firefox.settings.services.mozilla.com/v1/
13.224.222.54200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 13.224.222.54:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 02 Oct 2022 19:03:14 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 cccbced9d09951cf2e947066c4fc2442.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-C2
X-Amz-Cf-Id: pcf9sPRE9oS-WoKzDSSOaTHJIGPuuvPjBRiI_Go8HEiisrRyz0deow==
Age: 3432
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5700
Expires: Sun, 02 Oct 2022 21:35:26 GMT
Date: Sun, 02 Oct 2022 20:00:26 GMT
Connection: keep-alive
dealstoheal.com/?p=40549
162.241.216.62301 Moved Permanently 240 B IP 162.241.216.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3454511093dbe301caf85b1b52219b67
13e6b2bf5daf0f5b59748bb16ad02676bfd18ab3
2630d419efe6efb2f841992e7602d1fd1200439b7a443cf30f31ba79984d57a0
Analyzer Verdict Alert fortinet Phishing
GET /?p=40549 HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 02 Oct 2022 20:00:26 GMT
Server: Apache
Location: https://dealstoheal.com/?p=40549
Cache-Control: max-age=300
Expires: Sun, 02 Oct 2022 20:05:26 GMT
Content-Length: 240
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
13.224.222.16200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 13.224.222.16:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 03:33:17 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6b08baae6d8fdc124eeea9f6d807fa9a.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-C2
x-amz-cf-id: Cfdc4VUyqBxkR2O4v5Qut0nIyIRpbXB5kbqRDRHBTt3LMS_lHxPX4w==
age: 59230
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 20:00:26 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
13.224.222.54200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 13.224.222.54:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sun, 02 Oct 2022 19:32:53 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sun, 02 Oct 2022 19:44:56 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 b6a92d65d66a7dd6d685a94e79bd1aba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-C2
X-Amz-Cf-Id: t_JBm_OxyRaAbOdt-mTmv6Bpt1edt8D2EPq_5baSM3acmPROoaVglA==
Age: 1653
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 44e113d5e577fba6bb129e5f17ca8763
3e02bcfe0f25c52d6f822ff4f0d7178295743a93
385c484505c87d8621686e27980b74d14fed8477158aa4a94dca19ef5505f5f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "385C484505C87D8621686E27980B74D14FED8477158AA4A94DCA19EF5505F5F0"
Last-Modified: Sat, 01 Oct 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21581
Expires: Mon, 03 Oct 2022 02:00:07 GMT
Date: Sun, 02 Oct 2022 20:00:26 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4eb30b4a4234809cf7d5f89fa1f6ceeb
797242aab2f13c820050aa9accd11b7b950cd177
ce9d833a0ac321a908184b655d6632c481f758a04a9c936a7c303bb253444146
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3552
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:00:26 GMT
Last-Modified: Sun, 02 Oct 2022 19:01:14 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.165.41.15101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.41.15:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ehFgOuFcmLLEPLtIQoWzXA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iUvImfLfgKvwqNAzmOQIAE4stsI=
dealstoheal.com/?p=40549
162.241.216.62301 Moved Permanently 0 B IP 162.241.216.62:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /?p=40549 HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-pingback: https://dealstoheal.com/xmlrpc.php
x-redirect-by: WordPress
set-cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731; path=/
location: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 02 Oct 2022 20:00:26 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3827
Expires: Sun, 02 Oct 2022 21:04:15 GMT
Date: Sun, 02 Oct 2022 20:00:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3827
Expires: Sun, 02 Oct 2022 21:04:15 GMT
Date: Sun, 02 Oct 2022 20:00:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3827
Expires: Sun, 02 Oct 2022 21:04:15 GMT
Date: Sun, 02 Oct 2022 20:00:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3827
Expires: Sun, 02 Oct 2022 21:04:15 GMT
Date: Sun, 02 Oct 2022 20:00:28 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9dddb9d84a16a3004821d89836b83dc3
087521979efd5936416fd7f030779fa5725f0a8f
a6251ac43958031d765b5743d43e14bc04b1e465bed81f757c3609ee6f2bea66
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6871
x-amzn-requestid: e1fdb2ee-c0e7-4a0c-ae26-d968aef00503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEIOGp2IAMFxSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ce-24b26a8048ffd84071a2ad57;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:30 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -svKnYBuiMSdWObzJyNah9TDIi6IuPP6VMzEJWmn0zxoZbFmwpzkJw==
via: 1.1 c07670802688417c8b871124c547eb0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
age: 79613
etag: "087521979efd5936416fd7f030779fa5725f0a8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6047192460abf4afd600948abb5e6ee1
6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4
d1fd21a5913f6831d2128c8e9e84767d9730bf9e779da5395dc31b82a10e32e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9340
x-amzn-requestid: e892265e-836d-4638-871f-0548eda57745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf8FCEoAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-7f39bb92066a75a90868dd03;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Sk1Dahp1gliiBIghSCZselE7-Fy45svrCk7TdmunOwNefSNqY1P1jA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:47:23 GMT
age: 79985
etag: "6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash edded48f558f739287a040151349ef67
d63b6ba630736d32c364b0e6a369274b2389b7ff
33b4a459df0ba7b36b907ba96d74e08660cc75640c42a5748b97d18ec2e9d533
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11083
x-amzn-requestid: 53e2c961-bcc0-4977-8648-ee3c1aed9cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHRFWfIAMFhlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3c7-070212d7386d5efa1b4aa8d3;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1KmxHJh9QNfg5x0enkqOjbmiqHvg7nlQiMnuDuCRNWQUBFEiKELbw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:53:35 GMT
etag: "d63b6ba630736d32c364b0e6a369274b2389b7ff"
content-type: image/jpeg
age: 79613
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 04:41:39 GMT
age: 55129
