firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 02:42:45 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RpKlGdaMa9mWhOkO-oIcM-N8NGFQa2xtgvJE3GmEbOmeulh0xXOSnw==
Age: 2157
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13041
Expires: Sat, 03 Sep 2022 06:56:04 GMT
Date: Sat, 03 Sep 2022 03:18:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ss3wpOhXOrMKITaRBXT_F4Rj4KCDYutgIrzQJM8YQ8Z4UP0xoV7XDw==
age: 7406
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
sgassocites.com/
200 OK 100 kB IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047)
Size 100 kB (100527 bytes)
Hash c5eeb152939ca43aa13d8b59ee176d84
71f50a06cd45e3dde3837c51cedcf9ef89d99241
f1454034b7dff041eca83af83657fb36efda069a554c304724875f4a488b8799
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:42 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
sgassocites.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6
200 OK 2.7 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6
IP
ASN #209737 Meric Internet Teknolojileri A.S.
Hash e6fae855021a88a0067fcc58121c594f
6299ac3987b5e81725781799dad361d19ac3b99d
e50f9ccd2d6582a58ba1879fa578e60d25fea4c5eedc07deafd14482b2403181
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2022 08:52:51 GMT
Accept-Ranges: bytes
Content-Length: 2731
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
sgassocites.com/wp-content/themes/construction-light/assets/library/owlcarousel/css/owl.carousel.min.css?ver=6.0.2
200 OK 3.4 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/library/owlcarousel/css/owl.carousel.min.css?ver=6.0.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (3184)
Hash b2752a850d44f50036628eeaef3bfcfa
fba46353cf90450ef3d362a123f1e7af3e8c561e
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
GET /wp-content/themes/construction-light/assets/library/owlcarousel/css/owl.carousel.min.css?ver=6.0.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 3351
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
sgassocites.com/wp-content/themes/construction-light/assets/library/magnific-popup/magnefic.min.css?ver=6.0.2
200 OK 5.3 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/library/magnific-popup/magnefic.min.css?ver=6.0.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (5172), with CRLF line terminators
Hash 47fe5f782fbbaf282b0e67beec17709f
f8a08c0e26bbddb253357fc3ce6fd460a6b46cdd
704d68deda618a915ba6bc39e727e96b251742ea3384f09f0d2dfb7c650a6149
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/assets/library/magnific-popup/magnefic.min.css?ver=6.0.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 5284
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
sgassocites.com/wp-content/plugins/gutentor/assets/library/animatecss/animate.min.css?ver=3.7.2
200 OK 58 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/gutentor/assets/library/animatecss/animate.min.css?ver=3.7.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (57919), with CRLF line terminators
Hash 43d6b8fdf324505f0ceb7ea698d0b7a5
5fab2ff7884f74beb235ae1382a647cbd4491f3a
4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gutentor/assets/library/animatecss/animate.min.css?ver=3.7.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2022 08:53:08 GMT
Accept-Ranges: bytes
Content-Length: 58139
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
sgassocites.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
200 OK 89 kB URL HTTP/1.1 sgassocites.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (43771)
Hash b7915926fe42d76e9c802353ab01dae4
3a8192a4312f25f53de25b100d62829c0f14d67c
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2022 03:52:42 GMT
Accept-Ranges: bytes
Content-Length: 88932
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/css/all.min.css?ver=5.12.0
200 OK 57 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/css/all.min.css?ver=5.12.0
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (56994), with CRLF line terminators
Hash cb48443d20b81eb897ecd468a07b9b93
123ced2b72d2a4f49f93fcbf6b858a449edec74b
74d66add22660b12e57cf4a9e1c2fe4fcc8708e052ec75b62b1e9428968fc90d
GET /wp-content/plugins/gutentor/assets/library/fontawesome/css/all.min.css?ver=5.12.0 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2022 08:53:08 GMT
Accept-Ranges: bytes
Content-Length: 57184
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
sgassocites.com/wp-content/themes/construction-light/assets/css/responsive.css?ver=6.0.2
200 OK 7.8 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/css/responsive.css?ver=6.0.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with CRLF line terminators
Hash c7b8850c1f57bc853e9d76791b41be6f
e87e1ceffbbe7e95b22890de34e9b94de60fce08
449101a0d80f96967d9556663883fb1f70b85dc643ca94a3b87efd34e139fe29
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/assets/css/responsive.css?ver=6.0.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Fri, 26 Mar 2021 10:59:10 GMT
Accept-Ranges: bytes
Content-Length: 7812
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
sgassocites.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
200 OK 19 kB URL HTTP/1.1 sgassocites.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (16368)
Hash 985f5ca53b2624ee126ff774b888ee07
57d0f05ff03fba9ecf52c13a9aed885b635e3e7f
b85976dfe10ce7e71b07d02ecc20c145275419adb0358b7a56add6ba44e4fb6f
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 20 Aug 2022 10:26:23 GMT
Accept-Ranges: bytes
Content-Length: 19325
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/themes/construction-light/inc/mobile-menu/mobile-menu.css?ver=1
200 OK 4.7 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/inc/mobile-menu/mobile-menu.css?ver=1
IP
ASN #209737 Meric Internet Teknolojileri A.S.
