sr4s2uAcDTWyzDoXgCkUdwluUiYL-z55VQKwA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 06:11:48 GMT
age: 25319
etag: "1958f83edeb8c6b68f17cead3fb5714f44e619eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
narayaniinterior.com/
200 OK 2.1 kB IP
ASN #27257 WEBAIR-INTERNET
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (2652)
Hash e134107b06fb466668135b7c812a7ab9
70cf7fe795862a24369ebfdc651ab837f20a79c6
960210c0812b0667424722e0f938edbb330061438d94742f754497c4911efebf
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata medium ET ADWARE_PUP Win32/Zonebac Traffic Redirect
POST / HTTP/1.1
Host: narayaniinterior.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Origin: http://narayaniinterior.com
Connection: keep-alive
Referer: http://narayaniinterior.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 07 Feb 2023 13:13:47 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6MjEsInRzIjoxNjc1Nzc1NjI3LCJoYXNoIjoiMjdmMDdhZDIifQ==;Expires=Tue, 07-Feb-2023 14:13:47 GMT;Max-Age=3600
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
ocsp.sectigo.com/
200 OK 472 B IP
Hash 952103a86d045593e6a8e2bc97229a54
0d82ddae98e0750efd42254909536b8ae5d50c73
1eabd8042a524e2bb49d2ace4feeaee7a999ef133d06ef863d2c80617ef9c0d5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:13:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 05 Feb 2023 19:25:47 GMT
Expires: Sun, 12 Feb 2023 19:25:46 GMT
Etag: "0d82ddae98e0750efd42254909536b8ae5d50c73"
Cache-Control: max-age=453717,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 795c628b9966b503-OSL
mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5XdKpm_iE5kp0Bgl2x4dItRG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stle8EJ5aQH9iIaU8pl79xrxti6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU1Apy7TE6BJMSSLAIB5vnWtP8NT6MqW7PupOtgu79-prRB0JGevnQCN1z7h2dU_ZDlwRxzuTO1g97uiWtgOio84qV32akvNuHnQCjq2kbGGZjIAj3VvI-zjyuRELvdHy_PbjQI9rFaBebx5pGvXUDXMnQH9TSBi40u3Urrmh7sovqxR14gZ1jZiC9JNmsnOs6OpydWu4kC4Bt6jDxvGonN7FNaJLxbqvz_Z6LLwl_7c-S0h8TBEG_CmGA-FX52jlzxGpNQsw_EcTPA2-4pmnDrtPu3CiLopE0Y0V2jWwolAPQVC15oxwX_cVCSuKG36TgBDc0kIkb8rBom0w5KOGrP9wtYMJWLoX9kzyFFrHH7TXmOGNG86cOXeJNAIYJ6-Zq3d9_Gb04AQ4vhBsdm-Uoxw3uexPMaCLW-98HEkXVwxZ58m7EwPRaOx3XFlPXAwTdxoJeHkfjD3Oz5ah1hM-kUtx0MYd_chr28JB6_ypSPnD0IRXPXChYqDq3L4_38rqpDykYu6gdDjn0XB2dLUf7tBZrY7u9F8HXfGAVxMG3aHfIHLn1ER3n2o_TvnYGEuM622P_9O0uryjI2P1B4T96FJZWUSaYHI96wT0UN23j-sZGk8B_hK5K70bzlA_iBCPKNOdf7xW_s3t5tBTa4Tk6oFWXiF28p42S0joqeT718dA5Lj92enpTsLVE30oOP2O7dnUWO3Rl7pyhrUXPWWqPbsCgSWmr-l4QLuw1m3Q20K48IyiVQ8GW0HQvqXX45pjO5VVbiBlmUp3jFx12eVG7GXH8ph0NZlyqbZP9KyeX04Vg9TInt0gvsH0Hh4BK3JJzv3psizMCwfpFpeI-plPX7FJd7UcNhP0wo70t0SXkQpH7qs3jf8UZWVhGNujUXYxtbJGwixX5rNew5O6A5Dnk5K6VXzf8qTCTCpOtgu79-prRB0JGevnQCNX4eJC7ZID-FVp