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11f2e40823827b62bca89d18ee279cb2
fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38
c7811cb947483a033f31ff1e93b813f1bbc49b03ed78fcedab2090c71e5c4d1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: e83a86d3-f5ab-4645-92df-4b2da3d4afa3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDgmFdlIAMFzQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2d0-48c3fa150800475c790b95bd;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: f1aqkuvCub_vq9gBDgA4VL8hNf16FXzXhQjSHC1yDLISm85uOqJF9w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:54:50 GMT
etag: "fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38"
content-type: image/jpeg
age: 79538
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 463bdcfbec5426e18ecef83b1c373b71
2e533332ee5c49143e58dad32ee3717a39179532
2c40befd28781482b9be249a792571612d68d7045324083d2c832fa5ec42f04b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4987
x-amzn-requestid: 763edd04-7f8d-42ae-8864-482be3549958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHpFs4oAMFbqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ca-2f7b67e85aa83b69183e62b5;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Zoggf30lA-Kvt5QYa-IdhGePHCNiphR7pfFiOaFvL8ZkWZIaiK4pA==
via: 1.1 f4367b41311e3e9a490d7461b7b85490.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:54:45 GMT
etag: "2e533332ee5c49143e58dad32ee3717a39179532"
content-type: image/jpeg
age: 79543
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ec57a9edaee540aefec9f68ea5c1d015
8d4c2f4bb56a5be4915acc7bab054f74d579a3bd
49994c62c7023844620385f9934ee9e4a88b177f5241a2c037d4205dfb6c2eaf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2064
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:00:28 GMT
Last-Modified: Sun, 02 Oct 2022 19:26:05 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6abe76ca28fe176c44e7475b1d5c93fb
a4a87a771c6f081e5dae3499c090551c6dd31acb
451a8f3a3e654355467b434976022b84820c25b54f7b78472635c7dc3241423f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:00:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 83f9407574c75ca600c57af0637cb200
4ebabbc1900b8f575e90186e2024e48097b0c8d2
1e166ac737e5c3c015e0dc0c68115ebc5eeb53958682a9b77928ddb647137ac1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:00:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-81539906-11
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-81539906-11
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash f0c8865b40ffb1b5a70b2231bb11926e
8bb98b4c8340d342dadcf4d0a3cd7e442384bd4d
744f75b973f4153c26b3e832c74050c32652fe193418bba6e3442cb9e9e575a0
GET /gtag/js?id=UA-81539906-11 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 02 Oct 2022 20:00:29 GMT
expires: Sun, 02 Oct 2022 20:00:29 GMT
cache-control: private, max-age=900
last-modified: Sun, 02 Oct 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42365
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
platform.twitter.com/widgets.js
192.229.233.25200 OK 29 kB URL HTTP/1.1 platform.twitter.com/widgets.js
IP 192.229.233.25:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 4022ee7b53654f65608ad9a3ba759687
cc243d089a8a77c0a7123434746ea36b054634dd
7af6243905b2256cb4f8fe0e77386c274592c322fb23b11784ecf86d250c7e09
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 643
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Sun, 02 Oct 2022 20:00:29 GMT
Etag: "f26384f93da6974ed577808dfa1fede5+gzip"
Last-Modified: Wed, 28 Sep 2022 20:05:37 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
x-amzn-internal-status: 304
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 29223
maps.googleapis.com/maps/api/js?v=3.exp&libraries=places&key=AIzaSyDLYiliZpJytag3NoM2lGC-Im-v_TAWIMQ&ver=6.0.2
172.217.21.170200 OK 56 kB URL HTTP/2 maps.googleapis.com/maps/api/js?v=3.exp&libraries=places&key=AIzaSyDLYiliZpJytag3NoM2lGC-Im-v_TAWIMQ&ver=6.0.2
IP 172.217.21.170:0
File type ASCII text, with very long lines (2462)
Hash d5a97642ff49f7c39978efb88f1d8277
7dec4faf7e32eff379fc7f2e81ed65cad68b7e08
ede32eafcf5f3c4d4395fb306ec4b85da696537a31d13877a4aa5fab6c928606
GET /maps/api/js?v=3.exp&libraries=places&key=AIzaSyDLYiliZpJytag3NoM2lGC-Im-v_TAWIMQ&ver=6.0.2 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
date: Sun, 02 Oct 2022 20:00:29 GMT
expires: Sun, 02 Oct 2022 20:30:29 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 56246
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Templatic-MegaMenu/includes/megamenu_style.css
162.241.216.62200 OK 1.2 kB URL HTTP/2 dealstoheal.com/wp-content/plugins/Templatic-MegaMenu/includes/megamenu_style.css
IP 162.241.216.62:0
File type ASCII text, with CRLF line terminators
Hash a74ebd9c49368dd910cfd6f93c43d5b6
042de4b7741f8c5036d2a52bc95ee7e994c81a96
daf5c487b3796bb9003ecff056716a7ad12abd1b71eff700306b5678510eb368
GET /wp-content/plugins/Templatic-MegaMenu/includes/megamenu_style.css HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:28:55 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 01 Nov 2022 20:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1211
content-type: text/css
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution-Directory/css/print.css
162.241.216.62200 OK 2.7 kB URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution-Directory/css/print.css
IP 162.241.216.62:0
File type ASCII text, with CRLF line terminators
Hash 5a847c64a8195f326b1eefbe5366e169
68b5e7ff116a27b1c709df0a8434952b16530291
44d7906686a7ff2525230a5dc880e7ca4456cee83fabc4712d85d97aaab06332
GET /wp-content/plugins/Tevolution-Directory/css/print.css HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:18:46 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 01 Nov 2022 20:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 2691
content-type: text/css
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2d3925dad8ae1248c7b5d96220bd00a
8b6326da45860d5f480504e23864de0c28523b61
421d30a538dc347afc7fc8eee0fa6502aa65d789eb2353eb9c9f8bd0c5f3b3d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:00:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 165b2dbf56e36edf32811cc7eea70f58
f9e101da2c4f0f6dcca9cb9d0b36a7b77ef3114e
fcd8956f2d96a85e696ee4ba5eb8d575ad3319bc84c543188f3997ea1079c4e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:00:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dealstoheal.com/wp-includes/js/jquery/jquery-migrate.min.js