Hash d32407d41ea55c437481ab1b73d0faba
b02c613c839c90f502a1bace2756ef628e9ff128
e10ca5ada9a678cb23b18445941485219c8c4690dee3631ce4bd31da4b57d56b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/inc/mobile-menu/mobile-menu.css?ver=1 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Tue, 19 Oct 2021 09:03:04 GMT
Accept-Ranges: bytes
Content-Length: 4720
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 03:18:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sgassocites.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 12 kB URL HTTP/1.1 sgassocites.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (11834)
Hash b93febd5e182adb5f996e5c3d83e7326
21efd832d5cb3e1223a354582cb22932762a0f6e
d29fee3f414882d4f5d907154e681338b0c5519392ca592b36ca51f37716bf12
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Mon, 22 Aug 2022 14:08:10 GMT
Accept-Ranges: bytes
Content-Length: 11932
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
200 OK 5.6 kB URL HTTP/1.1 sgassocites.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (5477)
Hash 3a56752b736635bf69cb069b8818cbfd
42e0951fe74bb3f56a30f51291823bcd4a84d76e
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2022 03:52:42 GMT
Accept-Ranges: bytes
Content-Length: 5629
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/themes/construction-light/assets//library/waypoints/waypoints.min.js?ver=1
200 OK 9.8 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets//library/waypoints/waypoints.min.js?ver=1
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (9593), with CRLF line terminators
Hash 7b6a30acea3f0940e5365999a51c666f
148f51becbaa173df94cfdf2c50b0326d2bbc5d8
c2e0f154043b115eb914473988938c7f3d426c9df52174dd95d0495a2ff564b3
GET /wp-content/themes/construction-light/assets//library/waypoints/waypoints.min.js?ver=1 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 9836
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/themes/construction-light/style.css?ver=6.0.2
200 OK 137 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/style.css?ver=6.0.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (1443)
Size 137 kB (137292 bytes)
Hash 08864ca0d2dd3108a699a865019ad1fd
44f0373d38386b4b29037e5da55b12417b3f3636
9d88337a53e52bf000051a17aa2a1ad5697e98404276f5ba90a768181596324c
GET /wp-content/themes/construction-light/style.css?ver=6.0.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Thu, 25 Nov 2021 04:41:38 GMT
Accept-Ranges: bytes
Content-Length: 137292
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
sgassocites.com/wp-content/themes/construction-light/assets/library/counter/jquery.counterup.min.js?ver=1
200 OK 2.9 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/library/counter/jquery.counterup.min.js?ver=1
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (2702), with CRLF line terminators
Hash 8d7ff23ff85f5aef0e1c632bb6c75fa1
848ed42035009c54b888ef900cf5374692406d01
43348179c9254919b2f3e023a66778b65118787b07e58ae639aba581bdf3824e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/assets/library/counter/jquery.counterup.min.js?ver=1 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 2859
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
200 OK 95 kB URL HTTP/1.1 sgassocites.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (60082)
Hash c1655d5d8dc31695a70982c3f955081b
d1075c9e704f48fcb6fb7d4ab11d13fe5a183d11
fc16a74a2b3623ce597f8ab3d3f4f7643d4396f7445a54bdc77f15da9a31e34d
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Fri, 02 Sep 2022 09:44:53 GMT
Accept-Ranges: bytes
Content-Length: 94886
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/themes/construction-light/assets/js/construction-light.js?ver=1
200 OK 21 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/js/construction-light.js?ver=1
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (1788), with CRLF line terminators
Hash 3cd226032900ba15140524666987b8f8
dbd4df066f3c3721042996b067c7cf784ca1087e
3d3dc1020103db04e8d5e82532508b613ff9ffd181661dece3646695847998fd
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/assets/js/construction-light.js?ver=1 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Mon, 18 Oct 2021 09:08:58 GMT
Accept-Ranges: bytes
Content-Length: 20688
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-includes/js/masonry.min.js?ver=4.2.2
200 OK 24 kB URL HTTP/1.1 sgassocites.com/wp-includes/js/masonry.min.js?ver=4.2.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (23966)
Hash 3b3fc826e58fc554108e4a651c9c7848
76778fd446e2ff2377588a7b4ac4d79f258427c9
e00add38134eac2fb8e8e9c09cbfff7bbe57952b210322eb2eecb0a21fc055eb
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2022 03:52:42 GMT
Accept-Ranges: bytes
Content-Length: 24138
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/themes/construction-light/inc/mobile-menu/navigation.js?ver=1
200 OK 25 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/inc/mobile-menu/navigation.js?ver=1
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (1786)
Hash f4742a46030d97033ffb0ec2c4264e6d
04680886f67f1ce8db58f04f2e61b6c6f522fad7
6ce50e5acc321bbb3bd1901abf81de22cf15f3a83b46edbc1a1c543c744964e3
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/inc/mobile-menu/navigation.js?ver=1 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Thu, 28 Jan 2021 04:50:36 GMT
Accept-Ranges: bytes
Content-Length: 25029
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/themes/construction-light/assets/library/bootstrap/css/bootstrap.min.css?ver=6.0.2
200 OK 156 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/library/bootstrap/css/bootstrap.min.css?ver=6.0.2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (65324)
Size 156 kB (155758 bytes)
Hash 4515ffede259a770015261fb1ee5cf49
2b678e0d136a92d8e13f556aac491140dceaf4dd
26746c2a4045b86af00989b08fc695ddbaece4cd7a0ab700920ed9fa190e6d9f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/assets/library/bootstrap/css/bootstrap.min.css?ver=6.0.2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 155758
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
sgassocites.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
200 OK 6.5 kB URL HTTP/1.1 sgassocites.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (6475), with no line terminators
Hash 61449413a42d2daaa79dbe7298b40e21
d86c474164c603084397bdc50fb0e469d28b5772
f30769ea0b80a5d900c5f0de30b1aad1ab461195e69223d5ef63c2c5de8b6c1a
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2022 03:52:42 GMT
Accept-Ranges: bytes
Content-Length: 6475
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
200 OK 19 kB URL HTTP/1.1 sgassocites.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type Unicode text, UTF-8 text, with very long lines (19138), with no line terminators
Hash 57459b58fd7665a5e20b2345463df9c9
71c3b177ad1412d5e0b56d99f18bc345148df88b
6fecb89a29ee2bd397bb1bf58ecaa530a76f0654db71fadefd3cc70b0bc302bf
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2022 03:52:42 GMT
Accept-Ranges: bytes
Content-Length: 19142
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6
200 OK 12 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type HTML document, ASCII text, with very long lines (11505), with no line terminators
Hash 2f7718bfcec3d5f244ab4a48627c19c1
02250d9becb40644f131beddabea0c438d3dd897
24c480538d2f02c812753647e25f7100f52fa008ea0b8f1f47482816b510a69b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2022 08:52:51 GMT
Accept-Ranges: bytes
Content-Length: 11505
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/plugins/gutentor/assets/library/wow/wow.min.js?ver=1.2.1
200 OK 9.9 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/gutentor/assets/library/wow/wow.min.js?ver=1.2.1
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (9884)
Hash 174a636eaa2a858167910998a0d36617
a17c564bd8cfae3b6ddc07ee1075e3a2e680822e
15d6c057976c2c5c299cc44d3e8973961bd53b10f2ef8ce127f697692c894025
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gutentor/assets/library/wow/wow.min.js?ver=1.2.1 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2022 08:53:10 GMT
Accept-Ranges: bytes
Content-Length: 9940
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/1.png
301 Moved Permanently 0 B URL HTTP/1.1 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/1.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /constructionlight/wp-content/uploads/2018/02/1.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Sep 2022 03:18:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 04:18:43 GMT
Location: https://demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/1.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vn4V1rkadSLC2pB8XNjIUuVW1skrJD83CjvaPhnN3I3opnlhiBMtC3fYY9u1RdwPVOjR7n%2FU2er7Ot2ZJ84yuGc5269cXsE97REzZkxjW70hvjdwxia096wPgeRyKbCo8is3znm8rr8NwOg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744b56fb4a83b51b-OSL
alt-svc: h2=":443"; ma=60
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/5.png
301 Moved Permanently 0 B URL HTTP/1.1 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/5.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /constructionlight/wp-content/uploads/2018/02/5.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Sep 2022 03:18:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 04:18:43 GMT
Location: https://demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/5.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cwyjw%2BQMq3ij6ibqx47W%2FrOtrdbcsqIiYwMNEuWC0%2F5RvC8VSDrPc2qXAkCL1lvL4Xu3EHMtSqECIkBUZrOU9GC5O99N7cK598H0v1m8QpKD6gTNJjNOZyRniKOfKdJ3C64iYKPfWg4t4ZY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744b56fb4894b529-OSL
alt-svc: h2=":443"; ma=60
sgassocites.com/wp-content/themes/construction-light/assets/library/bootstrap/js/bootstrap.min.js?ver=2.0.3
200 OK 58 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/library/bootstrap/js/bootstrap.min.js?ver=2.0.3
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (56011)
Hash b5682322ac78d9a3080aec74a3d835da
7fdd9c91c9f7962fb766d032edf6fbb3d77061fb
24ec11a38d700cd9ed4802ce950ba42072a50b77bee1befd42594ca78400832d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/assets/library/bootstrap/js/bootstrap.min.js?ver=2.0.3 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 58077
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/themes/construction-light/assets/js/isotope.pkgd.js?ver=1.0.0
200 OK 118 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/js/isotope.pkgd.js?ver=1.0.0
IP
ASN #209737 Meric Internet Teknolojileri A.S.