83m43_NQeFVifG50aE_uF4CS_lLXA5UNgnHG5GLHf9Z7NzNDZlGhBTiwsyDRISt4Tdj9cP1zQWMxyPSBO21oshMIQXfoe9ehSWLswXRJCoY5n1kJYOHV_OIsskJPO4DiIUyA9kRyQ8uTRJu2mQVAGU2SLap3bSuDzGHnBut6DuCsDtY7-bjpjnDW67SQUfd9E1WRT3BM62u9GtxpjkxYJtnJCINJO6SWzdmvDwUtKe9tFETxepPRwbJOz07UP3EOWENBig7mAYgd38RiHi5G3hwX2utTwUudnlNv_TwFchRhdWq_xuP4vG9WT8pd3vQyFxq_3sle_IuEcosDWbj3Ict3DvP7MW0MG7XMxMX21roo-LGR6gdHh0n-HF7Kd_VJ1qCzE_mbROTGbWoSsuNAsYmHuj2RPqjSN-PpxenRskDWRucOZSKeLK2CXk5jM3Wz_pI3_0G3iZJ7oUoyrlfmWpQ72bc4t2OuhtpbN7grNlCwZX2dw9jxff-1LWX46P7a51NIz6QK-Sf0EeMdAFl7k3BFesUvpJjlmztbFDg0SHqzSk-KRg7qb2PPeTclojXmPyZ7KLga-yzkt54L1JiI8z1hX-jh2tlQEZUze64St6-gKIW275ciWmyic5LKRhjjq-D96pKbzXVyF1S08xmL9JvVDV9nj28eyFZqBb8sfqXeOtS6rR5gryv3vSzwTMt_LlA4QD7fmlv-9QrW5wtjlyOvXprOp78yFpQ-YaGZIapKDLAnR3ttiVn1SygvGRcigBBZlkLFUNyrlwDrh2BfX1BlYlFwEy7YRUkTGXDpW8fBFzE01Q4-E_7p2Z8DzyCvK_e9LPBMy38uUDhAPt-juh9TQsbaB0bIyFx9ml_n7nQJOAl8SDNJrWCKGIf0jk8dnbbOuFOtsL-N_H-Aa2lZQTfY-CquMVQq0XKmocOvaC6omTxX6fPoxdoWOeV2lVJQmRB2NaPz1t8bpBVauaFJfM-tGQ_DM2lWKvCa4UPp_LwJ-drUT3ef-FQSiOT7TsX3ieFdAY0CMNzS7jb1M-XQFfWt6W57QUUspq7wtPdfqhv59qFCtGCf8N_kXUvy_GKmKz7BDDjyhy9y78L18yXtPFX0srmNprl2fCPmakqOxAtYUiqlkDbdpsVf53G_xKaiYyd_Xz1U6kQ8F7QyDirxohismSxTa6fuFOdcAn_tpIvipwakG9ucQmzlLUIesbZqn_Ymhl0V_VOW25xhHP44bd0AZj9DT2A-HMCFBv-H6yALOowyu4k-7ICB2UmobdDRGMKE3J0pcgbAsIfjaRzpeWjjuGX_y1tp5u5QcUe_RekznNnl9EtoyEOp_uQSuZ5sFHrLeXSouwHlydn42ZKXRxkHMjMXJ3hfvB0a23Nd4K8r970s8EzLfy5QOEA-37v651Q7QxrEyYNb-iWwdA0
302 Found 0 B URL HTTP/2 mybettermb.com/aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5XdKpm_iE5kp0Bgl2x4dItRG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stle8EJ5aQH9iIaU8pl79xrxti6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU1Apy7TE6BJMSSLAIB5vnWtP8NT6MqW7PupOtgu79-prRB0JGevnQCN1z7h2dU_ZDlwRxzuTO1g97uiWtgOio84qV32akvNuHnQCjq2kbGGZjIAj3VvI-zjyuRELvdHy_PbjQI9rFaBebx5pGvXUDXMnQH9TSBi40u3Urrmh7sovqxR14gZ1jZiC9JNmsnOs6OpydWu4kC4Bt6jDxvGonN7FNaJLxbqvz_Z6LLwl_7c-S0h8TBEG_CmGA-FX52jlzxGpNQsw_EcTPA2-4pmnDrtPu3CiLopE0Y0V2jWwolAPQVC15oxwX_cVCSuKG36TgBDc0kIkb8rBom0w5KOGrP9wtYMJWLoX9kzyFFrHH7TXmOGNG86cOXeJNAIYJ6-Zq3d9_Gb04AQ4vhBsdm-Uoxw3uexPMaCLW-98HEkXVwxZ58m7EwPRaOx3XFlPXAwTdxoJeHkfjD3Oz5ah1hM-kUtx0MYd_chr28JB6_ypSPnD0IRXPXChYqDq3L4_38rqpDykYu6gdDjn0XB2dLUf7tBZrY7u9F8HXfGAVxMG3aHfIHLn1ER3n2o_TvnYGEuM622P_9O0uryjI2P1B4T96FJZWUSaYHI96wT0UN23j-sZGk8B_hK5K70bzlA_iBCPKNOdf7xW_s3t5tBTa4Tk6oFWXiF28p42S0joqeT718dA5Lj92enpTsLVE30oOP2O7dnUWO3Rl7pyhrUXPWWqPbsCgSWmr-l4QLuw1m3Q20K48IyiVQ8GW0HQvqXX45pjO5VVbiBlmUp3jFx12eVG7GXH8ph0NZlyqbZP9KyeX04Vg9TInt0gvsH0Hh4BK3JJzv3psizMCwfpFpeI-plPX7FJd7UcNhP0wo70t0SXkQpH7qs3jf8UZWVhGNujUXYxtbJGwixX5rNew5O6A5Dnk5K6VXzf8qTCTCpOtgu79-prRB0JGevnQCNX4eJC7ZID-FVp83m43_NQeFVifG50aE_uF4CS_lLXA5UNgnHG5GLHf9Z7NzNDZlGhBTiwsyDRISt4Tdj9cP1zQWMxyPSBO21oshMIQXfoe9ehSWLswXRJCoY5n1kJYOHV_OIsskJPO4DiIUyA9kRyQ8uTRJu2mQVAGU2SLap3bSuDzGHnBut6DuCsDtY7-bjpjnDW67SQUfd9E1WRT3BM62u9GtxpjkxYJtnJCINJO6SWzdmvDwUtKe9tFETxepPRwbJOz07UP3EOWENBig7mAYgd38RiHi5G3hwX2utTwUudnlNv_TwFchRhdWq_xuP4vG9WT8pd3vQyFxq_3sle_IuEcosDWbj3Ict3DvP7MW0MG7XMxMX21roo-LGR6gdHh0n-HF7Kd_VJ1qCzE_mbROTGbWoSsuNAsYmHuj2RPqjSN-PpxenRskDWRucOZSKeLK2CXk5jM3Wz_pI3_0G3iZJ7oUoyrlfmWpQ72bc4t2OuhtpbN7grNlCwZX2dw9jxff-1LWX46P7a51NIz6QK-Sf0EeMdAFl7k3BFesUvpJjlmztbFDg0SHqzSk-KRg7qb2PPeTclojXmPyZ7KLga-yzkt54L1JiI8z1hX-jh2tlQEZUze64St6-gKIW275ciWmyic5LKRhjjq-D96pKbzXVyF1S08xmL9JvVDV9nj28eyFZqBb8sfqXeOtS6rR5gryv3vSzwTMt_LlA4QD7fmlv-9QrW5wtjlyOvXprOp78yFpQ-YaGZIapKDLAnR3ttiVn1SygvGRcigBBZlkLFUNyrlwDrh2BfX1BlYlFwEy7YRUkTGXDpW8fBFzE01Q4-E_7p2Z8DzyCvK_e9LPBMy38uUDhAPt-juh9TQsbaB0bIyFx9ml_n7nQJOAl8SDNJrWCKGIf0jk8dnbbOuFOtsL-N_H-Aa2lZQTfY-CquMVQq0XKmocOvaC6omTxX6fPoxdoWOeV2lVJQmRB2NaPz1t8bpBVauaFJfM-tGQ_DM2lWKvCa4UPp_LwJ-drUT3ef-FQSiOT7TsX3ieFdAY0CMNzS7jb1M-XQFfWt6W57QUUspq7wtPdfqhv59qFCtGCf8N_kXUvy_GKmKz7BDDjyhy9y78L18yXtPFX0srmNprl2fCPmakqOxAtYUiqlkDbdpsVf53G_xKaiYyd_Xz1U6kQ8F7QyDirxohismSxTa6fuFOdcAn_tpIvipwakG9ucQmzlLUIesbZqn_Ymhl0V_VOW25xhHP44bd0AZj9DT2A-HMCFBv-H6yALOowyu4k-7ICB2UmobdDRGMKE3J0pcgbAsIfjaRzpeWjjuGX_y1tp5u5QcUe_RekznNnl9EtoyEOp_uQSuZ5sFHrLeXSouwHlydn42ZKXRxkHMjMXJ3hfvB0a23Nd4K8r970s8EzLfy5QOEA-37v651Q7QxrEyYNb-iWwdA0
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /aS/feedclick?s=HFz5zNIIs96fzq49jFkHXa3dDnCBF-q5XdKpm_iE5kp0Bgl2x4dItRG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stle8EJ5aQH9iIaU8pl79xrxti6czQKU3WjqWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU1Apy7TE6BJMSSLAIB5vnWtP8NT6MqW7PupOtgu79-prRB0JGevnQCN1z7h2dU_ZDlwRxzuTO1g97uiWtgOio84qV32akvNuHnQCjq2kbGGZjIAj3VvI-zjyuRELvdHy_PbjQI9rFaBebx5pGvXUDXMnQH9TSBi40u3Urrmh7sovqxR14gZ1jZiC9JNmsnOs6OpydWu4kC4Bt6jDxvGonN7FNaJLxbqvz_Z6LLwl_7c-S0h8TBEG_CmGA-FX52jlzxGpNQsw_EcTPA2-4pmnDrtPu3CiLopE0Y0V2jWwolAPQVC15oxwX_cVCSuKG36TgBDc0kIkb8rBom0w5KOGrP9wtYMJWLoX9kzyFFrHH7TXmOGNG86cOXeJNAIYJ6-Zq3d9_Gb04AQ4vhBsdm-Uoxw3uexPMaCLW-98HEkXVwxZ58m7EwPRaOx3XFlPXAwTdxoJeHkfjD3Oz5ah1hM-kUtx0MYd_chr28JB6_ypSPnD0IRXPXChYqDq3L4_38rqpDykYu6gdDjn0XB2dLUf7tBZrY7u9F8HXfGAVxMG3aHfIHLn1ER3n2o_TvnYGEuM622P_9O0uryjI2P1B4T96FJZWUSaYHI96wT0UN23j-sZGk8B_hK5K70bzlA_iBCPKNOdf7xW_s3t5tBTa4Tk6oFWXiF28p42S0joqeT718dA5Lj92enpTsLVE30oOP2O7dnUWO3Rl7pyhrUXPWWqPbsCgSWmr-l4QLuw1m3Q20K48IyiVQ8GW0HQvqXX45pjO5VVbiBlmUp3jFx12eVG7GXH8ph0NZlyqbZP9KyeX04Vg9TInt0gvsH0Hh4BK3JJzv3psizMCwfpFpeI-plPX7FJd7UcNhP0wo70t0SXkQpH7qs3jf8UZWVhGNujUXYxtbJGwixX5rNew5O6A5Dnk5K6VXzf8qTCTCpOtgu79-prRB0JGevnQCNX4eJC7ZID-FVp83m43_NQeFVifG50aE_uF4CS_lLXA5UNgnHG5GLHf9Z7NzNDZlGhBTiwsyDRISt4Tdj9cP1zQWMxyPSBO21oshMIQXfoe9ehSWLswXRJCoY5n1kJYOHV_OIsskJPO4DiIUyA9kRyQ8uTRJu2mQVAGU2SLap3bSuDzGHnBut6DuCsDtY7-bjpjnDW67SQUfd9E1WRT3BM62u9GtxpjkxYJtnJCINJO6SWzdmvDwUtKe9tFETxepPRwbJOz07UP3EOWENBig7mAYgd38RiHi5G3hwX2utTwUudnlNv_TwFchRhdWq_xuP4vG9WT8pd3vQyFxq_3sle_IuEcosDWbj3Ict3DvP7MW0MG7XMxMX21roo-LGR6gdHh0n-HF7Kd_VJ1qCzE_mbROTGbWoSsuNAsYmHuj2RPqjSN-PpxenRskDWRucOZSKeLK2CXk5jM3Wz_pI3_0G3iZJ7oUoyrlfmWpQ72bc4t2OuhtpbN7grNlCwZX2dw9jxff-1LWX46P7a51NIz6QK-Sf0EeMdAFl7k3BFesUvpJjlmztbFDg0SHqzSk-KRg7qb2PPeTclojXmPyZ7KLga-yzkt54L1JiI8z1hX-jh2tlQEZUze64St6-gKIW275ciWmyic5LKRhjjq-D96pKbzXVyF1S08xmL9JvVDV9nj28eyFZqBb8sfqXeOtS6rR5gryv3vSzwTMt_LlA4QD7fmlv-9QrW5wtjlyOvXprOp78yFpQ-YaGZIapKDLAnR3ttiVn1SygvGRcigBBZlkLFUNyrlwDrh2BfX1BlYlFwEy7YRUkTGXDpW8fBFzE01Q4-E_7p2Z8DzyCvK_e9LPBMy38uUDhAPt-juh9TQsbaB0bIyFx9ml_n7nQJOAl8SDNJrWCKGIf0jk8dnbbOuFOtsL-N_H-Aa2lZQTfY-CquMVQq0XKmocOvaC6omTxX6fPoxdoWOeV2lVJQmRB2NaPz1t8bpBVauaFJfM-tGQ_DM2lWKvCa4UPp_LwJ-drUT3ef-FQSiOT7TsX3ieFdAY0CMNzS7jb1M-XQFfWt6W57QUUspq7wtPdfqhv59qFCtGCf8N_kXUvy_GKmKz7BDDjyhy9y78L18yXtPFX0srmNprl2fCPmakqOxAtYUiqlkDbdpsVf53G_xKaiYyd_Xz1U6kQ8F7QyDirxohismSxTa6fuFOdcAn_tpIvipwakG9ucQmzlLUIesbZqn_Ymhl0V_VOW25xhHP44bd0AZj9DT2A-HMCFBv-H6yALOowyu4k-7ICB2UmobdDRGMKE3J0pcgbAsIfjaRzpeWjjuGX_y1tp5u5QcUe_RekznNnl9EtoyEOp_uQSuZ5sFHrLeXSouwHlydn42ZKXRxkHMjMXJ3hfvB0a23Nd4K8r970s8EzLfy5QOEA-37v651Q7QxrEyYNb-iWwdA0 HTTP/1.1
Host: mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://narayaniinterior.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 07 Feb 2023 13:13:48 GMT
content-length: 0
set-cookie: rhid=82840125178; Max-Age=15552000; Expires=Sun, 06-Aug-2023 13:13:48 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
location: https://p226681.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCCK6XhOcDIO7FHjPav-29I0v8mt3MBHEByfxXfTe18a_EPNTXr0lOQcXlRZNI7ZINehBLjiBc9WCvlbyKAorsOw2cWTYWSlg3yPw9AZo9wQs3FWWgy-gjSakQxz5zj-EMED-9tYrF6BohQSVn4g4llHkSgBa1v3DFJJOdxtl2KVcrCmWbN7NadrkyG7tnZtfaXYIjd65YiPXhZ9svY5MnnyX49KSyZi5_bZzGgg55Y8R29XKOU0DIQVje-kVjuzCCF1-rmW514giOL9QjdL2C7T6qHGgxL7YnimxVxlhF9ecdBxkSytkXpaL3mOHV81MvB1-UXwE2tklp4ivWJ0w7lIxc_D5NoFRknWX_IJNBIO4PWC3GeXYotC2mbZiI05qbTP5yQyVbhrWXJFzDye1y45Wtv7M35tZ8RteW712gjZbjON-LTRSHwmMuoYpUu7irJNHsDjzDKSjhSNWAMW2enxbsStvWsvCSgKnZ-dp0XkJEwBP2jh3OwcZnRdceqXj9GE87tMUidTcvBNghnXOx151nVyQs9c-6YGbzzdbYqCkaoBBNH-RY4dhaY9XBHTA5p_bYqb7WI6hZan_-uJdGeoacsv2DdGELaS0mZqWq1h1gryv3vSzwTMt_LlA4QD7fn4VbuqZVastAUgheKjLQ6KwCMoixrppYiK6XhOcDIO7FHjPav-29I0wgLeAnQmwA7-e4D2chURnvG3s6trWe41sXWa4uJcFiCKVm5_UPx_RjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukNsXWa4uJcFiDWR5Yygu2NmW7zTM47UxodeVrCGUTSWvv39y4LQ07IF535MkGuWCX0uIy39X1jplw&si=1&oref=719a28ec4967c52eeeea3941440c49bc&optunit=gryv3vSzwTMt_LlA4QD7fq0rozPkVpWr&rb=1ZyYK3O6-3U&rr=1&abtg=0
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 29babef67b996e27124f4aced254cf4e
d2dac9ec66a792cd81ff4594c973aff28394fc13