162.241.216.62200 OK 4.6 kB URL HTTP/2 dealstoheal.com/wp-includes/js/jquery/jquery-migrate.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 09 Dec 2020 10:18:11 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4618
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
demo.templatic.com/images/images/20130903093522_profile7.png
104.21.12.5200 OK 56 kB URL HTTP/2 demo.templatic.com/images/images/20130903093522_profile7.png
IP 104.21.12.5:0
File type PNG image data, 352 x 352, 8-bit colormap, non-interlaced\012- data
Hash ffb9c958ed83fb9f5cfb94bc0e92beb9
a76b9fe34362cc753ccb6c56ddbf86cac270a575
eaa712429cdcf9fe0ac86650587196725ad2273521a8da58c9dc844946e48bed
GET /images/images/20130903093522_profile7.png HTTP/1.1
Host: demo.templatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 20:00:29 GMT
content-type: image/png
content-length: 56204
last-modified: Tue, 07 Jun 2016 10:54:46 GMT
etag: "5756a7f6-db8c"
expires: Tue, 05 Sep 2023 16:49:51 GMT
cache-control: max-age=31536000
x-powered-by: EasyEngine 3.3.15
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A3HkYURFZpE148YJoS5QEBcDg2Yv2Y2L%2BGyivxBjmw36f2%2BtSBRMHhgkC4fDrWTBSyU5phz7BL1LJv%2Fc2M3VziF%2B7T4YlHH2hNB0TCcKSjJiRTjeUt1scpzQEOMoUD5yQdObTmU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 754006463f920b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
13.224.222.74200 OK 68 kB URL HTTP/1.1 downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js
IP 13.224.222.74:0
File type ASCII text, with very long lines (65526)
Hash 4ed0ae25b371cdb5fa9c473a264d881c
a367d6ed19e822cb4f8cf98afd10ef164dbfd974
aa5464001eb2fbf2f2ac8efe7615b98e779a2897ba1c97fecbf1a2ce7076f17c
GET /js/signup-forms/popup/unique-methods/embed.js HTTP/1.1
Host: downloads.mailchimp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 15:39:29 GMT
Server: AmazonS3
Content-Encoding: br
Date: Sun, 02 Oct 2022 04:37:51 GMT
ETag: W/"9bde2ccaf139cf2da1ae5da44c10490e"
X-Cache: Hit from cloudfront
Via: 1.1 bd7e039818f6bd12ba37b73d719c6730.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-C2
X-Amz-Cf-Id: pF6QbyBkgxBG2NQvEMDXsOQAiJ56QjaUoHL6yUJFUATJCssOeNHAfw==
Age: 55362
Vary: Accept-Encoding, Origin
dealstoheal.com/wp-includes/css/dist/block-library/style.min.css
162.241.216.62200 OK 17 kB URL HTTP/2 dealstoheal.com/wp-includes/css/dist/block-library/style.min.css
IP 162.241.216.62:0
File type ASCII text, with very long lines (43771)
Hash 2a67a4888baa44de739f3fe56203ce07
da175eae57f26b655747d79f055477e3fee1abb9
3a4d7627476a0099ca4bcc101685f27de04cb49dd66ef842d72c6cda270599dd
GET /wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 13 Jul 2022 09:17:38 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 01 Nov 2022 20:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 16594
content-type: text/css
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Templatic-MegaMenu/includes/jquery.megamenu.1.2-mini.js
162.241.216.62200 OK 1.8 kB URL HTTP/2 dealstoheal.com/wp-content/plugins/Templatic-MegaMenu/includes/jquery.megamenu.1.2-mini.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (4628), with no line terminators
Hash 097b7ef8904e34d02417285f996f5d53
0d5eef2650bbbaccb2fa62b8786f215c05a34bf4
86b6959fcce2a045f52b97bdc18eacca0cb6833d7e358445267c38e82ca120b4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Templatic-MegaMenu/includes/jquery.megamenu.1.2-mini.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:28:55 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1781
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/themes/Directory/css/responsive.css
162.241.216.62200 OK 5.7 kB URL HTTP/2 dealstoheal.com/wp-content/themes/Directory/css/responsive.css
IP 162.241.216.62:0
File type ASCII text, with very long lines (844), with CRLF line terminators
Hash 743fe70511901f1437d19cb449f218d4
8ea68af50c18f9f68e753c23dbeb4b5ea71436d1
3d3d64132973cfef8c52fc756a5dfb58af4229ac13994100ea17fd1e84f7a907
GET /wp-content/themes/Directory/css/responsive.css HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Mar 2020 18:17:39 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 01 Nov 2022 20:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 5690
content-type: text/css
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/themes/Directory/js/sticky_city.js
162.241.216.62200 OK 172 B URL HTTP/2 dealstoheal.com/wp-content/themes/Directory/js/sticky_city.js
IP 162.241.216.62:0
File type ASCII text, with CRLF line terminators
Hash f7aa1a499a8c2d4a85b9c013f58b4f11
d40f0c704a01ac7a98a592a1c81fb00eb7bb6d65
98a4f231c43eed28f3dedb4f1195674efd43f19086412ea6e14267ef2520820b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/Directory/js/sticky_city.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Mar 2020 18:17:44 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 172
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution-LocationManager/js/location_script.min.js
162.241.216.62200 OK 2.6 kB URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution-LocationManager/js/location_script.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (10165), with no line terminators
Hash 497e7f4cf85a313d5cd54f81ac26bfa1
e8b91f29a6712ff1300a2e7b1a81c80c951c0b8a
018f98f648ed4b96a9863d0cd64556515dee1f9e2d74ae37c1dbc35b9fdb1666
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Tevolution-LocationManager/js/location_script.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:18:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 2648
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
kit.fontawesome.com/7eb194c23f.js
104.18.23.52200 OK 4.7 kB URL HTTP/2 kit.fontawesome.com/7eb194c23f.js
IP 104.18.23.52:0
File type ASCII text, with very long lines (10594)
Hash 0d503e421ff0b5b6a613a25675a2fbb6
44f0ed7596f183612a7450afd723a4620f60b910
716819f9686662bea8a0161d7fed2257ed0c049cbe10ada445d94c6203d5499e
GET /7eb194c23f.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 20:00:29 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FxpY9r4FizQ-A9diPuTB
cf-cache-status: MISS
server: cloudflare
cf-ray: 754006454a240b55-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/jquery/ui/menu.min.js
162.241.216.62200 OK 3.7 kB URL HTTP/2 dealstoheal.com/wp-includes/js/jquery/ui/menu.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (9937)
Hash 1dda18e21d9550b614100bf08ebfdf74
3562e07f4c77598626e00e991963b52d2c3f2980
93d0cf78bed2a6d76993520389796f137552e864a72b32fdfa85cf6c477b8514