Size 118 kB (117496 bytes)
Hash 8154e8fbd4726e0c6d6278e135886800
a973947a88f3accb86dc53a5e2199c53b85a8a5b
875f3e701cded78f17d66dd2158d53ef4cff9e63cad06bd5b8be6b7130a5b2d0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/assets/js/isotope.pkgd.js?ver=1.0.0 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 117496
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/themes/construction-light/assets/js/odometer.js?ver=1.0.0
200 OK 23 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/js/odometer.js?ver=1.0.0
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (1785)
Hash 2f0c9cf34f89853f7228e1a4f7ebc758
22b6dd867e13e6d0b871b634872872bc41286c47
2af946c8ebfde6ab2cda55df4121fe6cf2970e91e9353bcb8aab12f29322be37
GET /wp-content/themes/construction-light/assets/js/odometer.js?ver=1.0.0 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 22992
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/themes/construction-light/assets/library/owlcarousel/js/owl.carousel.min.js?ver=2.3.4
200 OK 46 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/library/owlcarousel/js/owl.carousel.min.js?ver=2.3.4
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (31997)
Hash a296eda1d6afbd2eb4aa16b2fee283c3
2f4e39700a4ac8e2aef2e2f0b6f2ba9686b08a6d
6027f305e2422a834e691841d9514bb4758daccba9ad2d259d4c9e0822b9f8f7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/assets/library/owlcarousel/js/owl.carousel.min.js?ver=2.3.4 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 46127
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/plugins/gutentor/assets/library/magnific-popup/jquery.magnific-popup.min.js?ver=1.1.0
200 OK 25 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/gutentor/assets/library/magnific-popup/jquery.magnific-popup.min.js?ver=1.1.0
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (21872), with CRLF line terminators
Hash 9d26acb85807447299d4cabeb01d1a8c
af15690d27334ccda0f232e961fe6af121216abb
7a29cdbc1b3a988460447439264ca6fe242fe9104611c6d1aa2261f9fa519d6c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gutentor/assets/library/magnific-popup/jquery.magnific-popup.min.js?ver=1.1.0 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Tue, 21 Jun 2022 15:38:26 GMT
Accept-Ranges: bytes
Content-Length: 24830
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
sgassocites.com/wp-content/plugins/gutentor/assets/library/theia-sticky-sidebar/theia-sticky-sidebar.min.js?ver=4.0.1
200 OK 7.2 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/gutentor/assets/library/theia-sticky-sidebar/theia-sticky-sidebar.min.js?ver=4.0.1
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type HTML document, ASCII text, with very long lines (7155), with no line terminators
Hash b0cc7686d5d385d209745037dc2cd60f
55818667b29ddd794d1fd76093a6ee719feee735
a49884b32d0b78e81a64496e3ce5b48b984636f91d06339ed4601d29d9675386
GET /wp-content/plugins/gutentor/assets/library/theia-sticky-sidebar/theia-sticky-sidebar.min.js?ver=4.0.1 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2022 08:53:10 GMT
Accept-Ranges: bytes
Content-Length: 7155
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/3.png
301 Moved Permanently 0 B URL HTTP/1.1 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/3.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /constructionlight/wp-content/uploads/2018/02/3.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Sep 2022 03:18:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 04:18:43 GMT
Location: https://demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/3.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfhm1xOV2Ny0dMD%2FRAcbTeznKlhuGoK7X0Yq7PwFdsBVOmLThI37%2BjGJUrJYrMsamXxW8%2BUHovgruwXQaVnqovygC5gfXCvYTutTJX4H0zEgP0TLNq7Z%2BHbFNjWU%2FMv1CvTnXxGJ6HobexY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744b56fb8aaf0b39-OSL
alt-svc: h2=":443"; ma=60
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/4.png
301 Moved Permanently 0 B URL HTTP/1.1 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/4.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /constructionlight/wp-content/uploads/2018/02/4.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Sep 2022 03:18:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 04:18:43 GMT
Location: https://demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/4.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YBy2BjQulcepwITlZsjem0N9WeDiZB%2Fq68WvU897MM0ySRDRTXeMhul0rkvpdQWGn4bfM9VHgb1Z7SSnxcMzgJ8AdHiKGNI1IBd4wQSJLNXy2saYWCN9zsH8C5PHJc%2Bwox2s6LU4LtSW7e8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744b56fbba7c0afe-OSL
alt-svc: h2=":443"; ma=60
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/6.png
301 Moved Permanently 0 B URL HTTP/1.1 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/6.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /constructionlight/wp-content/uploads/2018/02/6.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Sep 2022 03:18:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 04:18:43 GMT
Location: https://demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/6.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdx7nseTKkMa5N0kpG8gkZsXyoBHxRbTEo8CpFdOCzHkIm0Rp9eNfqL%2BpKGbN66Jczu3Rex3we43BVjMtI13T0L8MHgktVwXyc4c6jfeZ79TpnDZF4HnRKci7MGrgp5rVNnfAMorHzTQaok%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744b56fbbbdbb4e8-OSL
alt-svc: h2=":443"; ma=60
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/2.png
301 Moved Permanently 0 B URL HTTP/1.1 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/2.png
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /constructionlight/wp-content/uploads/2018/02/2.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 301 Moved Permanently
Date: Sat, 03 Sep 2022 03:18:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 04:18:43 GMT
Location: https://demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/2.png
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8FHgTDXw3YOZGJ64HrdMboP3THoVgD51n%2BB5NBzM%2BB%2F4suYUjCP8dvfGiQKG3EnozQE7OwNlF8o%2FpzUIOwMFxkmjHIo2js9FIgc2u%2FLFejCKWcvrgByovkiego7L4CDk7CutcL3sOxpFoM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744b56fbdaebb51b-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 03 Sep 2022 02:38:17 GMT
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 03:29:34 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: yX3BQ8jh4QSrd0oRKWK3-yd-_FuPqgWOWgfV0K2Zqn0FYHKwHfQbvw==
Age: 2427
sgassocites.com/wp-content/themes/construction-light/assets/js/skip-link-focus-fix.js?ver=20151215