608f96ee0048d5b97ede5b66cc392f4040d358b8dd855876df1ff0c404f56723
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "608F96EE0048D5B97EDE5B66CC392F4040D358B8DD855876DF1FF0C404F56723"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8112
Expires: Tue, 07 Feb 2023 15:29:01 GMT
Date: Tue, 07 Feb 2023 13:13:49 GMT
Connection: keep-alive
qvikar.com/symantec/security/414230543
302 Found 0 B URL HTTP/2 qvikar.com/symantec/security/414230543
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /symantec/security/414230543 HTTP/1.1
Host: qvikar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.clkmg.com/qvikar/symantec/security/414230543/
vary: User-Agent
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 07 Feb 2023 13:13:49 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash 524cc4409137a1a9fad06ebfe5c084b0
1cb97d95e9ac1f216e345e6be4288c7d3638bdfa
12df6b5ef1460465041a12f5023b4475845515d1187465ada66ff98515f0b350
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:13:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 11 Feb 2023 10:33:46 GMT
ETag: "1cb97d95e9ac1f216e345e6be4288c7d3638bdfa"
Last-Modified: Tue, 07 Feb 2023 10:33:47 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3178
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795c6296eb60b529-OSL
www.clkmg.com/qvikar/symantec/security/414230543/
302 Found 252 B URL HTTP/1.1 www.clkmg.com/qvikar/symantec/security/414230543/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f8e0d84321b2e3784347d18576532a0c
4618d65b989caf526cdd39434e52a42c74dd93ec
f886f67905fa02b7c13894be500f5a1736fe20542e0a57561444ce84be3824a5
GET /qvikar/symantec/security/414230543/ HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Tue, 07 Feb 2023 13:13:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 252
Connection: keep-alive
P3P: CP="This is not a P3P policy! See https://www.clkmg.com for more info."
Set-Cookie: alc=1; domain=.clkmg.com; expires=Tue Feb 7 13:13:55 2023; path=/;
lids=1537844-154434+; domain=.clkmg.com; expires=Wed Feb 7 13:13:50 2024; path=/;
Location: https://www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
X-CM-FE: httpfe-01.clickmagick.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
200 OK 1.4 kB URL HTTP/1.1 www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash fbf6005663528fbffb7fdf9c8fa995bc
de4dc1559fd1bd3026d94887738125a83b4012b6
972ee94dbdbea4c5e3a75afbb7d2b5ee9dd6e5558b8d09603491b51b7ccbb704
GET /err/?u=qvikar&l=symantec&s=A&e=403 HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: lids=1537844-154434+
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:13:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="This is not a P3P policy! See http://www.clkmg.com for more info."