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/ui/menu.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 3666
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js
162.241.216.62200 OK 2.7 kB URL HTTP/2 dealstoheal.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (6475), with no line terminators
Hash 45bd1d6f7fc3a4069fc6fd400b90c961
903c7e28c7141e9fc1bdb4dfc62d043a97a01e2d
c638a0057b4be0a61cfb65b1860a855a327397e9871f5dde28fa2f138fb394dc
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 2675
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/jquery/ui/core.min.js
162.241.216.62200 OK 8.2 kB URL HTTP/2 dealstoheal.com/wp-includes/js/jquery/ui/core.min.js
IP 162.241.216.62:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash a0a1c8194f131320e1798f90a7b1262a
3346d35be1f2e4886f19e7fcc0cc96ee4753d9ed
7f618ab13cec0933ec2c61fa2b580ad77ca41522028649677494219fa9ce56db
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/ui/core.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 8169
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-generalization/js/lazy-load.js
162.241.216.62200 OK 456 B URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-generalization/js/lazy-load.js
IP 162.241.216.62:0
Hash 5daeebb5f46e5ced5edcc5085e423da5
19ec1466765056a313a239ad57dbfc72dd6e1610
59f4e79237f2c25c3967aa7197cae7605fd1ba1a9e5d0988c6e44c1062603561
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-generalization/js/lazy-load.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:18:46 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 456
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/dist/dom-ready.min.js
162.241.216.62200 OK 331 B URL HTTP/2 dealstoheal.com/wp-includes/js/dist/dom-ready.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (463)
Hash ba2b50662c393ff6ba69961f66b24d5d
d5694f33b1072b13fc4c3989e90252c0b28030a2
79ad638f020827a6db341526b430e65459aa712bfbdcabf28bb013c6b2c715e9
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/dom-ready.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 331
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/themes/Directory/library/images/process.gif
162.241.216.62200 OK 2.2 kB URL HTTP/2 dealstoheal.com/wp-content/themes/Directory/library/images/process.gif
IP 162.241.216.62:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 67f40a30bfa13743e5c4e86bfa467a90
419fe86215e5188a1780ce3fb8d8254e78bdec7e
c5ca319c8d9f8105e1390cef50ee4502e0182715ce480d6aee3ad559f0bcb2cc
GET /wp-content/themes/Directory/library/images/process.gif HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Mar 2020 18:17:44 GMT
accept-ranges: bytes
content-length: 2193
cache-control: max-age=31536000
expires: Mon, 02 Oct 2023 20:00:29 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/gif
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/uploads/2020/03/deals-to-heal-logo-01-1-250x165.jpg
162.241.216.62200 OK 8.1 kB URL HTTP/2 dealstoheal.com/wp-content/uploads/2020/03/deals-to-heal-logo-01-1-250x165.jpg
IP 162.241.216.62:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 250x165, components 3\012- data
Hash 12ae33138411a2aa403c7dbbc41a02a8
a01218211e88186370ce0a58ee166be984de356a
65f529322ccd4a872c0c28abd32717e4f4ca4ca5e3d4bfbbe2dd9a416f96df22
GET /wp-content/uploads/2020/03/deals-to-heal-logo-01-1-250x165.jpg HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 22:15:31 GMT
accept-ranges: bytes
content-length: 8073
cache-control: max-age=31536000
expires: Mon, 02 Oct 2023 20:00:29 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/dist/hooks.min.js
162.241.216.62200 OK 1.7 kB URL HTTP/2 dealstoheal.com/wp-includes/js/dist/hooks.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (4875)
Hash 6a452794a68bc140a53b30519b94edf6
68046f5611ba3cf5da1c46087609aff18f59fdc1
259990a9e6191a72a51ac9d038d0c52bb56d880a2b0d460b1fca3f3fee7961ed
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/hooks.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:49 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1712
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/comment-reply.min.js
162.241.216.62200 OK 1.5 kB URL HTTP/2 dealstoheal.com/wp-includes/js/comment-reply.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (2946)
Hash 92712acce6ce836d0a929b1800b4f9d6
8157d1380bb1d6dadfd85565dd464bb5b0ed06bd
2f82d181a2cadadf7d898d7f5ea2eb527106fb6413044b55fbfa4fb0081a2e09
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/comment-reply.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 1477
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/jquery/ui/autocomplete.min.js
162.241.216.62200 OK 3.4 kB URL HTTP/2 dealstoheal.com/wp-includes/js/jquery/ui/autocomplete.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (8339)
Hash 11f4c6b39049f5f99fffa84fbe7db4f9
37e5526e34d4e465f4b646e94e6cd4846664f974
2cf8e5a67fbc058c9abe066e1d432ed720a02a0ed09ee255600c1a520a1b964e
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/ui/autocomplete.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 3432
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/dist/a11y.min.js
162.241.216.62200 OK 999 B URL HTTP/2 dealstoheal.com/wp-includes/js/dist/a11y.min.js
IP 162.241.216.62:0
File type Unicode text, UTF-8 text, with very long lines (2472)
Hash 05e2ccec781ae289719bb26320d5cc40
60f3adc6dccea4df940d0f1579b83b06e715d0ed
1242f50bffe2d7745a712e1702f3f26a58d955fc110abf58599730fb6380a91c
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/a11y.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:49 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 999
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-generalization/js/basic.js
162.241.216.62200 OK 5.0 kB URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-generalization/js/basic.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (10078), with CRLF line terminators
Hash 4485508fb930f9b3fd57e4b8120fa005
2e9574339fed7456efa2fe52818727171595bb7b
b2012fecdc92c873a907df4b748d83f02d81e3f3c8c71929a7625b396b62c4db
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-generalization/js/basic.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:18:46 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 5046
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/jquery/ui/tabs.min.js
162.241.216.62200 OK 4.8 kB URL HTTP/2 dealstoheal.com/wp-includes/js/jquery/ui/tabs.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (11760)