200 OK 2.5 kB URL HTTP/1.1 sgassocites.com/wp-content/themes/construction-light/assets/js/skip-link-focus-fix.js?ver=20151215
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type ASCII text, with very long lines (1785)
Hash effb55c72e175c059b191b431f604db5
2daa6e2506ae0ad3965000efa3bb8379888cffba
eb0b2a3ec0b51a08ef373087fcedaef8e8011e1d98b730e710c81c6e0031c52e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/construction-light/assets/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 12 Dec 2020 05:42:48 GMT
Accept-Ranges: bytes
Content-Length: 2470
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 03:18:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sgassocites.com/wp-content/uploads/2021/12/sga2.png
200 OK 15 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2021/12/sga2.png
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type PNG image data, 290 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash dd75277641a45e91bca8e211684224ef
d681a792d434f47a9b93a3afe6a46039c7fc4836
2e867cf4f664e4585356641e90da4ecee7abc799de18d982d86d3b03538486fb
GET /wp-content/uploads/2021/12/sga2.png HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 04 Dec 2021 18:32:05 GMT
Accept-Ranges: bytes
Content-Length: 15193
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/webfonts/fa-solid-900.woff2
200 OK 76 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/webfonts/fa-solid-900.woff2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type Web Open Font Format (Version 2), TrueType, length 76084, version 330.-16253\012- data
Hash f6121be597a72928f54e7ab5b95512a1
b2c74520c3f506efbfefca867918e5ae28bd5222
787d76ad6deab67ccf8bac1b584260205e114f508fc5542b612e3f75d49a34e4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gutentor/assets/library/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/css/all.min.css?ver=5.12.0
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2022 08:53:10 GMT
Accept-Ranges: bytes
Content-Length: 76084
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: font/woff2
sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/webfonts/fa-brands-400.woff2
200 OK 76 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/webfonts/fa-brands-400.woff2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type Web Open Font Format (Version 2), TrueType, length 75936, version 330.-16253\012- data
Hash 822d94f19fe57477865209e1242a3c63
f356aa2e4d9b7245985d312d3bfba180f774e3b7
8e4560c16c7970efa47680450b2cf239d4a482c056d308acea12bb9022906c8b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gutentor/assets/library/fontawesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/css/all.min.css?ver=5.12.0
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2022 08:53:09 GMT
Accept-Ranges: bytes
Content-Length: 75936
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: font/woff2
sgassocites.com/wp-content/uploads/2021/11/banner5.jpg
200 OK 143 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2021/11/banner5.jpg
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x763, components 3\012- data
Size 143 kB (142583 bytes)
Hash 25ecbe242c3cfcf009dc831821950eb4
c55c8bb168d453933027d7cc2e994b262e6875f3
1c59679f54c1836c91a4b4cea1507893c63c1ee9c74a36ca1bdf72cefe88c3dc
GET /wp-content/uploads/2021/11/banner5.jpg HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 27 Nov 2021 06:08:07 GMT
Accept-Ranges: bytes
Content-Length: 142583
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
sgassocites.com/wp-content/uploads/2021/11/pexels-photo-224924.jpeg
200 OK 227 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2021/11/pexels-photo-224924.jpeg
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x853, components 3\012- data
Size 227 kB (227445 bytes)
Hash 7ec9b8ac726019be0666e134e5d76a55
f60835246df8d8647ebcbffeba9bd405223fa1bf
3a5be3dcb64b2f216d256e3175ab74ed533fabd81eae77bca1133250f6867c40
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2021/11/pexels-photo-224924.jpeg HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 27 Nov 2021 06:08:08 GMT
Accept-Ranges: bytes
Content-Length: 227445
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
sgassocites.com/wp-content/uploads/2021/11/slider4.jpg
200 OK 80 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2021/11/slider4.jpg
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 1900x1000, components 3\012- data
Hash a9004d8e476cc4b096f3acc97b6e9d6f
64d4fe8f695c246d6d7e1a1b58869e8b20087353
d6356e6cd1c9e1f9c3dc8ec39b12ec4e958c96264005e4ce3785610515a634f7
GET /wp-content/uploads/2021/11/slider4.jpg HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 27 Nov 2021 06:08:06 GMT
Accept-Ranges: bytes
Content-Length: 80118
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg
sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/webfonts/fa-regular-400.woff2
200 OK 14 kB URL HTTP/1.1 sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/webfonts/fa-regular-400.woff2
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type Web Open Font Format (Version 2), TrueType, length 13576, version 330.-16253\012- data
Hash 9efb86976bd53e159166c12365f61e25
830f8653e5f4a5331ac0b47c5701f65fe9f1bb32
86e496b536b26ba60cdb68df9dd9143b19a63b65e30e373b0321833aab1295d6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gutentor/assets/library/fontawesome/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://sgassocites.com/wp-content/plugins/gutentor/assets/library/fontawesome/css/all.min.css?ver=5.12.0
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Wed, 27 Apr 2022 08:53:09 GMT
Accept-Ranges: bytes
Content-Length: 13576
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: font/woff2
ocsp.digicert.com/
200 OK 471 B IP
Hash 21daf45cdda2eb462873226bb5c1f0fb
4d4621bbf1461f35f7e536c1dbd9de71978ffa23
8164c742d013bdc2836cac1167acfe482547347ab6a1daefa15475f694dae057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5560
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 03:18:43 GMT
Last-Modified: Sat, 03 Sep 2022 01:46:03 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 03:18:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 03:18:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sgassocites.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 02:02:22 GMT
expires: Sun, 03 Sep 2023 02:02:22 GMT
cache-control: public, max-age=31536000
age: 4582
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sgassocites.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 200676
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 17032, version 1.0\012- data
Hash 05a47f9e469d408c629f931cd33ff8b2
823f21f7b1d456db889c3afea393f0d2b9581c38
