r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9468
Expires: Fri, 25 Nov 2022 05:04:35 GMT
Date: Fri, 25 Nov 2022 02:26:47 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash af40a2fcf8debb90c3608002da6c907a
3c75d6c0b557a3bd8d5db50155b8d896e852c145
555617a51ee3077552545a29a3baf0b43e8a82367e4c08110ee480ebedc8b523
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4264
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:26:47 GMT
Last-Modified: Fri, 25 Nov 2022 01:15:43 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21406
Expires: Fri, 25 Nov 2022 08:23:33 GMT
Date: Fri, 25 Nov 2022 02:26:47 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 02:17:23 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 564
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: fjoA+wydKoSkoVvEGH4cWzwtZIR8B0AHh7X5WkeYP9dOOR3Lk9DkPHDvl5lO0or/jxCRQWlOQVc=
x-amz-request-id: 0S4QHWQX9ZNWGBYY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 01:40:37 GMT
age: 2770
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 02:26:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
siblingsgroupgh.com/
208.91.199.18200 OK 6.6 kB IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (576), with CRLF line terminators
Hash 84322e5ecfb1ecf9c1d3baddee1dfb79
ef4d3fe0b102ec922bcbc28b66a8547848b945f5
69f2241920d89f489899709e5bdddaa8fac23d133136c3132e9ac50da9483e3f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET / HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6639
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
siblingsgroupgh.com/vendor/fontawesome-free/css/all.min.css
208.91.199.18200 OK 12 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/fontawesome-free/css/all.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (54926)
Hash cd806104eb269d8afddc1f5937ccfc8e
7ea0c014ae72eb2bd008b9622f042b6f6b62beba
389f66bf3af9e30ac7477deaca17d9fd69df53c9abaa54a894dfc4cd509b3d46
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/fontawesome-free/css/all.min.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:47 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12022
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 02:08:53 GMT
cache-control: public,max-age=3600
age: 1074
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
siblingsgroupgh.com/vendor/animate/animate.min.css
208.91.199.18200 OK 5.6 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/animate/animate.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (57790)
Hash fe73ccaa6167b4010cad4f96090f9c3a
1e8fd8830ea1d7cb2b085a6ee275b80468f2d6c8
5b39352e422ea81b8466b5fe6ad8179aa8f91c2a4040877467a2e8308fb1cfa3
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/animate/animate.min.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5582
Keep-Alive: timeout=5, max=75
Content-Type: text/css
siblingsgroupgh.com/vendor/simple-line-icons/css/simple-line-icons.min.css
208.91.199.18200 OK 2.7 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/simple-line-icons/css/simple-line-icons.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (10943), with no line terminators
Hash 7f6cf81c87366265b1f7308ee3907b44
8c0c3b2ef20fe2742a0b61efc5e307d472e61180
2992f9a3a4b1214116c9c2a9d3224d9b95b693a40f223273e26b3dc3e121d011
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/simple-line-icons/css/simple-line-icons.min.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2653
Keep-Alive: timeout=5, max=75
Content-Type: text/css
siblingsgroupgh.com/vendor/owl.carousel/assets/owl.carousel.min.css
208.91.199.18200 OK 1.1 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/owl.carousel/assets/owl.carousel.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (3184)
Hash 8110dac83703c6f3bdab05005b338dae
2d7fa29ab9e77366216866a3c399cff917625015
8b88b876325a3b5deaea39fc31f97d9ea452bf5f5a27a4eb0d0cdc5be386fb92
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/owl.carousel/assets/owl.carousel.min.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1142
Keep-Alive: timeout=5, max=75
Content-Type: text/css
siblingsgroupgh.com/vendor/magnific-popup/magnific-popup.min.css
208.91.199.18200 OK 1.8 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/magnific-popup/magnific-popup.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (5235), with no line terminators
Hash 4998ed91e081bbea5deae842ff73832a
78ae3d2b08d6e35eb8c08d9e7a2cfc80ae3b64a2
b3b438a9984a307d0a930306b38983559f2b8bda16d825279f9a67973ae76bc9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/magnific-popup/magnific-popup.min.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:47 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1817
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
siblingsgroupgh.com/vendor/bootstrap/css/bootstrap.min.css
