r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5782
Expires: Thu, 29 Sep 2022 22:05:33 GMT
Date: Thu, 29 Sep 2022 20:29:11 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 20:15:55 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 90mZULkbQ8V9a0AYvA657rpK9bbgN60bm6O-BM7REcny8Gar8KtnAg==
Age: 796
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4XgGjvnWq4a4Ny3UFQJCTEgvg-umMPe9ubo0wd5k2rtciFHcGwN7xg==
age: 54044
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 19:29:33 GMT
Expires: Thu, 29 Sep 2022 19:46:28 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DFa6GW53D5vpps7NmgaQFnl-FhTof9sYUR0Wr7BaANUu5efKSa8rMA==
Age: 3579
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f09cb223e3dc028c58cf32c2274c3766
ca7f1663a1200941986e786353ed2f3ff50bd0b2
9b89a5534b1a84f0a86f150dc7f1f699bb972f7b8e151b29c02454dd939066ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4064
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:12 GMT
Last-Modified: Thu, 29 Sep 2022 19:21:28 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.214.17.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.17.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uAtSKvPRLEjYzMjf9CDGIA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +gO87yGkwtiY3zAVWgYbRkVfK/g=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11825
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:29:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11825
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:29:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11825
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:29:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 47f245f9a098439e59436f81d4c03415
950b3eadfd6fc7f859130fa2c63934c6ccd49889
25f075effbd8acded8f38d69ea17f673de3e197b635274d4c52411ef577fe8e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11825
Expires: Thu, 29 Sep 2022 23:46:18 GMT
Date: Thu, 29 Sep 2022 20:29:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg
34.120.237.76200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aed4d25286420a1405c3274931194002
c17c7bdfa4b40f9a0634da65c610869e5c410bf1
f32058bdd49930b927d1f9fdfd204ed054b4f85e0d679eff067d522d42ac504a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4093
x-amzn-requestid: 4275d743-8507-4fbe-83d1-cc0da2adef7b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKoPHCMIAMF7wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be34-5ddb717430e7b38e3ee53657;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: H713oiiX6wslZytV_P5NblH5vT7KZ2fv1G3DLKLrH5nw0lHOquia4w==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:48 GMT
etag: "c17c7bdfa4b40f9a0634da65c610869e5c410bf1"
content-type: image/jpeg
age: 82106
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4505f57697072468da82e0b536d0d5b
e1067a2dfbc22e7eb196046d57bd1e17604dba75
b5e79054f165f38b99f93a8128284f82076523988aeb102b85dd8ff1a2870d00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10023
x-amzn-requestid: 0cb6b9a1-0707-4094-b197-5a0add2df717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK4dHJLIAMFWmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be9c-2d8bbb17157900f126c5bb3c;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wZ2hBqHAdwimAVV3p-CJFrb9zQ-CTN5ar9CB-cu0mZoENYUFTKKPWQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:43 GMT
age: 82111
etag: "e1067a2dfbc22e7eb196046d57bd1e17604dba75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30471179bd7cdeecea2fa4ea98701aef
2bbcd6305b4da3204bf1c04b6db23d44cfc84fbb
967e070aec3942c64cc6c4cfdc13d430825c9e5c26dbec5bb3d66237d5978dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6362b4f1-5935-43c9-9147-6d019a1ea6cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4235
x-amzn-requestid: 60825c64-7743-4b16-b80d-d1195ccb0f23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK2nFsDoAMFRwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be90-1898e5d9111db7c843c1ebb4;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C-XC9qsktkENdI6lWZp5RQjeEvrrFMUfBq1mA5dxEjRq5tkfL5Jsxw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:40:46 GMT
age: 82108
etag: "2bbcd6305b4da3204bf1c04b6db23d44cfc84fbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11594ce7500d8776bfd5162b17f87d72
72603efba82d649ce5a7a0ca45dc830c0d9ef012
511f5aa33750cd4a02cf3968bf165ffa521e77cb4fb7135b516d7ad14e8b9d01
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14073
x-amzn-requestid: 4ff72590-e28d-4d4b-af1a-4d62e75e3d66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKnpEsJoAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be30-38b014a25551aa0a2ab04ccf;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gP4V4fq53Z5BFfjDlx1LCR9AhUPTq0qusBaOY_UEXjJjM6SByqDgXg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:41:45 GMT
etag: "72603efba82d649ce5a7a0ca45dc830c0d9ef012"
content-type: image/jpeg
age: 82049