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38
GET /s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sgassocites.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:51:08 GMT
expires: Thu, 31 Aug 2023 19:51:08 GMT
cache-control: public, max-age=31536000
age: 199656
last-modified: Wed, 11 May 2022 19:24:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sgassocites.com/wp-content/uploads/2021/03/img1-350x280.jpg
200 OK 39 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2021/03/img1-350x280.jpg
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 350x280, components 3\012- data
Hash ece0fdc05d662261b3f958d2c632cf02
3d85f450e1bd7b7d3fe813c3fd919e218c8a87c3
337fb0177d63089280e137a79bf7cfe72afa9783f30cd7aef1c9de273b666662
GET /wp-content/uploads/2021/03/img1-350x280.jpg HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 27 Nov 2021 06:07:15 GMT
Accept-Ranges: bytes
Content-Length: 39014
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg
sgassocites.com/wp-content/uploads/2019/04/ship-4088267_1280-350x280.jpg
200 OK 24 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2019/04/ship-4088267_1280-350x280.jpg
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 350x280, components 3\012- data
Hash 493038cc67f6a4508dc28a121f88d756
1043752fec6845ff45b23bd772acf685ce771fdb
6bf1f9c414dc321df0b7fd42823b8b560e4e4836418c5dee5389bca26324c69a
GET /wp-content/uploads/2019/04/ship-4088267_1280-350x280.jpg HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 27 Nov 2021 06:06:19 GMT
Accept-Ranges: bytes
Content-Length: 24432
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 03:18:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 03:18:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/4.png
200 OK 1.2 kB URL HTTP/2 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/4.png
IP
File type PNG image data, 183 x 132, 8-bit grayscale, non-interlaced\012- data
Hash f474fdf9d1ad2a55526251cd0e07656e
b842cc6ef45cb74d69490e84f19f080909bfc69e
2eaa844b3a4a48ae2fffb55aac53a78101161134324b1ab0ecf9e2dc5cfdfae4
GET /constructionlight/wp-content/uploads/2018/02/4.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sgassocites.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 03:18:44 GMT
content-type: image/png
content-length: 1244
cache-control: public, max-age=31557600
expires: Sun, 03 Sep 2023 08:53:53 GMT
last-modified: Fri, 19 Apr 2019 04:18:36 GMT
vary: User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1491
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=12cQiMKFi04E95vDzlymniA0%2FvZo7OXnsmBBGxsfzHujoDu7ylyysDpEXEr9mCzwNc2fQd0R4pueMempX6iHTe7JmE3XpiEv1rqPW7Jt7FYCv%2FEt82JZvCqKOE1TygfbnrIDjUpcMOQBXL4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b56fdcf9eb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://sgassocites.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:34:08 GMT
expires: Thu, 31 Aug 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 200676
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/1.png
200 OK 1.5 kB URL HTTP/2 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/1.png
IP
File type PNG image data, 183 x 132, 8-bit grayscale, non-interlaced\012- data
Hash 1328b2908e80cec54cc347e177601f8a
280e2051a633d383ef2f7eb0d8e73d23de3c259a
b732ef3d106ebbfb7d02f0534626185cd12b2770cff84673cb143a10238a35f2
GET /constructionlight/wp-content/uploads/2018/02/1.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sgassocites.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 03:18:44 GMT
content-type: image/png
content-length: 1467
cache-control: public, max-age=31557600
expires: Sun, 03 Sep 2023 08:53:53 GMT
last-modified: Fri, 19 Apr 2019 04:18:36 GMT
vary: User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1491
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nGc5WkwCVTHGnubF9Q3XkUyRHI1HoBxKQ91Y0Y1kP6YOmt7vFS6JyQlMHfUklF2R7jR0hVIhXBTbVSSic%2FjXNcQCiEu00uR7IOQM5F1w64plwYrVjKV%2FrV8GIf70nlR1zx%2BWcTXoogbU1Eg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b56fdcfa1b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/6.png
200 OK 1.1 kB URL HTTP/2 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/6.png
IP
File type PNG image data, 183 x 132, 8-bit grayscale, non-interlaced\012- data
Hash 42fb3d813ca72534de457eb65117d2aa
9d842e267860e55493842731a9811a871ec8db84
3ef1e580149664a172c2f0af10d7923a06ec0466c0b1b987423d18edee12a20c
GET /constructionlight/wp-content/uploads/2018/02/6.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sgassocites.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 03:18:44 GMT
content-type: image/png
content-length: 1072
cache-control: public, max-age=31557600
expires: Sun, 03 Sep 2023 08:53:53 GMT
last-modified: Fri, 19 Apr 2019 04:18:36 GMT
vary: User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1491
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MPttYao%2BSSg8hKQacbqGuEz2%2BdNPfzuSYitZvZIyURqauS5NEtcn%2FoV7mBd25bJqHOMtniV6Iiy0vC%2FP97YJJIabM6s5llOAHmFBc36hWFg7fxY4fBuEqLrt7gLP5%2BEXpsw7o8FrO0GgrCY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b56fdcf9fb500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/5.png
200 OK 1.8 kB URL HTTP/2 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/5.png
IP
File type PNG image data, 183 x 132, 8-bit grayscale, non-interlaced\012- data
Hash 98f613e2a473957e2590b366e7f0c6ae
ce6dd40fded19617b833862b3ff1ed6dbb833e4b
02bfff6d225bd379f7fdc5f0884fbdc71e342b59fa5728227d3d92254237f333
GET /constructionlight/wp-content/uploads/2018/02/5.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sgassocites.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 03:18:44 GMT
content-type: image/png
content-length: 1831
cache-control: public, max-age=31557600
expires: Fri, 01 Sep 2023 13:04:34 GMT
last-modified: Fri, 19 Apr 2019 04:18:36 GMT
vary: User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 159250
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VgN1DhWrfRub8lBsUvdwGFkepyuFncc9DWaMByc6GnPJ7SnOjCqZgttQSrJaa2IO%2FLNid4%2FJ06X526H1W1L7%2F6NNapE68LV8gpDXbsUntTKfGa%2FBy1d89kY59V5WrgL%2FQ2%2F7C8FS4%2Fv0xI0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b56fdcfa3b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/3.png
200 OK 1.6 kB URL HTTP/2 demo.sparklewpthemes.com/constructionlight/wp-content/uploads/2018/02/3.png
IP
File type PNG image data, 183 x 132, 8-bit grayscale, non-interlaced\012- data
Hash 1837a31d7e76b6ac28616481b0b2d089
0faed0ad5d2ec0e2db39528fd2c0de0b04b0f594
71b3e68795cd1c766b6d19ca6280cb902d16e455bc74401804fc474588942816
GET /constructionlight/wp-content/uploads/2018/02/3.png HTTP/1.1
