Overview

URL 17t87y.cfd/1909/a10/Gact1509
IP67.223.118.95
ASNNAMECHEAP-NET
Location United States
Report completed2022-09-20 21:51:45 UTC
StatusLoading report..
urlquery Alerts Scam / Fake AntiVirus


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-20 2 17t87y.cfd/1909/a10/Gact1509 Malware
2022-09-20 2 17t87y.cfd/1909/a10/Gact1509 Malware
2022-09-20 2 17t87y.cfd/1909/a10/minimize.jpeg Phishing
2022-09-20 2 17t87y.cfd/1909/a10/fullscreen.js Phishing
2022-09-20 2 17t87y.cfd/1909/a10/before.js Phishing
2022-09-20 2 17t87y.cfd/1909/a10/light.js Phishing
2022-09-20 2 17t87y.cfd/1909/a10/main.js Phishing
2022-09-20 2 17t87y.cfd/1909/a10/0wa0rni0ng0.mp3 Phishing
2022-09-20 2 17t87y.cfd/1909/a10/wa0lDErtm0s.mp3 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed
2022-09-20 2 17t87y.cfd Sinkholed


Files

No files detected



Passive DNS (22)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-20 10:16:44 UTC 104.18.21.226
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-20 17:37:01 UTC 34.120.237.76
mnemonic passive DNS fonts.gstatic.com (1) 0 2014-08-29 13:43:22 UTC 2022-09-20 04:47:45 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS maxcdn.bootstrapcdn.com (1) 724 2014-06-18 00:37:31 UTC 2022-09-20 19:35:14 UTC 104.18.10.207
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-20 17:35:13 UTC 143.204.55.27
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-20 04:47:04 UTC 34.117.237.239
mnemonic passive DNS cdn.jsdelivr.net (2) 439 2012-09-30 00:15:09 UTC 2022-09-20 04:47:20 UTC 151.101.85.229
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-09-20 10:15:13 UTC 104.17.24.14
mnemonic passive DNS region1.google-analytics.com (1) 0 2022-03-17 11:26:33 UTC 2022-09-20 05:46:51 UTC 216.239.34.36 Domain (google-analytics.com) ranked at: 8401
mnemonic passive DNS c1.mylivechat.com (12) 200399 2019-03-16 07:30:15 UTC 2022-09-20 17:32:07 UTC 169.55.200.20
mnemonic passive DNS 17t87y.cfd (21) 0 2022-09-17 14:53:40 UTC 2022-09-20 14:30:22 UTC 67.223.118.95 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-20 05:19:24 UTC 143.204.55.110
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-09-20 13:04:07 UTC 93.184.220.29
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-20 17:41:07 UTC 142.250.74.174
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-20 04:47:05 UTC 23.36.77.32
mnemonic passive DNS ocsp.sectigo.com (1) 487 2018-12-17 11:31:55 UTC 2022-09-20 19:14:14 UTC 104.18.32.68
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-09-20 04:47:45 UTC 142.250.74.3
mnemonic passive DNS stats.g.doubleclick.net (1) 96 2013-06-02 22:47:44 UTC 2022-09-20 07:54:37 UTC 142.251.1.155
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-20 15:51:03 UTC 216.58.211.10
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-20 05:36:22 UTC 52.41.98.34
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-20 04:46:55 UTC 142.250.74.72
mnemonic passive DNS mylivechat.com (1) 45064 2012-07-06 21:10:12 UTC 2022-09-20 19:14:02 UTC 52.117.22.28


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 67.223.118.95

Date UQ / IDS / BL URL IP
2022-09-22 05:52:13 +0000
0 - 0 - 3 16q65v.top/ 67.223.118.95
2022-09-20 21:51:45 +0000
11 - 0 - 30 17t87y.cfd/1909/a10/Gact1509 67.223.118.95
2022-09-16 05:41:30 +0000
0 - 0 - 2 8p47o.cfd/ 67.223.118.95
2022-09-15 21:49:04 +0000
11 - 0 - 9 8p47o.cfd/1509/9a/Mhp2836 67.223.118.95
2022-09-15 06:36:48 +0000
11 - 0 - 0 9c52l.cfd/1509/11a/Gact6207 67.223.118.95