Hash 4af14b203f9813b040aea697cea02b02
681533e342bf32a0da3331c5806bb58dff5cdcf4
13e8ccf22646def4ed18be46dcb2dcef91900d52d26afb651c9c66dcb74ca649
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/ui/tabs.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4756
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/dist/i18n.min.js
162.241.216.62200 OK 4.2 kB URL HTTP/2 dealstoheal.com/wp-includes/js/dist/i18n.min.js
IP 162.241.216.62:0
Hash a72df5f7a597c541e18a33abef3c11f5
9500913a0a3fca9979a0aed9cb745926d9f86f83
258da631753c1d8d88fb1316024b671fa4a9ac87c9d6c4f38a45bc2c3bf9f3fc
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/i18n.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 4234
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/wp-emoji-release.min.js
162.241.216.62200 OK 5.3 kB URL HTTP/2 dealstoheal.com/wp-includes/js/wp-emoji-release.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-emoji-release.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 5321
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution/js/jquery.uploadfile.js
162.241.216.62200 OK 6.2 kB URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution/js/jquery.uploadfile.js
IP 162.241.216.62:0
File type ASCII text, with CRLF line terminators
Hash 1c71dd036364d255ca76d3bbd68bffc0
5c984555e358ba0b952b3ff2716c40c1af166bff
3f258756e92208c83896209c233c2030b58405809f56ad2ab8152b4b80c9f54d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Tevolution/js/jquery.uploadfile.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:18:39 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 6240
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/dist/vendor/wp-polyfill.min.js
162.241.216.62200 OK 8.3 kB URL HTTP/2 dealstoheal.com/wp-includes/js/dist/vendor/wp-polyfill.min.js
IP 162.241.216.62:0
File type Unicode text, UTF-8 text, with very long lines (19138), with no line terminators
Hash e49f0561a452c9d04fb7d1510a23cc8c
9e8fc2e3129da4fe2790eee565a6478b864bea83
ab4f9f418b022ab34d617ee2f95d70afff005ed4d4d92e313ce84a56b40bce75
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 21:32:50 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 8254
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution/js/tevolution-script.min.js
162.241.216.62200 OK 14 kB URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution/js/tevolution-script.min.js
IP 162.241.216.62:0
File type ASCII text, with very long lines (37262), with no line terminators
Hash 989976348aa3028e72ae1a06866016c4
4b2b1f929d421506078ec440fe95a657469f9163
dba0f1d084f50741233bf6e0b4abd95bdaa6cb3ad9d05dc8c3700fac4687bca4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Tevolution/js/tevolution-script.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:18:39 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 14086
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
box5382.temp.domains/~mdtaasco/dealstoheal/wp-content/plugins/Tevolution-LocationManager/images/flags/us.png
162.241.216.62200 OK 502 B URL HTTP/1.1 box5382.temp.domains/~mdtaasco/dealstoheal/wp-content/plugins/Tevolution-LocationManager/images/flags/us.png
IP 162.241.216.62:0
File type PNG image data, 18 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash ab347ae5be9857bf2cd91fc8203ff20c
136ee4ffb05ee0c980c4beae0bc45abe8c103a2f
84554ad84b590aa4d161301d4abb95d5d3b7013f38bbb0c02ba0d506ce3c548e
GET /~mdtaasco/dealstoheal/wp-content/plugins/Tevolution-LocationManager/images/flags/us.png HTTP/1.1
Host: box5382.temp.domains
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:00:29 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 29 Mar 2020 21:18:50 GMT
Accept-Ranges: bytes
Content-Length: 502
Cache-Control: max-age=31536000
Expires: Mon, 02 Oct 2023 20:00:29 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=75
Content-Type: image/png
malsup.github.io/jquery.form.js?_=1664740829421
185.199.110.153200 OK 12 kB URL HTTP/2 malsup.github.io/jquery.form.js?_=1664740829421
IP 185.199.110.153:0
Hash 66e988165ab37a3b60f0928f40bd67da
8eaadb4a1f891ab5c6249c474340ca8024abc300
ba3122f330907b024e53d381793013aae1a98fe82bf758610450eae958c52995
GET /jquery.form.js?_=1664740829421 HTTP/1.1
Host: malsup.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Sun, 03 May 2015 16:16:14 GMT
access-control-allow-origin: *
etag: W/"554649ce-ab74"
expires: Wed, 14 Sep 2022 00:28:48 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: HIT
x-github-request-id: 0800:081B:922228:C1F370:63211F17
accept-ranges: bytes
date: Sun, 02 Oct 2022 20:00:29 GMT
via: 1.1 varnish
age: 480
x-served-by: cache-bma1640-BMA
x-cache: HIT
x-cache-hits: 14
x-timer: S1664740830.860908,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: a6833aad0710d91f025df5ffd17b1f1f87bda937
content-length: 12365
X-Firefox-Spdy: h2
box5382.temp.domains/~mdtaasco/dealstoheal/wp-content/uploads/2020/03/deals-to-heal-logo-e1585556941569.png
162.241.216.62200 OK 20 kB URL HTTP/1.1 box5382.temp.domains/~mdtaasco/dealstoheal/wp-content/uploads/2020/03/deals-to-heal-logo-e1585556941569.png
IP 162.241.216.62:0
File type PNG image data, 895 x 222, 8-bit/color RGBA, non-interlaced\012- data
Hash bca928cfbc25e7e27b978c9aa1dde97c
c564a733300b6f03d136d6394ef6a0d6f1633dec
31e03eba7169d3bfea4588781efb25c43c5803fec6d72c2c3ecfeb8a2ef10a31
GET /~mdtaasco/dealstoheal/wp-content/uploads/2020/03/deals-to-heal-logo-e1585556941569.png HTTP/1.1
Host: box5382.temp.domains
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 20:00:29 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 30 Mar 2020 08:29:01 GMT
Accept-Ranges: bytes
Content-Length: 19616
Cache-Control: max-age=31536000
Expires: Mon, 02 Oct 2023 20:00:29 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=75
Content-Type: image/png
platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fdealstoheal.com
192.229.233.25200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fdealstoheal.com
IP 192.229.233.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash 800140747b9eaa618eb76779a72b8653
9b01fddea24a63b76d645398229523baae849fae
b4bc244dee0f2df26990afae0ccd9297f203e9757bc0a18445793ef4bb678dd2
GET /widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fdealstoheal.com HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 251750
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sun, 02 Oct 2022 20:00:30 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 28 Sep 2022 20:04:27 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F704)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