Host: demo.sparklewpthemes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sgassocites.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 03 Sep 2022 03:18:44 GMT
content-type: image/png
content-length: 1603
cache-control: public, max-age=31557600
expires: Fri, 01 Sep 2023 13:04:33 GMT
last-modified: Fri, 19 Apr 2019 04:18:36 GMT
vary: User-Agent, Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 159251
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Uqs1W%2BqRYF5Qg%2BqyV5peyacRTpAyjEFg2GNrcj7KZM13MnihaIL4i9yIQ1%2BkoOYpmky%2BVQEKo97L9hSU9yr3ldg5MV%2FeX4rP6qqOhiflcemopEH9xQZljQNoqlfehpWxB0TjjVabiyWJ1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 744b56fdcfa4b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 03:18:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sgassocites.com/wp-content/uploads/2021/03/construction-light-sparkle.jpg
200 OK 92 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2021/03/construction-light-sparkle.jpg
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type JPEG image data, JFIF standard 1.02, resolution (DPCM), density 1x1, segment length 16, baseline, precision 8, 960x625, components 3\012- data
Hash 6283ebbbf1bf5803d1b5ac79488df6ca
93e9ab3c3033b5c5cc5f2491df486294b30a2275
adcb3e3d6142106884ec938fc28daa6eef248e19e6b10a8db55842b317e89867
GET /wp-content/uploads/2021/03/construction-light-sparkle.jpg HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 27 Nov 2021 06:07:41 GMT
Accept-Ranges: bytes
Content-Length: 91756
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/jpeg
sgassocites.com/wp-content/uploads/2021/03/con-1.jpg
200 OK 216 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2021/03/con-1.jpg
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x853, components 3\012- data
Size 216 kB (215605 bytes)
Hash 30f39a0be112ebe22f7a9ff6d1b201e5
300b0fdf2c27526fa37273da83c2645a0b7579af
3a6f89101b47361ad6707bf14070bd2658e671c5196386869084acd38c9c7af8
GET /wp-content/uploads/2021/03/con-1.jpg HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 27 Nov 2021 06:07:37 GMT
Accept-Ranges: bytes
Content-Length: 215605
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Vu6LHd8ZHTwfLSt2cKAO7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eQa8YKaVQovgub4znndxD3CRwyc=
sgassocites.com/wp-content/uploads/2021/03/img1.jpg
200 OK 300 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2021/03/img1.jpg
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 860x573, components 3\012- data
Size 300 kB (300210 bytes)
Hash 2a0ea3fed6161712d7954cfa346fa138
39f27c605e40d28c2cd4eb3f652defb722ea0715
b7457050f50ecc56c21119d03b4948373c4b1721f4fb2f2575816290f7259625
GET /wp-content/uploads/2021/03/img1.jpg HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 27 Nov 2021 06:07:15 GMT
Accept-Ranges: bytes
Content-Length: 300210
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/jpeg
sgassocites.com/wp-content/uploads/2021/11/aboutus.png
200 OK 1.2 kB URL HTTP/1.1 sgassocites.com/wp-content/uploads/2021/11/aboutus.png
IP
ASN #209737 Meric Internet Teknolojileri A.S.
File type PNG image data, 183 x 132, 8-bit grayscale, non-interlaced\012- data
Hash 8d0310db5b08904a021b7fb2fa4f6db8
7956e586dd214b2007d579902d499a9ae63ab6ab
4624033ae3d10d26441fd894fc876517a5a3525234062a86439d1bf2c695b4b4
GET /wp-content/uploads/2021/11/aboutus.png HTTP/1.1
Host: sgassocites.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://sgassocites.com/
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 03:18:43 GMT
Server: Apache
Last-Modified: Sat, 27 Nov 2021 06:08:13 GMT
Accept-Ranges: bytes
Content-Length: 557893
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7747
Expires: Sat, 03 Sep 2022 05:27:52 GMT
Date: Sat, 03 Sep 2022 03:18:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7747
Expires: Sat, 03 Sep 2022 05:27:52 GMT
Date: Sat, 03 Sep 2022 03:18:45 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7747
Expires: Sat, 03 Sep 2022 05:27:52 GMT
Date: Sat, 03 Sep 2022 03:18:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg
200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a1a9b226f6556f7ea2f3e990e618c78
72796327f9481a7516aac1fbfd73a36d69f83626
187b68b54b976b7a1a17928e172c9726b5583b650b982eb5cd2378a4ee2aa54d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93ac38e4-a58e-4303-b7a1-e6c19cc7f80e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7332
x-amzn-requestid: ea4ea9b2-b306-449c-814f-f1447d64ad73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XsLfzHzPIAMFmrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e5931-362f0ddf533fc7905ab1acb5;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 18:38:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sGOpvoSHH63xn1qpb-9sG3YzpxdhLPib3pd5xX9Pvq8-hUIP3iNpQg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 06:23:03 GMT
age: 75342
etag: "72796327f9481a7516aac1fbfd73a36d69f83626"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56dd6e3d-ca6e-4286-b0eb-3fd27d1623d2.jpeg
200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56dd6e3d-ca6e-4286-b0eb-3fd27d1623d2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f297f917b3352765d98f769daca00e70
bb2fbd1fbca9cdccded24d7dbefe16e3e6fc51c2
2b7dcf2d87e0aaa60777d951c0bf324eb01a6cd498a4947ef0db11d05d3f25d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F56dd6e3d-ca6e-4286-b0eb-3fd27d1623d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6387
x-amzn-requestid: 4fc12e7f-2c21-4413-8d5e-39b64e25457e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XdakSFtEIAMFa8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6308714e-330dc2e870f679a0199c22d0;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 07:07:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 2G5352CwenToQgzIw9Z1USSS-yonR_XRisa7W2PQScpb-uifWHdKLQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:20:05 GMT
age: 17920
etag: "bb2fbd1fbca9cdccded24d7dbefe16e3e6fc51c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:02:34 GMT
age: 18971
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4cb62c7c522b71c62a97630d8330ef5
950611314b81428b3d80ff8659272cc800cf48b6
3fd0bbf8a1fe8776136d611d6b99b909b71e6af3a13f8794338af2f0026b59ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7975
x-amzn-requestid: 5ed9a360-5a7f-427a-a750-bd8f25214909
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XwpOBEpjIAMFzXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63102259-4b9d2f6e61cc186f78718168;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 03:09:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BU7CFrnTBhvyqoRVp1t-e_ZErBnJA9l4qGkmxOQd10W48IzyIFGFZw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 03:41:59 GMT