Last 5 reports on ASN: NAMECHEAP-NET

Date UQ / IDS / BL URL IP
2022-11-28 20:45:02 +0000
0 - 0 - 1 fees-cea.com/ 192.64.119.139
2022-11-28 20:31:03 +0000
0 - 0 - 1 smartcityplot.com/si/index.php?e=D6.zip 67.223.118.20
2022-11-28 20:28:26 +0000
0 - 0 - 2 seecoh.net/26.exe 68.65.122.109
2022-11-28 20:27:31 +0000
0 - 0 - 1 konfirm.cloud/bca-bifast.zip 162.213.255.18
2022-11-28 20:16:00 +0000
0 - 0 - 1 4547.bainey4547.thekadramasanctuary.com/ 66.29.156.89

Last 1 reports on domain: 17t87y.cfd

Date UQ / IDS / BL URL IP
2022-09-20 21:51:45 +0000
11 - 0 - 30 17t87y.cfd/1909/a10/Gact1509 67.223.118.95

Last 4 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-20 17:15:06 +0000
11 - 0 - 15 9m50f.click/1809/a5/BPact6435 162.0.235.152
2022-09-18 13:31:46 +0000
11 - 0 - 9 10u58r.click/1809/a7/Mac7370 162.0.235.152
2022-09-15 21:49:04 +0000
11 - 0 - 9 8p47o.cfd/1509/9a/Mhp2836 67.223.118.95
2022-09-12 19:51:52 +0000
11 - 0 - 9 37h7d.click/1209/10a/Mac8349 162.0.235.152


JavaScript

Executed Scripts (28)


Executed Evals (2)

#1 JavaScript::Eval (size: 14, repeated: 1) - SHA256: febdfe048180e3d111406700b501f8b465a7dfcbc8b79f70ad0d64f1224dff36

                                        _mlctemp_ = null
                                    

#2 JavaScript::Eval (size: 205, repeated: 1) - SHA256: 3dc174b79e0affb2606d152070ef0b51af1f6d539306e04f8b8812fce3329f0f

                                        _mlctemp_ = [{
    "urlpattern": "*",
    "required": true,
    "disabled": false,
    "nosound": true,
    "locationkey": "",
    "waittime": "1",
    "message": "",
    "domain": "",
    "refpattern": "",
    "name": "Windows\x20Support",
    "desc": "",
    "department": ""
}]
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 630, repeated: 1) - SHA256: 8b88b1c61835b8107b053ef60ae33e2dfb731b52e0ca4b0cbc6a355da8c6e7c2

                                        < html > < head > < meta name = "format-detection"
content = "telephone=no" / > < link rel = 'stylesheet'
href = 'https://c1.mylivechat.com/livechat2/chatdialog2.css' / > < /head><body><script src='https:/ / c1.mylivechat.com / livechat2 / frame2.aspx ? HCCID = 31408712 & amp;
CCCustomerId = 88 f5d78e - cf2f - 8e a6 - 3 b16 - 8 c62289bda08 & amp;
_t = 1663710703004 '></script><script src='
https: //c1.mylivechat.com/livechat2/resources2.aspx?HCCID=31408712&amp;culture=ja&amp;mlcv=3017&amp;template=5'></script><script src='https://c1.mylivechat.com/livechat2/script/frameui2.js'></script><script src='https://c1.mylivechat.com/livechat2/script/frameinit2.js'></script></body></html>
                                    


HTTP Transactions (71)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Retry-After, Content-Type, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 21:13:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: peWvMaDquq0z9OAXDlqBHYT13TewACr2qqQAseJtrqovCGxAu2KxnQ==
Age: 2299


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2958
Expires: Tue, 20 Sep 2022 22:40:52 GMT
Date: Tue, 20 Sep 2022 21:51:34 GMT
Connection: keep-alive

                                        
                                            GET /1909/a10/Gact1509 HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         67.223.118.95
HTTP/1.1 301 Moved Permanently
content-type: text/html
                                        
keep-alive: timeout=5, max=100
content-length: 707
date: Tue, 20 Sep 2022 21:51:34 GMT
server: LiteSpeed
location: https://17t87y.cfd/1909/a10/Gact1509
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   707
Md5:    1304294c0823ca486542ba408ed761e3
Sha1:   b2a70fb2d810ca13985882e6981f33998823e83e
Sha256: 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: XkLsgp_PM7hwwsgAboqiLnY9yqyIsKFxRYOetMqqOfEYcC42f343MQ==
age: 62181
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 20 Sep 2022 21:51:34 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 20 Sep 2022 21:03:22 GMT
Expires: Tue, 20 Sep 2022 21:33:01 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DUCTEfGAHd7WzUeahYsBR9UJVi1W4r75gf0gxbDK84QAmtQyFPWl2A==
Age: 2893