dealstoheal.com/wp-content/themes/Directory/js/_supreme.min.js
162.241.216.62200 OK 26 kB URL HTTP/2 dealstoheal.com/wp-content/themes/Directory/js/_supreme.min.js
IP 162.241.216.62:0
Hash 712c5fcf0c2c22756865d28a72884bc1
f7a6e63ad4c703546411e1047059fe3843e70616
c92eeff3364af99e75a4a93a3329cfc76ecac70d9d79bf17bfbfdf28907a24e7
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/Directory/js/_supreme.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Mar 2020 18:17:44 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fdealstoheal.com&wmode=transparent
192.229.233.25200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fdealstoheal.com&wmode=transparent
IP 192.229.233.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash 800140747b9eaa618eb76779a72b8653
9b01fddea24a63b76d645398229523baae849fae
b4bc244dee0f2df26990afae0ccd9297f203e9757bc0a18445793ef4bb678dd2
GET /widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fdealstoheal.com&wmode=transparent HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 250207
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sun, 02 Oct 2022 20:00:30 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 28 Sep 2022 20:04:27 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F6FD)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
dealstoheal.com/wp-content/themes/Directory/images/dot.png
162.241.216.62200 OK 95 B URL HTTP/2 dealstoheal.com/wp-content/themes/Directory/images/dot.png
IP 162.241.216.62:0
File type PNG image data, 4 x 4, 8-bit colormap, non-interlaced\012- data
Hash f1641b572908d7cd99694ef5d02d63fa
39061fb253690a0142ddcbde730239009ad3d97e
2e1f5d762c12173a3121e44e4b3a6d4636d48204bd5bdd66e51f8fc530618a0f
GET /wp-content/themes/Directory/images/dot.png HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/wp-content/themes/Directory/css/style.css
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Mar 2020 18:17:44 GMT
accept-ranges: bytes
content-length: 95
cache-control: max-age=31536000
expires: Mon, 02 Oct 2023 20:00:30 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/png
date: Sun, 02 Oct 2022 20:00:30 GMT
server: Apache
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=047b33e64dbcb0066fde6b7581aaad2145d4df44
104.244.42.72200 OK 323 B URL HTTP/2 syndication.twitter.com/settings?session_id=047b33e64dbcb0066fde6b7581aaad2145d4df44
IP 104.244.42.72:0
File type JSON data\012- , ASCII text, with very long lines (770), with no line terminators
Hash 136d5ac4ceb5e1973a889a7c7c44133c
b260cbd1eda60550f4b6d63d6ab7222a30101eaf
05a670a0c765e49d5e0d39031bdf7754493f0644e68cdf1c8ed5db2d0fc1730d
GET /settings?session_id=047b33e64dbcb0066fde6b7581aaad2145d4df44 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 20:00:29 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Sun, 02 Oct 2022 20:00:30 GMT
content-length: 323
content-encoding: gzip
x-transaction-id: aba760188c1bbc96
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 107
x-connection-hash: 91cd8868503ee45c2afdb0fc91d5219cb10248dfbe7609051274d1ee9aba582f
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution//tmplconnector/sharrre.php?url=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&type=googlePlus
162.241.216.62200 OK 40 B URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution//tmplconnector/sharrre.php?url=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&type=googlePlus
IP 162.241.216.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash a37ac038ed3ca967ba0698cbd9e90b15
36ef54b7e4fb9b66ed423c050471646b26c6d3bc
c795a5a00fe78d23e8f69b667447b7bebdbe5a0eb5d69743d709613f30b6e0fe
GET /wp-content/plugins/Tevolution//tmplconnector/sharrre.php?url=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&type=googlePlus HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 40
content-type: application/json
date: Sun, 02 Oct 2022 20:00:30 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution//tmplconnector/sharrre.php?url=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&type=pinterest
162.241.216.62200 OK 40 B URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution//tmplconnector/sharrre.php?url=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&type=pinterest
IP 162.241.216.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash a37ac038ed3ca967ba0698cbd9e90b15
36ef54b7e4fb9b66ed423c050471646b26c6d3bc
c795a5a00fe78d23e8f69b667447b7bebdbe5a0eb5d69743d709613f30b6e0fe
GET /wp-content/plugins/Tevolution//tmplconnector/sharrre.php?url=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&type=pinterest HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 40
content-type: application/json
date: Sun, 02 Oct 2022 20:00:30 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution/tmplconnector/sharrre.php?url=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&type=facebook
162.241.216.62200 OK 40 B URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution/tmplconnector/sharrre.php?url=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&type=facebook
IP 162.241.216.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash a37ac038ed3ca967ba0698cbd9e90b15
36ef54b7e4fb9b66ed423c050471646b26c6d3bc
c795a5a00fe78d23e8f69b667447b7bebdbe5a0eb5d69743d709613f30b6e0fe
GET /wp-content/plugins/Tevolution/tmplconnector/sharrre.php?url=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&type=facebook HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-length: 40
content-type: application/json
date: Sun, 02 Oct 2022 20:00:30 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72e8c21988f5ecd736fde162321f0984
4bb9f82a2f6114b344600d920f91f1cc9260bc42
326533b2b3a8b24f0b21dbe9b94e5d9086f862ad74a1d01942fb829dff0352f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3758
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:00:31 GMT
Last-Modified: Sun, 02 Oct 2022 18:57:53 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sun, 02 Oct 2022 18:41:09 GMT
expires: Sun, 02 Oct 2022 20:41:09 GMT
cache-control: public, max-age=7200
age: 4762
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j97&a=879636684&t=pageview&_s=1&dl=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&ul=en-us&de=UTF-8&dt=Chickeninvaders6fullversiontpb%20%5BBEST%5D%20%F0%9F%94%8D&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAAC~&jid=889137647&gjid=1700374995&cid=1747654960.1664740831&tid=UA-81539906-11&_gid=1786664419.1664740831&_r=1>m=2ou9s0&z=1446867219