age: 85006
etag: "950611314b81428b3d80ff8659272cc800cf48b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d78cbff83c152b84864606781a29563d
8bdbc6e135be6e582d0e23754399422e3792777b
3c385de9ade05e1652ccc386e73aaccc4c223a07b81af4c5fdf3f73a166909f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb6f5d90-39e2-4288-8685-adf2348d38e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14061
x-amzn-requestid: db7b338c-4fb1-46c0-827a-87e43ceacb90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjB_aFGyoAMFbeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ab062-060509a31e21bd514f736d49;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 00:01:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p_pP4bQ_t2iBcAl5CetPTBaNmV8E_Br_0Mn5qIlGeC8JCmILxA_l6A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 06:03:08 GMT
age: 76537
etag: "8bdbc6e135be6e582d0e23754399422e3792777b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9669117-bdb7-4eca-9f0c-900e888a9a98.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9669117-bdb7-4eca-9f0c-900e888a9a98.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9ae49d397bc8300ce0eceda8175a3ad
087b7d14d84ebb179126c9dcd8964d22f24f30ab
b9daa2fc390a97a4bd622dbdec7fe0fff7e6527ffb844a46b9b87b2bd6e0f006
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe9669117-bdb7-4eca-9f0c-900e888a9a98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13241
x-amzn-requestid: 80083a05-9884-48f8-983b-d4132d7c8a0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMHFgPIAMF9qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-16fd2f06541cb4bc027f153f;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zugAT8FgWA5gShTMABbCTZbZzaCXxM6du0zskoXn-LtzDNb5j4ByeA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:18:36 GMT
age: 18009
etag: "087b7d14d84ebb179126c9dcd8964d22f24f30ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
away.bettershitecolumn.com/away.php?id=98&kid=3467-23&sid=884578-34-76987-11
302 Found 0 B URL HTTP/2 away.bettershitecolumn.com/away.php?id=98&kid=3467-23&sid=884578-34-76987-11
IP
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /away.php?id=98&kid=3467-23&sid=884578-34-76987-11 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sgassocites.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 03:18:45 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?aid=98823&uid=46536-433-636474-23
x-powered-by: PHP/7.3.33
access-control-allow-origin: *
set-cookie: qwerty_away.php=0; expires=Sun, 04-Sep-2022 03:18:45 GMT; Max-Age=86400; path=/
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?aid=98823&uid=46536-433-636474-23
302 Found 0 B URL HTTP/2 away.bettershitecolumn.com/track.php?aid=98823&uid=46536-433-636474-23
IP
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /track.php?aid=98823&uid=46536-433-636474-23 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sgassocites.com/
Connection: keep-alive
Cookie: qwerty_away.php=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 03 Sep 2022 03:18:45 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
200 OK 824 B URL HTTP/2 away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
IP
ASN #206638 PE Brezhnev Daniil
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 982e269869a536191bdce9808e930472
4559c4d49303d0e2b734b3bd806629c12066f111
a7cef100c55d1f3288299ad13859e71e62d6769ea2ce9db406be958fab9ba68d
GET /track.php?tid=54889&lid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://sgassocites.com/
Connection: keep-alive
Cookie: qwerty_away.php=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:45 GMT
content-type: text/html; charset=UTF-8
content-length: 824
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 517dc504ce5b346f816d784ed69e457c
8f046fbcd910620228be4f821bc78f8ca20da0a0
f46464f962fddcddae1feb1978300ac7cf81bbddb8b97780fa8850021d6fc157
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F46464F962FDDCDDAE1FEB1978300AC7CF81BBDDB8B97780FA8850021D6FC157"
Last-Modified: Thu, 01 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15573
Expires: Sat, 03 Sep 2022 07:38:20 GMT
Date: Sat, 03 Sep 2022 03:18:47 GMT
Connection: keep-alive
goldflowerservice.net/w66899721.js
200 OK 49 B URL HTTP/2 goldflowerservice.net/w66899721.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
GET /w66899721.js HTTP/1.1
Host: goldflowerservice.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
goldflowerservice.net/favicon.ico
204 No Content 0 B URL HTTP/2 goldflowerservice.net/favicon.ico
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: goldflowerservice.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goldflowerservice.net/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1
Cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 03:18:47 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 80c17acac0386e6d3a91e1955c8f7015
0adc628e9ada3cfed5fd3162bee2cc00c876ca93
d996b4637bc7de5f12c6a457eac8326711db0b1daede705f81219edb8e596118
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D996B4637BC7DE5F12C6A457EAC8326711DB0B1DAEDE705F81219EDB8E596118"
Last-Modified: Thu, 01 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6343
Expires: Sat, 03 Sep 2022 05:04:30 GMT
Date: Sat, 03 Sep 2022 03:18:47 GMT
Connection: keep-alive
0.goldflowerservice.net/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1
200 OK 18 kB URL HTTP/2 0.goldflowerservice.net/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7643)
Hash 3066cadd24e4512e94dbd80e2185862c
a01c877224c594a1464e95d3d478bcf37f8d94cc
69fe48774869d7682e8c3ef0f0e45254b9b04b610c439c13ffe74ea5a5d715f3
GET /?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1 HTTP/1.1
Host: 0.goldflowerservice.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goldflowerservice.net/
Cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:48 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06; expires=Mon, 03-Oct-2022 03:18:48 GMT; Max-Age=2592000; path=/; domain=0.goldflowerservice.net
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
0.goldflowerservice.net/favicon.ico
204 No Content 0 B URL HTTP/2 0.goldflowerservice.net/favicon.ico
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 0.goldflowerservice.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.goldflowerservice.net/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1
Cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06; uuid=f06e569f-b956-49df-8f7e-8edf29a08e06
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 03 Sep 2022 03:18:48 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