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 21:51:35 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sun, 18 Sep 2022 20:35:16 GMT
Expires: Sun, 25 Sep 2022 20:35:15 GMT
Etag: "bc6dc0e4f57fe7364e57da954e53302685df6b8f"
Cache-Control: max-age=426819,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ddc884eebbb51e-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5753
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 21:51:35 GMT
Last-Modified: Tue, 20 Sep 2022 20:15:43 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5327
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 21:51:35 GMT
Last-Modified: Tue, 20 Sep 2022 20:22:48 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ihUSByzAcnTfNLvcQ6WHHw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.41.98.34
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DkSQgGKgLZYdlHt5LtZj3DjIgKQ=

                                        
                                            GET /1909/a10/Gact1509 HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         67.223.118.95
HTTP/2 200 OK
                                        
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 38306
date: Tue, 20 Sep 2022 21:51:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (304)
Size:   38306
Md5:    0ddcb0e70d63bfca9b6ca4138c4a7b17
Sha1:   1d7c9af9ad72b92b686206da1d2cf445855a4162
Sha256: f581cbeb2b63ba26be2ed96a7fa3d74c8713b93b7fa800a0d5abfe4ef16a75e1

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 20 Sep 2022 21:51:35 GMT
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 9157483
expires: Sun, 10 Sep 2023 21:51:35 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2BctR41GK3bmpu0hjwek1GldjNMAcfVg8%2BdS2IDNk2p%2FVSmqQcGckV8q24o%2Be1BpGKuUQHSmIIV75ynHnqopoIHzP%2F6b4wAdbRf3DAq2rO5u9GzbNJmlgETBf445pkXFWserOXY8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74ddc8896aafb4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32180)
Size:   26660
Md5:    b1e4b2a99336201b37fb8cea5d57abb9
Sha1:   d57980f0d0eaaf57ec33ddc9ed027274cfa86027
Sha256: c805bfd991983f57b5b7878b998f7529e9b7e2df4bc2d39ba493934e23ba3f8a
                                        
                                            GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://17t87y.cfd
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.229
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Sep 2022 21:51:35 GMT
age: 167470
x-served-by: cache-fra19147-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24100
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65326)
Size:   24100
Md5:    849f3e827da80e4e4c6a8c49689f057d
Sha1:   035d81aaaf6da3ffa5ce241179a9e14d533e7a3b
Sha256: 9546dbb82c3facf833e4adb713ce7e57a34dd53f6b55697ef1e1877bdbd8bb73
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 21:51:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://17t87y.cfd
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.85.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Sep 2022 21:51:35 GMT
age: 9399338
x-served-by: cache-fra19162-FRA, cache-bma1645-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21830
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65299)
Size:   21830
Md5:    a5cbb97cf034dd181106adecdafe3035
Sha1:   5fca1af6c76dd3e609f7f92841e564df1281927a
Sha256: 5ae018daf5df2cd903f80162efbaa3e138e0ed47ff90a315f2e2c497dc88a890
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5327
Cache-Control: 'max-age=158059'
Date: Tue, 20 Sep 2022 21:51:35 GMT
Last-Modified: Tue, 20 Sep 2022 20:22:48 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 21:51:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "8DDCEEBB68B675FC55EDFBDC8CB3EBDE3A474DC2"
Expires: Wed, 21 Sep 2022 09:00:00 GMT
Last-Modified: Tue, 20 Sep 2022 21:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 464
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ddc889ef5cb529-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    4fb5f79a19968d307d5b127420677a79
Sha1:   d2ddf637c248cb57ada024ac719ad51542cb97c2
Sha256: b4121fc05c72b0b554f8baed6f0d244b25abc5043a4e2b58bab9efac77599e10
                                        
                                            GET /gtag/js?id=UA-140409011-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 20 Sep 2022 21:51:35 GMT
expires: Tue, 20 Sep 2022 21:51:35 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43274
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1720)
Size:   43274
Md5:    0615a42dfc430f36cd949bf907fb75c5
Sha1:   0335e3522be9bd2fc4a882ec11340c169ae36ff2
Sha256: ebb5774141652c33c32405f3013f998c926ca3877e9d345527c89e2e61d85165
                                        