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j97&a=879636684&t=pageview&_s=1&dl=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&ul=en-us&de=UTF-8&dt=Chickeninvaders6fullversiontpb%20%5BBEST%5D%20%F0%9F%94%8D&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAAC~&jid=889137647&gjid=1700374995&cid=1747654960.1664740831&tid=UA-81539906-11&_gid=1786664419.1664740831&_r=1>m=2ou9s0&z=1446867219
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j97&a=879636684&t=pageview&_s=1&dl=https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F&ul=en-us&de=UTF-8&dt=Chickeninvaders6fullversiontpb%20%5BBEST%5D%20%F0%9F%94%8D&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YEBAAUABAAAAAC~&jid=889137647&gjid=1700374995&cid=1747654960.1664740831&tid=UA-81539906-11&_gid=1786664419.1664740831&_r=1>m=2ou9s0&z=1446867219 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://dealstoheal.com
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://dealstoheal.com
date: Sun, 02 Oct 2022 20:00:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
graph.facebook.com/fql?q=SELECT%20url,%20normalized_url,%20share_count,%20like_count,%20comment_count,%20total_count,commentsbox_count,%20comments_fbid,%20click_count%20FROM%20link_stat%20WHERE%20url=%27https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F%27&callback=jQuery36008449868180760105_1664740829422&_=1664740829423
31.13.72.8200 OK 302 B URL HTTP/2 graph.facebook.com/fql?q=SELECT%20url,%20normalized_url,%20share_count,%20like_count,%20comment_count,%20total_count,commentsbox_count,%20comments_fbid,%20click_count%20FROM%20link_stat%20WHERE%20url=%27https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F%27&callback=jQuery36008449868180760105_1664740829422&_=1664740829423
IP 31.13.72.8:0
Hash cb3759f15cef359e6354c77a4c2e166c
15b852cd0ea007df89591942ba12d9297704f3be
c76394cba80921c8ecd999818555e6082198bd31c2061c56cb27c3859c57b4f1
GET /fql?q=SELECT%20url,%20normalized_url,%20share_count,%20like_count,%20comment_count,%20total_count,commentsbox_count,%20comments_fbid,%20click_count%20FROM%20link_stat%20WHERE%20url=%27https%3A%2F%2Fdealstoheal.com%2Fchickeninvaders6fullversiontpb-best%2F%27&callback=jQuery36008449868180760105_1664740829422&_=1664740829423 HTTP/1.1
Host: graph.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
vary: Origin, Accept-Encoding
access-control-allow-origin: *
x-fb-rlafr: 0
content-type: text/javascript; charset=UTF-8
www-authenticate: OAuth "Facebook Platform" "invalid_request" "Unsupported get request. Object with ID 'fql' does not exist, cannot be loaded due to missing permissions, or does not support this operation. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api"
facebook-api-version: v8.0
strict-transport-security: max-age=15552000; preload
pragma: no-cache
cache-control: no-store
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-fb-request-id: A7J_xc6mf7SOBq_zoOVYXjM
x-fb-trace-id: B93dbAXm8pP
x-fb-rev: 1006309799
x-fb-debug: k1g43BH/4a6/lnh27uKdRq5NdN7DAHief3QteJZosMKGhJRU7fMbQtOoiJe0F1ju02+k1jIJGV3tH4SF/Xts1g==
content-length: 302
date: Sun, 02 Oct 2022 20:00:31 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72e8c21988f5ecd736fde162321f0984
4bb9f82a2f6114b344600d920f91f1cc9260bc42
326533b2b3a8b24f0b21dbe9b94e5d9086f862ad74a1d01942fb829dff0352f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3758
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 20:00:31 GMT
Last-Modified: Sun, 02 Oct 2022 18:57:53 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
mc.us19.list-manage.com/subscribe/form-settings?u=45a2b57211ba1ffd209677bb5&id=82488b7d6c&u=45a2b57211ba1ffd209677bb5&id=82488b7d6c&c=dojo_request_script_callbacks.dojo_request_script0
104.110.24.122404 Not Found 2.2 kB URL HTTP/2 mc.us19.list-manage.com/subscribe/form-settings?u=45a2b57211ba1ffd209677bb5&id=82488b7d6c&u=45a2b57211ba1ffd209677bb5&id=82488b7d6c&c=dojo_request_script_callbacks.dojo_request_script0
IP 104.110.24.122:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 02b32db03b0b9e594a2faa3763500f2c
06b9454c837de3843acee7db20b9485d730ddfbd
9f9c60822290179292803f0411cb67bb0d1f6c4a4eba4a709d140749b71d09b0
GET /subscribe/form-settings?u=45a2b57211ba1ffd209677bb5&id=82488b7d6c&u=45a2b57211ba1ffd209677bb5&id=82488b7d6c&c=dojo_request_script_callbacks.dojo_request_script0 HTTP/1.1
Host: mc.us19.list-manage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: openresty
content-type: text/html; charset=UTF-8
content-length: 2214
x-ua-compatible: IE=edge,chrome=1
status: 404 Not Found
content-encoding: gzip
x-edgeconnect-midmile-rtt: 22
x-edgeconnect-origin-mex-latency: 122
cache-control: max-age=295
expires: Sun, 02 Oct 2022 20:05:26 GMT
date: Sun, 02 Oct 2022 20:00:31 GMT
vary: Accept-Encoding
set-cookie: _mcid=1.3ce6629b08be3ab098d365a6664d7728.0054c8832a47095f659a22a179cde13f4a52e8eb29ea86ece54d0eeafe11ce49; expires=Mon, 02-Oct-2023 20:00:31 GMT; Max-Age=31536000; path=/
_mc_anon_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
_abck=D5464BF1D4B4E9A7B94194F0F879BD1B~-1~YAAQrU0kF9rDPVeDAQAA1jFJmggfsy1tcpn63NN8/Vp7ps1qwKiLpfADWSGGuAgUUKYEHbT9kkSFOdvAcqfGjWqmVCdCS4kueYMxgIHg4NGiSy4cuQtlYT0qxoPyW6pwGb0eoIR/kaTJrAYUH58mVO7E35oNbuf7wCBTvC1Sh0jPmgJO4DdWlR+MbLu5LwSoGckeQHYiRVvlqGO6fUR7MXJDejEoFOMiSrTKjuop9nZQUy158QkTR2Eg0O8lHF9B/IfYUZ2+YZFx35e6PhuorCfBO/8ndz61njKt87wRhXfcvAPFw5G2u2NWyq/ge8rO7HIUOZUq/N4Jb37AZHOJN7X9l5ndMv/iaTJwLGxw3soFjhCzDugbO6hMfUSPja7T5A==~-1~-1~-1; Domain=.list-manage.com; Path=/; Expires=Mon, 02 Oct 2023 20:00:31 GMT; Max-Age=31536000; SameSite=None; Secure
ak_bmsc=995778BCD8BF4754E658A4F32D68E130~000000000000000000000000000000~YAAQrU0kF9vDPVeDAQAA1jFJmhEOuprV9nPm/gVmnHuDo2b/wqSL2qJjmmVhhXBfyhW9gmJnBtBdEoC63jmWWSMqSQxW4bcvJ6U1rUypHkeP8LBUCUo8bWpUiBFV0Y5T2gzieLtf7p9w331PrmFdthD+1Y5ZuibtvX0yZBGC8to0zh3wJx5uH5b/8sOtrT+mwzYCeMal45WuBLp7A+Zg8eyyfhIn5V/oda60plHgJVxnPJtRZvvhRdQcnm1qZTENNV1t9QhmBTex8R3DsqjFshgNMwIeieLGVtk9j2gxbQFvSiI2LZQEGDfSGqbsR+h5XlX04N/bE0NUxpn+xNW3FlDg+l1izurqQMHL41ngcCWFyqHZcmrYo9DniDhR2hmG/Z5BjfzgTC3j9HwCJIeMRY/tJQ==; Domain=.us19.list-manage.com; Path=/; Expires=Sun, 02 Oct 2022 22:00:31 GMT; Max-Age=7200; SameSite=None; Secure; HttpOnly