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
X-CM-FE: httpfe-01.clickmagick.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash db04f66c66f638536813e6ed91bf8ed0
6849d86c2ba75db7822a1138fcf776d053c36c14
a01b555130a42b364dc658517daf9807aee785819eb8706808a8ccacd03c8cbc
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:13:50 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 11 Feb 2023 12:05:31 GMT
ETag: "6849d86c2ba75db7822a1138fcf776d053c36c14"
Last-Modified: Tue, 07 Feb 2023 12:05:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1294
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795c629a885cb529-OSL
cdn.clickmagick.com/images/logo.gif
200 OK 4.3 kB URL HTTP/2 cdn.clickmagick.com/images/logo.gif
IP
File type GIF image data, version 89a, 300 x 64\012- data
Hash 1bfe88368945f71f6b145f8fdc431c3f
2650030369e5c327d5eaf4a6b9fd175786bda751
b069053ff474120a849ba3e9f1d4110f4311608883e9ec1cdbe68e1b181dcc73
GET /images/logo.gif HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 4252
date: Sat, 04 Feb 2023 19:01:04 GMT
last-modified: Wed, 27 Jul 2022 23:18:29 GMT
etag: "62e1c7c5-109c"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
expires: Fri, 05 May 2023 19:01:04 GMT
cache-control: max-age=7776000, public, no-transform
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: g1C_WGl6JUuGVoNRxAuCIDK-xnYInwX08AhUTg5CtsYNIm5c_Gg3EA==
age: 238366
x-robots-tag: noindex
X-Firefox-Spdy: h2
cdn.clkmg.com/misc/css/style.css
200 OK 4.5 kB URL HTTP/1.1 cdn.clkmg.com/misc/css/style.css
IP
Hash e540f61448a0e598774be6738463a0c5
75c83228491705c9a412383803decd6878c3f163
263bd19121ab72d1db5109850141dd62598ee8d4240b4cbfb3bce40a85c5da3c
GET /misc/css/style.css HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: lids=1537844-154434+
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 4498
Connection: keep-alive
Last-Modified: Sat, 06 Aug 2022 19:05:46 GMT
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Accept-Ranges: bytes
Date: Tue, 07 Feb 2023 01:39:49 GMT
Expires: Thu, 09 Mar 2023 01:39:49 GMT
Cache-Control: max-age=2592000, public, no-transform
ETag: "62eebb8a-1192"
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dTbHRYaKYUncj0q83GDBzs9in0QGBO86txlRWdtRQcKFyrH7UQm06Q==
Age: 41641
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
cdn.clkmg.com/images/spacer.gif
200 OK 43 B URL HTTP/1.1 cdn.clkmg.com/images/spacer.gif
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /images/spacer.gif HTTP/1.1
Host: cdn.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/
Cookie: lids=1537844-154434+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Date: Mon, 09 Jan 2023 02:31:58 GMT
Last-Modified: Thu, 23 Feb 2017 23:21:15 GMT
ETag: "58af6e6b-2b"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Sun, 09 Apr 2023 02:31:58 GMT
Cache-Control: max-age=7776000, public, no-transform
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3KPHqFVqZUc7e-w3sXdiW69aufV6BShPz6mEanBiRdsfP72uxJU7Pw==
Age: 2544112
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff
200 OK 149 kB URL HTTP/2 cdn.clickmagick.com/misc/fonts/website/v3/Inter-Regular.woff
IP
File type Web Open Font Format, TrueType, length 149344, version 0.0\012- data
Size 149 kB (149344 bytes)
Hash ea2c76b525641c2051cdf7d930e465ba
b3ffc2515b8429e92540e084fd6011f32b8df368