                                            GET /1909/a10/main.css HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:35 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2429
date: Tue, 20 Sep 2022 21:51:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2429
Md5:    2bfb050680eab752d1fc23b340dc2b54
Sha1:   673a1a6b4894030e89c393d7fe7fba41bc4aad50
Sha256: a4be4a233e1d996033c1ead0a66736c16b171c8b47e73598d74a7ff516ff428f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 21:51:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /1909/a10/microsoft.png HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:35 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 1045
date: Tue, 20 Sep 2022 21:51:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Size:   1045
Md5:    bf2b460590fbb9d8e9611a6e9006b816
Sha1:   561e1dab259d61e798b3ce380527b71b61074ff3
Sha256: ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/minimize.jpeg HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/jpeg
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:35 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 2247
date: Tue, 20 Sep 2022 21:51:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3\012- data
Size:   2247
Md5:    1ba392dce74f8987dca48bf65d817c8f
Sha1:   db0b8444c46125105b52f272bd422a7f52da1f72
Sha256: a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/setting.png HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:35 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 364
date: Tue, 20 Sep 2022 21:51:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Size:   364
Md5:    e144c3378090087c8ce129a30cb6cb4e
Sha1:   59da5466551de941d0215e45c54aa2ceaf436be1
Sha256: b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/que.png HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:35 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 349
date: Tue, 20 Sep 2022 21:51:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Size:   349
Md5:    7454c652e0733d92de6c920c2d646ae0
Sha1:   34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
Sha256: 44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/virus-scan.png HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:35 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 25871
date: Tue, 20 Sep 2022 21:51:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size:   25871
Md5:    2c497dfff84bd8c5af9254c9d6278ce1
Sha1:   667e72e7ba6f00a54629e28133317022d4b59af6
Sha256: b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/bell.png HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:35 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 1108
date: Tue, 20 Sep 2022 21:51:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size:   1108
Md5:    a3555871399f1f67bfacaf437974b03a
Sha1:   b6337de87cd7a75a73cd804774651d14c83fe76a
Sha256: 2e48fef820929c21295e13444901f60e3aed61ba6f8c773ff1466e6843e76b49

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/pc.png HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:36 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 4949
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data
Size:   4949
Md5:    cc5132b56ba46b03dd998aa1fe220106
Sha1:   403e007a0b17d76a9945fa5ec46a9d01733b3040
Sha256: 598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/def.png HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:36 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 3834
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   3834
Md5:    77a2ffc5545f87551d74781201de9b3b
Sha1:   c9c3798afd2ae95aa3bba3c428335d49c8255b06
Sha256: 316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/fullscreen.js HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:36 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 237
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   237
Md5:    424165d04aaac003395f964590e6cb2d
Sha1:   3d041931a170de8ee9981122e0ae44ed05bfc29b
Sha256: f04b0a0a20f05bde21b16ad9e0ea1cef1ba49eaba5bf7eed03f3a8dd115240c8

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/before.js HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:36 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 157
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   157
Md5:    56672789f066c6bdc879d9f5b9a5e8f8
Sha1:   ff49e9231b624530ed891ddb158f375267b6e669
Sha256: caffd547a184810b1284ea37b4e5f2f9877567a716daf27a3dc18951400dd186

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/light.js HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:36 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 200
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   200
Md5:    3688916f59b81e54a7e2ff6f51354a50
Sha1:   19f0911664cc5351162afc86ba0189cbc293c0dc
Sha256: efee0a83672fa30ccbba4313343d6f3e18e9e549fcf9a984516c212dc5ebb3ae

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/main.js HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:36 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 315
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   315
Md5:    dde2bc1b979e4302602d56b79872bd20
Sha1:   8d2387b592b17d7048325a51099744fdfbcc82d3
Sha256: c31d2f1e5fc1fa42c82aa7045c4a100c54887787fe550ada915ca9e185102054

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/virus-images.png HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:36 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 33366
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 200 x 191, 8-bit/color RGBA, non-interlaced\012- data
Size:   33366
Md5:    68c7d1836cf921e767b980e8ce6d845b
Sha1:   395fc474214809b1282fc589e4a8f0be81b16adc
Sha256: 870e9d768ba46521935ced4cee560acfbb4f12370e5476dc6a2a45f0141a8392