bm_sz=FAD1D667E7176491FC0736C0B2B05B70~YAAQrU0kF9zDPVeDAQAA1jFJmhFeSbia9FbpFiLF81CkMbR+/LMlMtqCyaxP/4QH78QoRL7GJM+F5brPy3q5/Pqa5qEjSox3mYqrx3Z+wHBhRiBAYMP9I8AcKY5hLSDwMqPnWKyw3rvR8PVd4KEhzgBQ3uBE6HwIFOk1MxzQXyfnDxktjKUZO8ARsrXsb9UrLoazKmzUMjGK3dOlKq+WB5zyiJKG/fXety5/GQsii6KiIbRoRrM8DMXEn/fH3XD9IqsYc6nISO25T71D7D8CgYu+A9V0RIex4XjlsqbdlNQSriNmi+zrnA==~4404547~3753012; Domain=.list-manage.com; Path=/; Expires=Mon, 03 Oct 2022 00:00:31 GMT; Max-Age=14400; SameSite=None; Secure
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/uploads/2020/03/cropped-deals-favicon-scaled-1-32x32.jpg
162.241.216.62200 OK 1.2 kB URL HTTP/2 dealstoheal.com/wp-content/uploads/2020/03/cropped-deals-favicon-scaled-1-32x32.jpg
IP 162.241.216.62:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 32x32, components 3\012- data
Hash e3a3b9d543e13bf02a473df1e8b3a405
5cfb5b1b963dcddb3389779f4d695a6d0bc634c5
c15f5021d22b41aafb7ffbfef3ab4cb57f1b915c8aafc4ed2d7ede970f2d9635
GET /wp-content/uploads/2020/03/cropped-deals-favicon-scaled-1-32x32.jpg HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 Mar 2020 00:17:17 GMT
accept-ranges: bytes
content-length: 1164
cache-control: max-age=31536000
expires: Mon, 02 Oct 2023 20:00:31 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Sun, 02 Oct 2022 20:00:31 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/uploads/2020/03/cropped-deals-favicon-scaled-1-192x192.jpg
162.241.216.62200 OK 6.6 kB URL HTTP/2 dealstoheal.com/wp-content/uploads/2020/03/cropped-deals-favicon-scaled-1-192x192.jpg
IP 162.241.216.62:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 192x192, components 3\012- data
Hash fc4152a29c77f133cd06e12e540d01cc
5b5f17aaf115deebc31022608eb826b52fee1359
8de869e78e9b9e4d88a1b75fad73fb056f47fe42be0417c3db1f5e80ca320e1b
GET /wp-content/uploads/2020/03/cropped-deals-favicon-scaled-1-192x192.jpg HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 Mar 2020 00:17:17 GMT
accept-ranges: bytes
content-length: 6648
cache-control: max-age=31536000
expires: Mon, 02 Oct 2023 20:00:31 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: image/jpeg
date: Sun, 02 Oct 2022 20:00:31 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fcf832b-84d6-4938-a540-280bf3205df1.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fcf832b-84d6-4938-a540-280bf3205df1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b11c8ecfed53e302ab48fa5f757513a4
b3cb36455b3cb0a160c705958add6c422a0a48a2
fb66239038dddd134d3c5c7a656c91c57737bc784fabefe15a5ef2981e68e2b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fcf832b-84d6-4938-a540-280bf3205df1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9012
x-amzn-requestid: 4ea2bfb1-fc99-4777-aa98-0605d4a704ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpmEBlIAMFj2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-039358f5691f895941f485fd;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -zAvZvugUNsIscx7YT34xPY-AiaxduJGMkM23GqxSvfl0EmqWOmysA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:52:38 GMT
age: 79677
etag: "b3cb36455b3cb0a160c705958add6c422a0a48a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dealstoheal.com/wp-includes/js/jquery/jquery.min.js
162.241.216.62200 OK 0 B URL HTTP/2 dealstoheal.com/wp-includes/js/jquery/jquery.min.js
IP 162.241.216.62:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 20 Jul 2021 22:05:12 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution/js/foundation.min.js
162.241.216.62200 OK 0 B URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution/js/foundation.min.js
IP 162.241.216.62:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Tevolution/js/foundation.min.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:18:39 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution/js/markermanager.js
162.241.216.62200 OK 0 B URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution/js/markermanager.js
IP 162.241.216.62:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Tevolution/js/markermanager.js HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 29 Mar 2020 21:18:39 GMT
accept-ranges: bytes
cache-control: max-age=21600
expires: Mon, 03 Oct 2022 02:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: application/javascript
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/chickeninvaders6fullversiontpb-best/
162.241.216.62200 OK 0 B URL HTTP/2 dealstoheal.com/chickeninvaders6fullversiontpb-best/
IP 162.241.216.62:0
Analyzer Verdict Alert fortinet Phishing
GET /chickeninvaders6fullversiontpb-best/ HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-pingback: https://dealstoheal.com/xmlrpc.php
link: <https://dealstoheal.com/wp-json/>; rel="https://api.w.org/", <https://dealstoheal.com/wp-json/wp/v2/posts/40549>; rel="alternate"; type="application/json", <https://dealstoheal.com/?p=40549>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: text/html; charset=UTF-8
date: Sun, 02 Oct 2022 20:00:27 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/plugins/Tevolution/css.minifier.php
162.241.216.62200 OK 0 B URL HTTP/2 dealstoheal.com/wp-content/plugins/Tevolution/css.minifier.php
IP 162.241.216.62:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Tevolution/css.minifier.php HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: text/css;charset=UTF-8
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/themes/Directory/css/style.css
162.241.216.62200 OK 0 B URL HTTP/2 dealstoheal.com/wp-content/themes/Directory/css/style.css
IP 162.241.216.62:0
GET /wp-content/themes/Directory/css/style.css HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 28 Mar 2020 18:17:39 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 01 Nov 2022 20:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: text/css
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2
dealstoheal.com/wp-content/themes/Directory/style.css
162.241.216.62200 OK 0 B URL HTTP/2 dealstoheal.com/wp-content/themes/Directory/style.css
IP 162.241.216.62:0
GET /wp-content/themes/Directory/style.css HTTP/1.1
Host: dealstoheal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dealstoheal.com/chickeninvaders6fullversiontpb-best/
Cookie: PHPSESSID=9b4be5d46500afc8553d4d4e4bf91731
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 30 Mar 2020 03:42:23 GMT
accept-ranges: bytes
cache-control: max-age=2592000
expires: Tue, 01 Nov 2022 20:00:29 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 0
x-nginx-cache: WordPress
content-type: text/css
date: Sun, 02 Oct 2022 20:00:29 GMT
server: Apache
X-Firefox-Spdy: h2