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c62a6368c456e9614ca4c8e360a2ef12
35ec6e80d324bb215796c590a7ffafbaea55d88e
90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7859
x-amzn-requestid: 34d0718f-46d4-446f-bb06-8449bd8f4287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZIlO4FcBoAMFy0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63334f2b-58ae81c9077e4f1575750f15;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 19:29:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: XwUZAphoqael30FgWCRQlHqBpjBOSG7rnlbPNKyojhONZ625gCUI5g==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 07:36:34 GMT
age: 46360
etag: "35ec6e80d324bb215796c590a7ffafbaea55d88e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36ae9444071dd70dcf86802c370ffda9
44cc19b21912d07f82a88af5b2fa6d3e370459bf
99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9654
x-amzn-requestid: 7277f59f-452d-4cb6-a76e-1561b4ff3de0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGW2REPzoAMFrww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326b5b-4f5d775830c95b065ce40d3f;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:17:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jTiWrrcC29QaFlnaiNH_KmEaphRZhWyzf1JbWb6uL00D3vOMR7Wfyg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 03:28:09 GMT
age: 61265
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hegodev.com/tds/aietqu
184.168.97.137301 Moved Permanently 1 B IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /tds/aietqu HTTP/1.1
Host: hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
x-powered-by: PHP/7.4.30
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-litespeed-tag: 6ff_HTTP.404,6ff_HTTP.301
x-redirect-by: WordPress
location: https://www.hegodev.com/tds/aietqu
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Thu, 29 Sep 2022 20:29:12 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 15cc1791864e78e4f2d1219e1bc4e4af
4be1a8496350a8144ae81e10bfe413930628c41e
4fe223392c71727585b3e429b7042d076263242036179a1d5fcc812a3c6cee10
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 86e0fe14ac54b7b9131a460fd65d73fd
49ec80657f4183e2ad7e906583b94cbf48a94809
9f30a1437666225f096d72763cf89a4e5ae9e5f501ffed4becc51b08c515cf6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 86e0fe14ac54b7b9131a460fd65d73fd
49ec80657f4183e2ad7e906583b94cbf48a94809
9f30a1437666225f096d72763cf89a4e5ae9e5f501ffed4becc51b08c515cf6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-154422125-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-154422125-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (2039)
Hash d567cef3f1849c1455aa1ab6688b4645
cd1de6ff06224f2735c2b4d8aa38beb8256ef303
6e7b91e20097a5000c9a54ce35541dfe5bf3624165e517c349eeb4eb0793344f
GET /gtag/js?id=UA-154422125-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 29 Sep 2022 20:29:15 GMT
expires: Thu, 29 Sep 2022 20:29:15 GMT
cache-control: private, max-age=900
last-modified: Thu, 29 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42377
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6ac97060c75238244bfa94c6c6f63e40
9a640270fe62b82a8d971472f28a150e23f3a0c2
f7c0b8dc16c4a08e73772eadf8303a509768acf9d70f132c1c1db899534d4bab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8eb56ca84ce38713c2575c9d5506eabe
294a9ea859390bfe5d73cf810eefae10bf0f2f5e
6e7141f2c597344a55bf1d3a3ca0b9f0bf02f32a6046b3bfa03b64048a1d7002
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hegodev.com/tds/aietqu
184.168.97.137404 Not Found 15 kB URL HTTP/2 www.hegodev.com/tds/aietqu
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (39232), with CRLF, LF line terminators
Hash be6c2f24b9bf882917331e8de48e00db
491fc7a226ab255a70c6444872c30b022c3c702a
fdcf59ed68d0371e1ca6e74904d574a865717b3373866a1761dad7b37c1a4375
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /tds/aietqu HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
x-powered-by: PHP/7.4.30
x-litespeed-tag: 6ff_HTTP.404
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.hegodev.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 14645
content-type: text/html; charset=UTF-8
date: Thu, 29 Sep 2022 20:29:14 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2
184.168.97.137200 OK 493 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 34c447fc8b7747ca0cbb40fec67c28cb
5ef14f89ead8d0d496271cc4a0e482419fe4f667
bdb8e3868d4d8efd5135931edd978ed4f16111f110994ff161e44bd7c3d44467
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/slick/slick.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2862-767-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 493
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2
184.168.97.137200 OK 774 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 6e67560034ebfe1a21ca7838a79b3602
98c217a0786d8196f58ac0046e5572f765f50050