1.goldflowerservice.net/w66899721.js
200 OK 49 B URL HTTP/2 1.goldflowerservice.net/w66899721.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 8b2c9a0f63099698ba10b15b41fa47e4
dba24ca51e5b2c0fba6fa07441972a2fcc217088
dbb05cc7642fa61c7cbeda7a9c1db3e43db644dfd78d14e4f8cf73df3b7689ad
GET /w66899721.js HTTP/1.1
Host: 1.goldflowerservice.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06; uuid=f06e569f-b956-49df-8f7e-8edf29a08e06
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 49
last-modified: Wed, 27 Jul 2022 05:35:25 GMT
etag: "62e0ce9d-31"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
1.goldflowerservice.net/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1
200 OK 18 kB URL HTTP/2 1.goldflowerservice.net/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7636)
Hash ee71854f77580759495f16b0a0c8c2a2
a911c8113b05f277c9f3d0eebab783aee89087b7
645c078ae85758539a303dac2481876db9c182f08505aad8076a86803f9bf4d2
GET /?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1 HTTP/1.1
Host: 1.goldflowerservice.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.goldflowerservice.net/
Cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:50 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06; expires=Mon, 03-Oct-2022 03:18:50 GMT; Max-Age=2592000; path=/; domain=1.goldflowerservice.net
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
goldflowerservice.net/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1
200 OK 53 kB URL HTTP/2 goldflowerservice.net/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334)
Hash 41a48a6dc19d04f4399dad9778602154
a850e4244106237308d10546f3a4ea2491d02302
9efa8dde37620ed3b06df39c1fdd3373cd6cb092ab6a585a6eb268c1b3f72c84
GET /?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1 HTTP/1.1
Host: goldflowerservice.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.bettershitecolumn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:47 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06; expires=Mon, 03-Oct-2022 03:18:47 GMT; Max-Age=2592000; path=/; domain=goldflowerservice.net
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 80c17acac0386e6d3a91e1955c8f7015
0adc628e9ada3cfed5fd3162bee2cc00c876ca93
d996b4637bc7de5f12c6a457eac8326711db0b1daede705f81219edb8e596118
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D996B4637BC7DE5F12C6A457EAC8326711DB0B1DAEDE705F81219EDB8E596118"
Last-Modified: Thu, 01 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6339
Expires: Sat, 03 Sep 2022 05:04:30 GMT
Date: Sat, 03 Sep 2022 03:18:51 GMT
Connection: keep-alive
load.bettershitecolumn.com/sjlash.js
200 OK 0 B URL HTTP/2 load.bettershitecolumn.com/sjlash.js
IP
ASN #206638 PE Brezhnev Daniil
GET /sjlash.js HTTP/1.1
Host: load.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sgassocites.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 02 Sep 2022 10:59:21 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"6311e209-18e0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C500%2C500i%2C700%2C700i%7COpen+Sans%3A300%2C400%2C600%2C700%2C800&subset=latin%2Clatin-ext
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A400%2C400i%2C500%2C500i%2C700%2C700i%7COpen+Sans%3A300%2C400%2C600%2C700%2C800&subset=latin%2Clatin-ext
IP
GET /css?family=Roboto%3A400%2C400i%2C500%2C500i%2C700%2C700i%7COpen+Sans%3A300%2C400%2C600%2C700%2C800&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sgassocites.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 03 Sep 2022 03:18:43 GMT
date: Sat, 03 Sep 2022 03:18:43 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
200 OK 0 B IP
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:51 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 03:18:51 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
200 OK 0 B IP
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goldflowerservice.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:47 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 03:18:47 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
200 OK 0 B IP
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.goldflowerservice.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:50 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 03:18:50 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
1.goldflowerservice.net/?auf=guytqzldhe5diojygyxtonbtgqxtemrpge3dmmrrg42tcmzq&s=1&sub1=&sub2=Zvold1&sub3=&sub4=&cpc=0&cpm=0
200 OK 0 B URL HTTP/2 1.goldflowerservice.net/?auf=guytqzldhe5diojygyxtonbtgqxtemrpge3dmmrrg42tcmzq&s=1&sub1=&sub2=Zvold1&sub3=&sub4=&cpc=0&cpm=0
IP
ASN #39572 DataWeb Global Group B.V.
GET /?auf=guytqzldhe5diojygyxtonbtgqxtemrpge3dmmrrg42tcmzq&s=1&sub1=&sub2=Zvold1&sub3=&sub4=&cpc=0&cpm=0 HTTP/1.1
Host: 1.goldflowerservice.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.goldflowerservice.net/?p=mq2dgm3dgi5gi3bpg42dgna&sub2=Zvold1
Cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06; uuid=f06e569f-b956-49df-8f7e-8edf29a08e06
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:50 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=f06e569f-b956-49df-8f7e-8edf29a08e06; expires=Mon, 03-Oct-2022 03:18:50 GMT; Max-Age=2592000; path=/
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
simple.cofounderspecials.com/tag.js?v=2.00
200 OK 0 B URL HTTP/2 simple.cofounderspecials.com/tag.js?v=2.00
IP
ASN #206638 PE Brezhnev Daniil
GET /tag.js?v=2.00 HTTP/1.1
Host: simple.cofounderspecials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sgassocites.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 31 Aug 2022 20:16:49 GMT
vary: Accept-Encoding
etag: W/"630fc1b1-92c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
simple.cofounderspecials.com/strong.js?v=3.00
200 OK 0 B URL HTTP/2 simple.cofounderspecials.com/strong.js?v=3.00
IP
ASN #206638 PE Brezhnev Daniil
GET /strong.js?v=3.00 HTTP/1.1
Host: simple.cofounderspecials.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://sgassocites.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:44 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 31 Aug 2022 20:17:31 GMT
vary: Accept-Encoding
etag: W/"630fc1db-92c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
oo00.biz/sw/w1s.js
200 OK 0 B IP
GET /sw/w1s.js HTTP/1.1
Host: oo00.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.goldflowerservice.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 03:18:48 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Sun, 03 Sep 2023 03:18:48 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
45.131.0.35
23.36.76.226
142.250.74.163
91.211.91.104
212.129.26.71
185.177.94.108