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/cross.png HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:36 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 44098
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Size:   44098
Md5:    4487a588bf2a07e3d1936d705c5ceefd
Sha1:   db193b3e2ab9fbee6eae99ced2366b1ef5f16971
Sha256: 3821ef20f5904fdb993e34d87ff8fb9c5786a382efb0eeee8b4f00c91428b701

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /1909/a10/0wa0rni0ng0.mp3 HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 206 Partial Content
content-type: audio/mpeg
                                        
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
content-range: bytes 0-8404/8405
content-length: 8405
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural\012- data
Size:   8405
Md5:    8618fbb0911e3b8fc96725dee8bfd81f
Sha1:   1bbcb78922946d0cf18fbf3a9e092e36453eb767
Sha256: 0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1

Alerts:
  urlquery:
    - Scam / Fake AntiVirus
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19502
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 21:51:37 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19502
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 21:51:37 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19502
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 21:51:37 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11832
x-amzn-requestid: 75065a71-5f2d-4987-915b-9bddc772c76a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI_EsLIAMFdmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-1248d25405209da3353d4a4a;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gLh2EBTPdXvFtZuYKH1NVZebvnz4Rhs-f_rZPtfJpIWNemEk0upeOQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:09:43 GMT
etag: "8b91bc3069a3217bc719c27959d578b353b5d9dc"
age: 85314
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11832
Md5:    2ed7323b395e757f7766ea0045efdaca
Sha1:   8b91bc3069a3217bc719c27959d578b353b5d9dc
Sha256: 8daf8cb1464daa5f72bc4f1049adb4aba00b2c2dec11cb3ade3454ec2ebbfb63
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11145
x-amzn-requestid: dcb726a6-2f43-4170-a53c-4f0d2883309e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yuh7yHfHIAMFu4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e37e-11bf06e96123e01c11854cbb;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:47:42 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oJyChyEdTbGx6oQCRy6IVMS8qU22LupFYn6FOii3p4BUVFyKnssQ7Q==
via: 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:05:54 GMT
age: 85543
etag: "ff8286c4d2cf87a1865d56d082bc5235dba60ad7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11145
Md5:    c283017ec789693602177a2785177e21
Sha1:   ff8286c4d2cf87a1865d56d082bc5235dba60ad7
Sha256: 520db2567ad5529d35d2ac63b94d4186848382e9c86d0c4355ab979b34f0e0ab
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9873
x-amzn-requestid: 7171299f-e6e3-40ef-a292-33779346e1ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI-FDIIAMF-xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-31f9413434a6b00e77e7709b;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: evL3aL1ULo6B2a8Rp6iILKCX7F14O9HMSbEqkEY3XHFhmMptE8FaVw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:09:44 GMT
age: 85313
etag: "0e14f5062e40ce94346494ff947bfcf74b5e88c1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9873
Md5:    7ca0c1a7f205ad07f1cce80b26448873
Sha1:   0e14f5062e40ce94346494ff947bfcf74b5e88c1
Sha256: ebc960279032671136749823c126ec807334d9eaf2b019abcc63b41bcdbf4a7f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9543
x-amzn-requestid: 17be04c9-54f0-4988-82dd-f13911a2a629
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugINHN1IAMF8iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09a-35496b4c21c23dec75257964;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -VBFetQNkmIiWeJtW5IOheaPLdDHM9iKhiGPzVcA3_KQk7Qha5VrXg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:14:25 GMT
age: 85032
etag: "a852edb64a7220532aa619ab2a440c3a7e11b97a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9543
Md5:    30fbdfee7ec4513a5ff3dfcb7282f816
Sha1:   a852edb64a7220532aa619ab2a440c3a7e11b97a
Sha256: 4adee59f97bea412c6a0a786d0a27e431a497198b9047a75841b0a530803bdfe
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10894
x-amzn-requestid: f7aad96e-af80-4db7-8bc1-d1e09a9b37e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeJQGHhOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322559a-538534e91448af217c59ab3d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:28:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P7aZQzmAvqn2rcHJUQjHo0Dcg8dsrqseey5mNOabfq1b857M4SUMDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 10:06:02 GMT
age: 42335
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10894
Md5:    d3e70b2859ca89b353682d03f6b46b93
Sha1:   ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
Sha256: 43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9865
x-amzn-requestid: 7eeeff5b-cb13-4060-96a6-bf5a4be57331
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugokGQVoAMFXmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e169-4211dbbe1a22d0255a45aff0;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:38:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2kU9PLuzusMR04mNUdwbU6-120ESVhYJtNaIixERO68Vo9jEfP3JWg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:04:47 GMT
age: 85610
etag: "b8484fb5443344b03e52dd56b1d6c5682eb6221a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9865
Md5:    1a7d863845e96c5927e812f325c08c16
Sha1:   b8484fb5443344b03e52dd56b1d6c5682eb6221a
Sha256: fcb382029332a44deaf212298b618074a752d674d0c735a1b8b861ab4bb6ff0f
                                        