447874e04268e1cd9e1269a6df0d7e1a78fdde489d27c7f247052e59aed4c5b1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/slick/slick-theme.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2861-d15-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 774
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2
184.168.97.137200 OK 2.0 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9062), with no line terminators
Hash 5c569f4b806cef7bae156536de7a6bbe
e333c2951afcd43c3f67af65eec7798142f3b693
87dfa898fa648e03706e8fa4153e5cada9e2c6dc8954607b419d1aa21f3c55f7
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/css/blocks.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281c-2366-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1955
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2
184.168.97.137200 OK 691 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (2414), with CRLF line terminators
Hash 70e97a82cb2bd23c0544142f7ec5e48f
99ce9a22208dc751c6dab5b3bfbe99a73a0ce01a
807b94feb5ee85ba59311b80b2e6a15dbcf06336949e10c5a28eae5d22bfbe9f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/css/slicknav.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e281f-9cd-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 691
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2
184.168.97.137200 OK 1.4 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa-business/style.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1023), with CRLF line terminators
Hash 73ee631a66b856896702d8f5992129ad
e2a34ecd904e4ae9de4583a545c2717334c385f7
e5f555322926d2339db8f05008e17b35b453350b8ac8c173542845a9b58f571d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa-business/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 15 Apr 2022 11:47:32 GMT
etag: "e3f67-df4-5dcaff9d452af-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1361
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
184.168.97.137200 OK 6.6 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (30429)
Hash de7a7b0a7cefd6f77d360ab9819ce7c5
73ab1b9dbc0f89e39140965f7f6cc4edb723ff77
f085f338dd26cfc96e4b338ffe0a6b2fe8e4eb7477bfa14883646c08f6b49634
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:25 GMT
etag: "e4836-777f-5ac8557aaea40-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 6581
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
184.168.97.137200 OK 12 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (59158), with CRLF line terminators
Hash 37a0cc3233ba8513c0996bf4220250fd
e15ddd5aab9ee220054be8d22178b37ce7862a0e
0c23d7e2429213ce557799efab8f3d55d175b6b40ebc650bd01f70bbf6d1c162
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2808-e7d4-5e4d4065d283a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 12405
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
184.168.97.137200 OK 11 kB URL HTTP/2 www.hegodev.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (43771)
Hash 069a79d16ded6a02071f286cd2025c44
dd5970e01b8a10dadcf074f72a1c8095f25e947a
78261bccee805c6913bf7e23e2e25314f05f690300a77a40ca36e1e516b20203
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 04 Jul 2022 12:10:37 GMT
etag: "125f63-15b64-5e2f99fa9e940-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10912
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
184.168.97.137200 OK 628 B URL HTTP/2 www.hegodev.com/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1626)
Hash 5b31f9f2f4e068d0932e615b4c1430d7
a84aad0dae77532f66a7777d67facca9a2e6ab6f
af3fdfe4f024a9ae6bad6e550e63a4636396208b9554a2eb5aa4f8a4de716d0e
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 18 Aug 2016 18:55:30 GMT
etag: "164a9e-71b-53a5d2030ec80-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 628
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8
184.168.97.137200 OK 993 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/navigation.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 0880979edd9517f9a7b7307495d2e853
9680cf285e27e869e1b90baaea045cc375e0a2c1
a25525fac97c4a6cb0c565349aeeae0f79b5bdedc77c88f7521e946bb7567924
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/navigation.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287a-17ab-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 993
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8
184.168.97.137200 OK 1.1 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (2639), with no line terminators
Hash cb816e47ca3d13aad71248bbeabff91e
f2c86e70321390663f230239416c8b747f9c94f1
28ca5b93945b26543a79912da6b4651fdf0f1b7880f76f388c73e88f934c2113
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/html5shiv.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287f-a4f-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1132
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0
184.168.97.137200 OK 3.0 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1577)
Hash c42db5fc087004f61b1fd52f2fa6589a
d315714e57e1b83e3851a3261bcb6f3a8f8aedbd