6ab2042219a7bbc2f5523d61ad24c9f1e3627f2cbb891669d981da8bb019c11e
GET /misc/fonts/website/v3/Inter-Regular.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cdn.clkmg.com/
Origin: https://www.clkmg.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 149344
date: Tue, 07 Feb 2023 03:00:29 GMT
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
etag: "62b337ab-24760"
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
x-cm-fe: httpfe-01.clickmagick.com
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Qsm-BCbLFGMsni3bn_Afy_T90dE_i8KMuPUeKSyl6G4896jtrAJ7_w==
age: 36801
x-robots-tag: noindex
X-Firefox-Spdy: h2
cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff
200 OK 158 kB URL HTTP/2 cdn.clickmagick.com/misc/fonts/website/v3/Inter-Medium.woff
IP
File type Web Open Font Format, TrueType, length 157888, version 0.0\012- data
Size 158 kB (157888 bytes)
Hash 6b5a42f0603ea013e7099c2160e007e7
1a817b28d15fba7537a6ac0ed28126589062f303
860f80f683dd2cca3acc4680a798cd8a1a8dd8d6a0e18312692d9504f3792242
GET /misc/fonts/website/v3/Inter-Medium.woff HTTP/1.1
Host: cdn.clickmagick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://cdn.clkmg.com/
Origin: https://www.clkmg.com
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/font-woff
content-length: 157888
last-modified: Wed, 22 Jun 2022 15:39:23 GMT
server: nginx
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 300
x-cm-fe: httpfe-02.clickmagick.com
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
accept-ranges: bytes
date: Tue, 07 Feb 2023 12:57:09 GMT
etag: "62b337ab-268c0"
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lUIvSqs-SXPjM9TpygixBvo7nrwFx6g549B0UHRsQdZrlrZyzy-iFA==
age: 21061
x-robots-tag: noindex
X-Firefox-Spdy: h2
www.clkmg.com/favicon.ico
200 OK 78 B URL HTTP/1.1 www.clkmg.com/favicon.ico
IP
File type MS Windows icon resource - 1 icon, 1x1, 2 colors\012- data
Hash c9e1efa761b83f4a25a07dc85c207f95
7c1df040d4119e1c1b4f875c362f363ad1f6ba13
91634633ca6d34044c356a9a0baa832f1927d8326e1ae1a95af22b864d30dd7f
GET /favicon.ico HTTP/1.1
Host: www.clkmg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clkmg.com/err/?u=qvikar&l=symantec&s=A&e=403
Cookie: lids=1537844-154434+
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 07 Feb 2023 13:13:50 GMT
Content-Type: image/x-icon
Content-Length: 78
Last-Modified: Thu, 21 Apr 2022 16:32:44 GMT
Connection: keep-alive
ETag: "6261872c-4e"
Server: nginx
X-Permitted-Cross-Domain-Policies: none
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 300
Expires: Thu, 09 Mar 2023 13:13:50 GMT
Pragma: public
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
p226681.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCCK6XhOcDIO7FHjPav-29I0v8mt3MBHEByfxXfTe18a_EPNTXr0lOQcXlRZNI7ZINehBLjiBc9WCvlbyKAorsOw2cWTYWSlg3yPw9AZo9wQs3FWWgy-gjSakQxz5zj-EMED-9tYrF6BohQSVn4g4llHkSgBa1v3DFJJOdxtl2KVcrCmWbN7NadrkyG7tnZtfaXYIjd65YiPXhZ9svY5MnnyX49KSyZi5_bZzGgg55Y8R29XKOU0DIQVje-kVjuzCCF1-rmW514giOL9QjdL2C7T6qHGgxL7YnimxVxlhF9ecdBxkSytkXpaL3mOHV81MvB1-UXwE2tklp4ivWJ0w7lIxc_D5NoFRknWX_IJNBIO4PWC3GeXYotC2mbZiI05qbTP5yQyVbhrWXJFzDye1y45Wtv7M35tZ8RteW712gjZbjON-LTRSHwmMuoYpUu7irJNHsDjzDKSjhSNWAMW2enxbsStvWsvCSgKnZ-dp0XkJEwBP2jh3OwcZnRdceqXj9GE87tMUidTcvBNghnXOx151nVyQs9c-6YGbzzdbYqCkaoBBNH-RY4dhaY9XBHTA5p_bYqb7WI6hZan_-uJdGeoacsv2DdGELaS0mZqWq1h1gryv3vSzwTMt_LlA4QD7fn4VbuqZVastAUgheKjLQ6KwCMoixrppYiK6XhOcDIO7FHjPav-29I0wgLeAnQmwA7-e4D2chURnvG3s6trWe41sXWa4uJcFiCKVm5_UPx_RjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukNsXWa4uJcFiDWR5Yygu2NmW7zTM47UxodeVrCGUTSWvv39y4LQ07IF535MkGuWCX0uIy39X1jplw&si=1&oref=719a28ec4967c52eeeea3941440c49bc&optunit=gryv3vSzwTMt_LlA4QD7fq0rozPkVpWr&rb=1ZyYK3O6-3U&rr=1&abtg=0