                                            POST /g/collect?v=2&tid=G-PBCH7NTB3M&gtm=2oe9j0&_p=1966058268&cid=39746916.1663710696&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663710696&sct=1&seg=0&dl=https%3A%2F%2F17t87y.cfd%2F1909%2Fa10%2FGact1509&dt=%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BCCode0x268d3-Er07%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1 
Host: region1.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://17t87y.cfd
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         216.239.34.36
HTTP/2 204 No Content
content-type: text/plain
                                        
access-control-allow-origin: https://17t87y.cfd
date: Tue, 20 Sep 2022 21:51:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Tue, 20 Sep 2022 20:41:12 GMT
expires: Tue, 20 Sep 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 4225
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20006
Md5:    56f5d7f608e25d64207135f045f988cb
Sha1:   901eb59372ae330ae85e1384da93479b21ae1082
Sha256: 1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
                                        
                                            GET /1909/a10/download.jpg HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 200 OK
content-type: image/jpeg
                                        
cache-control: public, max-age=604800
expires: Tue, 27 Sep 2022 21:51:35 GMT
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
accept-ranges: bytes
content-length: 653698
date: Tue, 20 Sep 2022 21:51:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1920x1394, components 3\012- data
Size:   653698
Md5:    3722bd7abebdd2124f3d4d24f1823024
Sha1:   50b50222ea17bd754457b0d99ce9fd199e610bc6
Sha256: d8a9ac3f3dc3fde6dfc7a7481aa50b2c8008f342a92cc27a5885ac84b852bd0a

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Cookie: _ga_PBCH7NTB3M=GS1.1.1663710696.1.0.1663710696.0.0.0; _ga=GA1.1.39746916.1663710696
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 404 Not Found
content-type: text/html
                                        
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-length: 1238
date: Tue, 20 Sep 2022 21:51:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   1238
Md5:    0bde7d4b3da67537eaf9188e6f8049cf
Sha1:   64300fc482d01d38b40ab20e15960b6509665e5a
Sha256: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /chatinline.aspx?hccid=31408712 HTTP/1.1 
Host: mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.117.22.28
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: private
Location: https://c1.mylivechat.com/livechat2/livechat2.aspx?hccid=31408712&apimode=chatinline
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:39 GMT
Content-Length: 205


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   205
Md5:    3e8f2733d85237ca0841279f3ecf2f33
Sha1:   866fe8f398f9161385a0958d73755e36da7ddcf7
Sha256: 16ca0db1eda2fe35e7b73aaf126573849082c10122953b52d0f7f49b90cb6d7a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 21:51:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-140409011-1&cid=39746916.1663710696&jid=1788214863&gjid=1824865152&_gid=1800420831.1663710697&_u=YADAAUAAAAAAAC~&z=698439453 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://17t87y.cfd
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.251.1.155
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://17t87y.cfd
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 20 Sep 2022 21:51:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 21:51:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /livechat2/livechat2.aspx?hccid=31408712&apimode=chatinline HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://17t87y.cfd/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:37 GMT
Content-Length: 9869


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (2202), with CRLF line terminators
Size:   9869
Md5:    0f797066260738e00e6b07a24b21d725
Sha1:   3bd31bce02df67429d49d05a6677609d1ff8aff5
Sha256: c01893508d6698a3fb596f4e5921f4ddbaf60a1705a5eef8116ab687afa8be75
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 21:51:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Poppins:300,400,500,600,700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.211.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Sep 2022 21:51:38 GMT
date: Tue, 20 Sep 2022 21:51:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /livechat2/chatinline.css?&culture=ja&mlcv=3017&template=5 HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Cache-Control: max-age=2160000
Content-Encoding: gzip
Last-Modified: Wed, 28 Jul 2021 03:27:35 GMT
Accept-Ranges: bytes
ETag: "80ade3816083d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:38 GMT
Content-Length: 6091