47bec89c01cd4cc1e52ab92fcd1d1f50d73342d368064fd693a619e8072d4f93
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:38 GMT
etag: "105ac6-2e7a-5e4d403037d5f-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 3018
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
184.168.97.137200 OK 19 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65319), with CRLF line terminators
Hash a08b37e95872eb5945c89f729fe74d26
a4e542358e28aacc01fb2ca977feaf1567a35bc9
1210d07107cc6e06709991d7e78d50039183e90962f7e8a92744134a40a37878
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/bootstrap/css/bootstrap.min.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2811-2268e-5e4d4065d2c22-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 18894
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
184.168.97.137200 OK 4.6 kB URL HTTP/2 www.hegodev.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (11126)
Hash 55050b24c45c4eb4288d37c787febc62
0e2e51876c68c377021c7ca922b671df43f40667
6f37b7fe435d863f1b2e3671ae9ccdab95189f4bfba860383e48cf2d1306467a
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 12:05:35 GMT
etag: "164a9d-3602-5e942e0f8e243-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4641
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2
184.168.97.137200 OK 23 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/style.css?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1137)
Hash 951d728eb6833d22f9c81d65f0b86125
2eb36f396caa9da773c34cade2459e2b39d7153f
61703f377447272f82b6f36cbaaee9a0f31a037c64a6f4e9b803aafae34b6efc
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/style.css?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "12338a-2948d-5e4d4065d0ce2-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 22726
content-type: text/css
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8
184.168.97.137200 OK 2.5 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (8320), with CRLF line terminators
Hash f4d1dc17a8b538c2c3ea8ff13ea6d10b
a0bac998d0ac28f0e5b6a2993190daa435861724
2e2949f1f3b9db6036a9c9d97b431623572ce674e9944e44d2f2807061fcfe64
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/jquery.slicknav.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e287e-20e6-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 2504
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2
142.250.74.10200 OK 2.6 kB URL HTTP/2 fonts.googleapis.com/css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2
IP 142.250.74.10:0
Hash 0b52112ec18c1ce6030e6ef90732911c
9615d4d22b3b57f3efa6618b3ce470efc279472e
e7d3c4a343439d096bb344fcaf5e062b925450c8fd28d16a8c8f11643a0e3efe
GET /css2?family=Bai+Jamjuree%3Aital%2Cwght%400%2C200%3B0%2C300%3B0%2C400%3B0%2C500%3B0%2C600%3B0%2C700%3B1%2C300%3B1%2C400%3B1%2C500%3B1%2C600%3B1%2C700&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 20:29:15 GMT
date: Thu, 29 Sep 2022 20:29:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2
184.168.97.137200 OK 1.7 kB URL HTTP/2 www.hegodev.com/wp-includes/js/imagesloaded.min.js?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (5477)
Hash b1ead9e078b8c6a5044a583ef6fbbd5e
577658f92d2657f1131a97b6f128dfdb50d21d1a
b337360f9345d0763a9394d9a2b032459e0fe6199bee2a4b76f2b8ca24d8b867
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-includes/js/imagesloaded.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126622-15fd-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1733
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8
184.168.97.137200 OK 1.6 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (5370), with CRLF line terminators
Hash e74167fd14ae4f773d3afd5138ad81f2
9062953647b497a403cec22ad1ca2d31f76d96b2
b3539412526d3a6c6f18e32b9bcacb4274e51b44e876fb6ad9a02f8449c61c52
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/theia-sticky-sidebar.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2875-1537-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 1636
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8
184.168.97.137200 OK 338 B URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with CRLF line terminators
Hash 295d8e7be879e4b8f375f36a9ac45e07
616274653f472969eaa37880ce42db18be993aae
ace732d52491f3fafa3b95770ce6e10b0ef7ce9c87ea178cb8f75927b2379417
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/js/skip-link-focus-fix.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2876-2cc-5e4d4065d4392-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 338
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
184.168.97.137200 OK 4.6 kB URL HTTP/2 www.hegodev.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (15660)
Hash a0083d25b89ea80ecd2393db9f865d62
24eaf2df7c722fb13f2b5bf77ada5ee446720c25
f7533cb93f2efbb9e3bccfa9ff4036a2cafa7dd1bd4d66bea4833306b321e957
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
etag: "126637-48b9-5dc6eb878efc0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4614