200 OK 0 B URL HTTP/2 p226681.mybettermb.com/adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCCK6XhOcDIO7FHjPav-29I0v8mt3MBHEByfxXfTe18a_EPNTXr0lOQcXlRZNI7ZINehBLjiBc9WCvlbyKAorsOw2cWTYWSlg3yPw9AZo9wQs3FWWgy-gjSakQxz5zj-EMED-9tYrF6BohQSVn4g4llHkSgBa1v3DFJJOdxtl2KVcrCmWbN7NadrkyG7tnZtfaXYIjd65YiPXhZ9svY5MnnyX49KSyZi5_bZzGgg55Y8R29XKOU0DIQVje-kVjuzCCF1-rmW514giOL9QjdL2C7T6qHGgxL7YnimxVxlhF9ecdBxkSytkXpaL3mOHV81MvB1-UXwE2tklp4ivWJ0w7lIxc_D5NoFRknWX_IJNBIO4PWC3GeXYotC2mbZiI05qbTP5yQyVbhrWXJFzDye1y45Wtv7M35tZ8RteW712gjZbjON-LTRSHwmMuoYpUu7irJNHsDjzDKSjhSNWAMW2enxbsStvWsvCSgKnZ-dp0XkJEwBP2jh3OwcZnRdceqXj9GE87tMUidTcvBNghnXOx151nVyQs9c-6YGbzzdbYqCkaoBBNH-RY4dhaY9XBHTA5p_bYqb7WI6hZan_-uJdGeoacsv2DdGELaS0mZqWq1h1gryv3vSzwTMt_LlA4QD7fn4VbuqZVastAUgheKjLQ6KwCMoixrppYiK6XhOcDIO7FHjPav-29I0wgLeAnQmwA7-e4D2chURnvG3s6trWe41sXWa4uJcFiCKVm5_UPx_RjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukNsXWa4uJcFiDWR5Yygu2NmW7zTM47UxodeVrCGUTSWvv39y4LQ07IF535MkGuWCX0uIy39X1jplw&si=1&oref=719a28ec4967c52eeeea3941440c49bc&optunit=gryv3vSzwTMt_LlA4QD7fq0rozPkVpWr&rb=1ZyYK3O6-3U&rr=1&abtg=0
IP
GET /adServe/domainClick?ai=zHPR75Zx-onygYaeN_ogCCK6XhOcDIO7FHjPav-29I0v8mt3MBHEByfxXfTe18a_EPNTXr0lOQcXlRZNI7ZINehBLjiBc9WCvlbyKAorsOw2cWTYWSlg3yPw9AZo9wQs3FWWgy-gjSakQxz5zj-EMED-9tYrF6BohQSVn4g4llHkSgBa1v3DFJJOdxtl2KVcrCmWbN7NadrkyG7tnZtfaXYIjd65YiPXhZ9svY5MnnyX49KSyZi5_bZzGgg55Y8R29XKOU0DIQVje-kVjuzCCF1-rmW514giOL9QjdL2C7T6qHGgxL7YnimxVxlhF9ecdBxkSytkXpaL3mOHV81MvB1-UXwE2tklp4ivWJ0w7lIxc_D5NoFRknWX_IJNBIO4PWC3GeXYotC2mbZiI05qbTP5yQyVbhrWXJFzDye1y45Wtv7M35tZ8RteW712gjZbjON-LTRSHwmMuoYpUu7irJNHsDjzDKSjhSNWAMW2enxbsStvWsvCSgKnZ-dp0XkJEwBP2jh3OwcZnRdceqXj9GE87tMUidTcvBNghnXOx151nVyQs9c-6YGbzzdbYqCkaoBBNH-RY4dhaY9XBHTA5p_bYqb7WI6hZan_-uJdGeoacsv2DdGELaS0mZqWq1h1gryv3vSzwTMt_LlA4QD7fn4VbuqZVastAUgheKjLQ6KwCMoixrppYiK6XhOcDIO7FHjPav-29I0wgLeAnQmwA7-e4D2chURnvG3s6trWe41sXWa4uJcFiCKVm5_UPx_RjhdEqJB6Nj2XmDvYXWw9hp-qFZn5gpnPqtE9sbJicJwX2fEbVjxB9kp2QAzznS8_6fjhgUFt3sQISiZ3D8mF7LCm2HeI0S938_gGwpSXr3tSAMcY_H2x07HFovOGSDpNKiXhLmiyflhHQ2DhJtv57AionTQ8bleb&ui=HFz5zNIIs96fzq49jFkHXcQzYObQGwwU7xf6tdOZukNsXWa4uJcFiDWR5Yygu2NmW7zTM47UxodeVrCGUTSWvv39y4LQ07IF535MkGuWCX0uIy39X1jplw&si=1&oref=719a28ec4967c52eeeea3941440c49bc&optunit=gryv3vSzwTMt_LlA4QD7fq0rozPkVpWr&rb=1ZyYK3O6-3U&rr=1&abtg=0 HTTP/1.1
Host: p226681.mybettermb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://narayaniinterior.com/
Connection: keep-alive
Cookie: rhid=82840125178
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 07 Feb 2023 13:13:48 GMT
content-type: text/html;charset=ISO-8859-1
vary: Accept-Encoding
set-cookie: rhid=82840125178; Max-Age=15552000; Expires=Sun, 06-Aug-2023 13:13:48 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
loi=ad_857954_off_361683_aff_11454_cid_226681-NARAYANIINTERIOR.COM_ts_1675775628; Max-Age=3600; Expires=Tue, 07-Feb-2023 14:13:48 GMT; Domain=mybettermb.com; Path=/; SameSite=None; secure;
content-encoding: gzip
X-Firefox-Spdy: h2
74.206.228.78
104.18.32.68
23.33.119.27