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   6091
Md5:    138e2a406691164216f3d150858ea85b
Sha1:   f2b0272d2cb72beeb53499e7678aed84fbfe2eb2
Sha256: cf149b4d17f52c1550e7fa4b26256ebc3cbef1d09ae8b8e9c86684153cff7225
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 21:51:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://17t87y.cfd
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:32:09 GMT
expires: Thu, 14 Sep 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 526769
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size:   7884
Md5:    9212f6f9860f9fc6c69b02fedf6db8c3
Sha1:   ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
Sha256: 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 20 Sep 2022 21:51:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /livechat2/resources2.aspx?HCCID=31408712&culture=ja&mlcv=3017&template=5 HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Cache-Control: public, max-age=31536000
Expires: Wed, 20 Sep 2023 21:51:38 GMT
Last-Modified: Tue, 20 Sep 2022 05:00:00 GMT
ETag: "ZwMDq8LmTPUvPPsFkueyRny1bm8uJiinwUGv37YB1BI="
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:38 GMT
Content-Length: 134180


--- Additional Info ---
Magic:  ASCII text, with very long lines (33406), with CRLF line terminators
Size:   134180
Md5:    f4e27e0f8043986abfae69bcd9103d7e
Sha1:   4cf30a5d208d76780c1d165298c67d6ebc9aaa14
Sha256: 5eaa42187753594fd0535c290f4239ed5cd6d4b67dbb0eeb3022930d854d2cd8
                                        
                                            GET /livechat2/script/livechatinit2.js HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=2160000
Content-Encoding: gzip
Last-Modified: Sat, 10 Jul 2021 17:55:06 GMT
Accept-Ranges: bytes
ETag: "07944b7b475d71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:39 GMT
Content-Length: 16637


--- Additional Info ---
Magic:  ASCII text, with very long lines (63262), with no line terminators
Size:   16637
Md5:    b8a16c011058f95cea5ce0aca7c7c3b5
Sha1:   e05df33ff7434e22f7435137d20f3fcd33a4dba7
Sha256: 50915d444698c032e42a58cb469e40faf08ce9dc01b0f8d8e44e125d3a2e6fba
                                        
                                            GET /Customization/Template/InlineChatRoundOnline_1.png HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Cache-Control: max-age=2160000
Last-Modified: Tue, 05 Dec 2017 22:01:33 GMT
Accept-Ranges: bytes
ETag: "4f34d99c146ed31:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:39 GMT
Content-Length: 273


--- Additional Info ---
Magic:  PNG image data, 72 x 72, 4-bit colormap, non-interlaced\012- data
Size:   273
Md5:    1faf0898915d582d33d412d1b9c593e3
Sha1:   05d2864d0360409f9235c60e349a8d232304850a
Sha256: cb242a7e67be4558984ec4dd4be1225d11ec9532cc2e935f64b4dd3b1bae64d2
                                        
                                            GET /livechat2/livechat2.aspx?apimode=sync&HCCID=31408712&CCCustomerId=88f5d78e-cf2f-8ea6-3b16-8c62289bda08&Type=VISIT&Url=https%3A%2F%2F17t87y.cfd%2F1909%2Fa10%2FGact1509&ContextData=3%3A2%7C0%7C&ScreenSize=1280,1024&PageTitle=%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BCCode0x268d3-Er07%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9&uats=2&culture=ja&mlcv=3017&template=5 HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:41 GMT
Content-Length: 1534


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1534
Md5:    593864e82e3c7160a52c6264187238b6
Sha1:   7a1d23e53d9d06f4e4b52f054d886d5f88777a2e
Sha256: 4a23628a07e504619f103246a6504aebb780e0bafe0c696de4e98e0d0558f729
                                        
                                            GET /livechat2/livechat2.aspx?apimode=sync&HCCID=31408712&CCCustomerId=88f5d78e-cf2f-8ea6-3b16-8c62289bda08&Type=VISIT&RSI=1&Url=https%3A%2F%2F17t87y.cfd%2F1909%2Fa10%2FGact1509&ContextData=3%3A3%7C0%7C&ScreenSize=1280,1024&PageTitle=%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BCCode0x268d3-Er07%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9&uats=3&culture=ja&mlcv=3017&template=5 HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
                                        