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670
184.168.97.137200 OK 4.7 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (12498), with no line terminators
Hash 178e76046eb0e7272c90d4c8f5c6a582
0f6b3d54c1630ac1fe511a9de4dc6963c0f66c0c
4c78ef5db663c8ceb5185f1ed58195e871afd4f036eb89a83776f8851ad79c2b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=670 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:08:33 GMT
etag: "1059d1-30d2-5e4d402ba7d82-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 4706
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
184.168.97.137200 OK 31 kB URL HTTP/2 www.hegodev.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (62845)
Hash 7e34be448eebf21b9ab8cfcd8fde9504
a4e968811822f988b09ad62e4701286a6fad2e75
7893733ef7a787b4d182abf64a9fc6cbc40c9cced8b203dca707d4d09bc8bd6f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 13:07:21 GMT
etag: "164aa5-167db-5e943bde0430c-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 30937
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2
142.250.74.163200 OK 11 kB URL HTTP/2 fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10840, version 1.0\012- data
Hash 1dfdc31ff2064daaaf92877a90bed3b8
a538ee943a4cc54748827e91b91fb5932d3fde50
f5346003928ce35756d754b207e777261fc6b226caf252f5c07e302a3ed2accd
GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0gebelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10840
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 10:56:22 GMT
expires: Thu, 28 Sep 2023 10:56:22 GMT
cache-control: public, max-age=31536000
age: 120775
last-modified: Tue, 19 Apr 2022 18:13:26 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2
142.250.74.163200 OK 11 kB URL HTTP/2 fonts.gstatic.com/s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10808, version 1.0\012- data
Hash 813e62d2193672e925a80aa9c4a85696
248768195074f87fd8bee6b45e87ab265d4ce7f1
2a257de7d16cbc56379bbeba00afc1533e9aee044331ef5d618ec6db47ba103c
GET /s/baijamjuree/v11/LDIqapSCOBt_aeQQ7ftydoa0reHelJo0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10808
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 07:13:35 GMT
expires: Fri, 29 Sep 2023 07:13:35 GMT
cache-control: public, max-age=31536000
age: 47742
last-modified: Tue, 19 Apr 2022 18:08:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 18:01:25 GMT
expires: Sun, 24 Sep 2023 18:01:25 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 440872
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 20:29:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2
184.168.97.137200 OK 7.1 kB URL HTTP/2 www.hegodev.com/wp-includes/js/masonry.min.js?ver=4.2.2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (23966)
Hash b15709b26cbed268be463aeb7221d12d
8ece754f196cdbace087ee39d77784626f1bac9a
381c481a826838b8eadc28c8290f1928bea7edb660da92dfc08dd6bdf2d37122
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: "126636-5e4a-5a7fbb57c37c0-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 7130
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8
184.168.97.137200 OK 10 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (42862), with CRLF line terminators
Hash 73b81ca4bccda384885bffd32b65d8e8
f66055b3dbf1ede1f0c2fa56a888981c3961bfe6
668d4731db28264dbce69d3dd601d722b0dcb1c785e8b2e8a58d81f1cfba00d6
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/slick/slick.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e286a-a770-5e4d4065d3faa-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 10104
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8
184.168.97.137200 OK 14 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type ASCII text, with very long lines (50758), with CRLF line terminators
Hash 0ee8c174de1686d6078ac63eda46404e
cc0de71ae4dde2bf22a32776e517d80777f204ad
53c30939a24897a873222ecebb9228316342f1b96bdd5849f9bcf847b707fa45
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/bootstrap/js/bootstrap.min.js?ver=0.8 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e2815-c765-5e4d4065d300a-br"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: br
content-length: 13455
content-type: application/javascript
date: Thu, 29 Sep 2022 20:29:15 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg
184.168.97.137200 OK 30 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/images/bosa-360-200.jpg
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 360x203, components 3\012- data
Hash 624934584c27faf93df0f15f1ab5f7c3
ecd3df25050330a2ce11d4e1f7e8e22b2229eb95
29d4c1b20b4ed7a5c8e399e46879567e0f31f7b75205dd6355cc455382b14aa1
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/themes/bosa/assets/images/bosa-360-200.jpg HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e282f-739a-5e4d4065d33f2"
accept-ranges: bytes
content-length: 29594
content-type: image/jpeg
date: Thu, 29 Sep 2022 20:29:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2