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:42 GMT
Content-Length: 1603


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1603
Md5:    7955974147b3e7bf6c45f595b05ca327
Sha1:   f69e040cd30e8e222f7bd381f54a5e5e4abdeda7
Sha256: e7ef4eae049d86e8261e8a18fdf5e345cc57354bb24148f15a3951a9790d6cec
                                        
                                            GET /Customization/Template/InlineChatOnlineLogo_a1.png HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Cache-Control: max-age=2160000
Last-Modified: Tue, 05 Dec 2017 22:01:31 GMT
Accept-Ranges: bytes
ETag: "f71de49b146ed31:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:42 GMT
Content-Length: 17141


--- Additional Info ---
Magic:  PNG image data, 456 x 60, 8-bit colormap, non-interlaced\012- data
Size:   17141
Md5:    52d5c3d8e52210b1b9d0b8985cd16de2
Sha1:   7f143827406664d77cc274ff63e861da08c386ce
Sha256: 0de26ee8883abcda5a49d2fe934d88e53758b251eb10f2eeaee13c946b3cc295
                                        
                                            GET /Customization/Template/InlineChatOfflineLogo_a1.png HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Cache-Control: max-age=2160000
Last-Modified: Tue, 05 Dec 2017 22:01:29 GMT
Accept-Ranges: bytes
ETag: "ac2b19a146ed31:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:42 GMT
Content-Length: 17141


--- Additional Info ---
Magic:  PNG image data, 456 x 60, 8-bit colormap, non-interlaced\012- data
Size:   17141
Md5:    52d5c3d8e52210b1b9d0b8985cd16de2
Sha1:   7f143827406664d77cc274ff63e861da08c386ce
Sha256: 0de26ee8883abcda5a49d2fe934d88e53758b251eb10f2eeaee13c946b3cc295
                                        
                                            GET /livechat2/chatdialog2.css HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Cache-Control: max-age=2160000
Last-Modified: Sat, 10 Jul 2021 05:41:16 GMT
Accept-Ranges: bytes
ETag: "0a657334e75d71:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:43 GMT
Content-Length: 29110


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   29110
Md5:    5b7bebac742395862feff104424386a4
Sha1:   c3496614e988e5b6ab9961c7441ab77883c695c8
Sha256: 8c2b4d33bde2e510436d424d65802e8990915c5ca278c49d3466238809f08550
                                        
                                            GET /livechat2/images/icon_facebook.png HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Cache-Control: max-age=2160000
Last-Modified: Thu, 13 Feb 2020 05:01:42 GMT
Accept-Ranges: bytes
ETag: "03f6aae2ae2d51:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:43 GMT
Content-Length: 597


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   597
Md5:    4dc48d957f346d4443b8592e746df354
Sha1:   c8faccb5c1fa471c64db2de8b4a3dac6e0d06ac3
Sha256: 0ecd535511cb55e220004822308c72803635eb5a484c98cbfd0cbcdb739e1313
                                        
                                            GET /livechat2/script/frameinit2.js HTTP/1.1 
Host: c1.mylivechat.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         169.55.200.20
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=2160000
Last-Modified: Sat, 10 Jul 2021 17:55:06 GMT
Accept-Ranges: bytes
ETag: "07944b7b475d71:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 20 Sep 2022 21:51:43 GMT
Content-Length: 155649


--- Additional Info ---
                                        
                                            GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1 
Host: maxcdn.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://17t87y.cfd/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.10.207
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Tue, 20 Sep 2022 21:51:35 GMT
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 9154943
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74ddc8898dc50afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /1909/a10/wa0lDErtm0s.mp3 HTTP/1.1 
Host: 17t87y.cfd
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://17t87y.cfd/1909/a10/Gact1509
Cookie: _ga_PBCH7NTB3M=GS1.1.1663710696.1.0.1663710696.0.0.0; _ga=GA1.1.39746916.1663710696
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         67.223.118.95
HTTP/2 206 Partial Content
content-type: audio/mpeg
                                        
last-modified: Mon, 19 Sep 2022 01:15:54 GMT
content-range: bytes 0-477352/477353
content-length: 477353
date: Tue, 20 Sep 2022 21:51:36 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
    - quad9: Sinkholed