184.168.97.137200 OK 80 kB URL HTTP/2 www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 80252, version 331.-31327\012- data
Hash 9ae050d1876ac1763eb6afe4264e6d5a
72344eab2e7431eec313caa21f266cbfda7caf60
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/themes/bosa/assets/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/themes/bosa/assets/font-awesome/css/all.min.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 28 Jul 2022 02:09:34 GMT
etag: "1e27f7-1397c-5e4d4065d206a"
accept-ranges: bytes
content-length: 80252
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Thu, 29 Sep 2022 20:29:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/uploads/2020/09/cropped-image-1.png
184.168.97.137200 OK 6.6 kB URL HTTP/2 www.hegodev.com/wp-content/uploads/2020/09/cropped-image-1.png
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type PNG image data, 135 x 74, 8-bit/color RGBA, non-interlaced\012- data
Hash d00f913aa1e1765eb74ed5d4956150c2
ef2e07c16e3925f1ff81abeb19f0a78aeca57f3c
ee599d1ea592c3f277f3490e3e235f0f651ece900b0115c0ccf59ce26eb410e3
Analyzer Verdict Alert quad9 Sinkholed
GET /wp-content/uploads/2020/09/cropped-image-1.png HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/tds/aietqu
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 14 May 2021 09:07:54 GMT
etag: "105cc7-19ee-5c24694418095"
accept-ranges: bytes
content-length: 6638
content-type: image/png
date: Thu, 29 Sep 2022 20:29:17 GMT
server: Apache
X-Firefox-Spdy: h2
www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0
184.168.97.137200 OK 98 kB URL HTTP/2 www.hegodev.com/wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0
IP 184.168.97.137:0
ASN #26496 AS-26496-GO-DADDY-COM-LLC
File type Web Open Font Format, TrueType, length 98024, version 4.7\012- data
Hash fee66e712a8a08eef5805a46892932ad
28b782240b3e76db824e12c02754a9731a167527
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /wp-content/plugins/contact-widgets/assets/fonts/fontawesome-webfont.woff?v=4.7.0 HTTP/1.1
Host: www.hegodev.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.hegodev.com/wp-content/plugins/contact-widgets/assets/css/font-awesome.min.css?ver=4.7.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 10 Aug 2020 12:46:28 GMT
etag: "e483e-17ee8-5ac8557d8b100"
accept-ranges: bytes
content-length: 98024
vary: Accept-Encoding,User-Agent
content-type: font/woff
date: Thu, 29 Sep 2022 20:29:17 GMT
server: Apache
X-Firefox-Spdy: h2
away.bettershitecolumn.com/hit.php?a=1311&b=334-1166-567334-46
91.211.91.104302 Found 0 B URL HTTP/2 away.bettershitecolumn.com/hit.php?a=1311&b=334-1166-567334-46
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /hit.php?a=1311&b=334-1166-567334-46 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 29 Sep 2022 20:29:18 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
91.211.91.104302 Found 0 B URL HTTP/2 away.bettershitecolumn.com/track.php?nid=54889&yid=9554-66-457679-29
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /track.php?nid=54889&yid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hegodev.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 29 Sep 2022 20:29:18 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
91.211.91.104200 OK 816 B URL HTTP/2 away.bettershitecolumn.com/track.php?tid=54889&lid=9554-66-457679-29
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 6bac0faa39c53c5cd2957f588b23c83f
6ae5c29908a38628e133d0f2aa7865ee052d1564
4f8ba92935c40b31f61ae2d3edb3a4fa7842716beac9e7d5be0a1deae887b586
Analyzer Verdict Alert quad9 Sinkholed
GET /track.php?tid=54889&lid=9554-66-457679-29 HTTP/1.1
Host: away.bettershitecolumn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.hegodev.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:18 GMT
content-type: text/html; charset=UTF-8
content-length: 816
vary: Accept-Encoding
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9e78811da7e103e73261ab022d74a10b
8efd6d841ef786645cd5a0fcf2676fb9e8c6397e
1a763759c4e128a6bac5bacb72e88d4d21f5650bd9196ae87618e1247f3bcd98
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A763759C4E128A6BAC5BACB72E88D4D21F5650BD9196AE87618E1247F3BCD98"
Last-Modified: Tue, 27 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11163
Expires: Thu, 29 Sep 2022 23:35:22 GMT
Date: Thu, 29 Sep 2022 20:29:19 GMT
Connection: keep-alive
silverlinetogther.com/b81698fd2.js
185.177.94.152200 OK 54 B URL HTTP/2 silverlinetogther.com/b81698fd2.js
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 30c1fd0f847f40d79960103f317ec07d
a0d13efcd4192c63adc1eabfb05717ad1cebd931
556ec061bb60ac3e9a1769e325fa43e4e6c1351216161560bdd37356956dbd1f
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /b81698fd2.js HTTP/1.1
Host: silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Sat, 02 Jul 2022 04:59:02 GMT
etag: "62bfd096-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
silverlinetogther.com/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 silverlinetogther.com/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.com/go/he2tszrzmq5dcmbugayq?sub2=dpicer5
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 29 Sep 2022 20:29:19 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4f61aae79fa723a918640005c6f5ec7e
04398234e882ee3527db3c3d8f6e483985c32166
9a5421ec3b32a2aff8941b90f245de9d5d711e9afb2e7d15778382a8c7fb433a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9A5421EC3B32A2AFF8941B90F245DE9D5D711E9AFB2E7D15778382A8C7FB433A"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=746
Expires: Thu, 29 Sep 2022 20:41:45 GMT
Date: Thu, 29 Sep 2022 20:29:19 GMT
Connection: keep-alive
0.silverlinetogther.com/b81698fd2.js
185.177.94.152200 OK 54 B URL HTTP/2 0.silverlinetogther.com/b81698fd2.js
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 30c1fd0f847f40d79960103f317ec07d
a0d13efcd4192c63adc1eabfb05717ad1cebd931
556ec061bb60ac3e9a1769e325fa43e4e6c1351216161560bdd37356956dbd1f
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /b81698fd2.js HTTP/1.1
Host: 0.silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7; uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Sat, 02 Jul 2022 04:59:02 GMT
etag: "62bfd096-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
0.silverlinetogther.com/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 0.silverlinetogther.com/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 0.silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.silverlinetogther.com/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7; uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 29 Sep 2022 20:29:20 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 62cdb0c97e2d0c0773060ebfcb960643
3d2aea9c5c6fba5b72766c72c123b6ecdf52eb9d
3bb477d2001857f82ab93b324cd45051e87ef77d3a0f8541dc074a64e1133de9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3BB477D2001857F82AB93B324CD45051E87EF77D3A0F8541DC074A64E1133DE9"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14374
Expires: Fri, 30 Sep 2022 00:28:54 GMT
Date: Thu, 29 Sep 2022 20:29:20 GMT
Connection: keep-alive
0.silverlinetogther.com/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5
185.177.94.152200 OK 13 kB URL HTTP/2 0.silverlinetogther.com/index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7729)
Hash 20e91992de1ce515b39e3fc4ac601907
1aa6bf8bb697c011d07b2daf1b5d8eb461bb7907
8f8abac303fea9d16625ac1d432b7e3c2078d3b7346cefd5cc1463bfc6d605f9
Analyzer Verdict Alert quad9 Sinkholed
GET /index.php?p=he2tszrzmq5dcmbugayq&sub2=dpicer5 HTTP/1.1
Host: 0.silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.com/
Cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:20 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7; expires=Sat, 29-Oct-2022 20:29:20 GMT; Max-Age=2592000; path=/; domain=0.silverlinetogther.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
silverlinetogther.com/go/he2tszrzmq5dcmbugayq?sub2=dpicer5
185.177.94.152200 OK 0 B URL HTTP/2 silverlinetogther.com/go/he2tszrzmq5dcmbugayq?sub2=dpicer5
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /go/he2tszrzmq5dcmbugayq?sub2=dpicer5 HTTP/1.1
Host: silverlinetogther.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.bettershitecolumn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:19 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=89bb7ef6-d2ec-4c1c-8ec6-0ddbb1df3be7; expires=Sat, 29-Oct-2022 20:29:19 GMT; Max-Age=2592000; path=/; domain=silverlinetogther.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
cdn.weatherplllatform.com/events.js?v=2.141
91.211.91.114200 OK 0 B URL HTTP/2 cdn.weatherplllatform.com/events.js?v=2.141
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
GET /events.js?v=2.141 HTTP/1.1
Host: cdn.weatherplllatform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:17 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 26 Sep 2022 14:49:44 GMT
vary: Accept-Encoding
etag: W/"6331bc08-920"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2
browork3er.cc/sw/bro.js
51.15.16.150200 OK 0 B IP 51.15.16.150:0
GET /sw/bro.js HTTP/1.1
Host: browork3er.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://silverlinetogther.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 20:29:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Fri, 29 Sep 2023 20:29:19 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2
IP 142.250.74.10:0
GET /css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%2C800%7CPoppins%3A300%2C400%2C400i%2C500%2C600%2C700%2C800%2C900&display=swap&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.hegodev.com
Connection: keep-alive
Referer: https://www.hegodev.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 29 Sep 2022 20:29:15 GMT
date: Thu, 29 Sep 2022 20:29:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2