208.91.199.18200 OK 35 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/bootstrap/css/bootstrap.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (65324)
Hash 8d439940f8c3625af6ae3eb114868f72
7575057374c2dda5728d7bd38e2f43f837dd4003
38decc3e8ed16ee63395d27c577d5b6ba7f8830185b4d626bc072fbbd39ad585
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4af780570d49b327d38dc189095448e9
1dd4193a2afeb237c5e475b603b1cbd137f7f97e
f25ef2e65d3c2acbba49b5d36c2fe37f8d404fa3b0ea5cdd6c93ac1685a6129a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:26:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
siblingsgroupgh.com/css/theme-blog.css
208.91.199.18200 OK 1.7 kB URL HTTP/1.1 siblingsgroupgh.com/css/theme-blog.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 4a643be936970e3c79a6b022765bb41a
b3005a2e8528afe705248840ffcf6a6d4fc3bae8
65334c9702fa1b393fba604b7447eb0b69c3e92f6ffd197eaf6f0821ecfe68c8
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /css/theme-blog.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1746
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
siblingsgroupgh.com/css/theme-shop.css
208.91.199.18200 OK 3.4 kB URL HTTP/1.1 siblingsgroupgh.com/css/theme-shop.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 79af47e92fceb9b1b30c4dbdad3f01e6
1db3f28eb81fb6b670b4393a94aba6098193a151
b81aa9f6bbd1ffe0a760b2abb121945403515ad4998100baef337e932fde5de5
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /css/theme-shop.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3448
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb6949e7abaa473393f7c604691de14f
599681bba3947709baa603bbae2dd7afd04059a4
36c5165526ea9d34de14d36655ed494d0cffaa11ca3271ee47824ac11246ba13
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6050
Cache-Control: max-age=116451
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:26:48 GMT
Etag: "637f3429-1d7"
Expires: Sat, 26 Nov 2022 10:47:39 GMT
Last-Modified: Thu, 24 Nov 2022 09:06:49 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b44543de9922ec7d97f2e0be1865553e
caef856450efd75de0cfae9402903b1f4bd6de4c
d251377b4bc11c32a847ce4dc5dfda92e56031617f5b3eeea54fdcd0945b3eb7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:26:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
siblingsgroupgh.com/vendor/rs-plugin/css/settings.css
208.91.199.18200 OK 9.3 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/rs-plugin/css/settings.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (29701), with CRLF line terminators
Hash a268f85273642492ce02ddfe659a51c1
00cf313a6712d5b3c2b072aa2cea63c7b9b15aca
3183cfcac3d066471753d8e353535fd44c63bde145ba63bc05fa6e48d20960e4
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/rs-plugin/css/settings.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9250
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/css
siblingsgroupgh.com/css/theme.css
208.91.199.18200 OK 38 kB URL HTTP/1.1 siblingsgroupgh.com/css/theme.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (540)
Hash c699834f574968e1a7a5fe15509e2646
deb4b57f12bb293ab04471689850288e6c9f4554
315f03466926619d6bbdb17823ef4a4c7bb2af7bf14504dc4d9e238181b9f15e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /css/theme.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:47 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css
siblingsgroupgh.com/vendor/rs-plugin/css/layers.css
208.91.199.18200 OK 20 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/rs-plugin/css/layers.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash af2f14f68ec11a51911ac923b7c4fb7e
b4e0edbcff6c2347bdcc27e2b18fe6af70232e12
a6668117fcf6cdf5efcbfc19de0b24af4205a6592ad699619e2df423bc2b33e3
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/rs-plugin/css/layers.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19462
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
siblingsgroupgh.com/vendor/circle-flip-slideshow/css/component.css
208.91.199.18200 OK 1.1 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/circle-flip-slideshow/css/component.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash d22d70bd992c624f5d9d991811500392
bc084955d88ba5b9ac516aeb643973a838b7ec0d
f268facad8ed218a9504850c67f458523fa886b34d83daa0c14c369e610e9dee
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/circle-flip-slideshow/css/component.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1130
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
siblingsgroupgh.com/css/skins/default.css
208.91.199.18200 OK 19 kB URL HTTP/1.1 siblingsgroupgh.com/css/skins/default.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash af9feed8be6e4ba39dbe155a693af5c8
25e60387b92c1fc5565e318026ecd29271a23e6f
11c507ae6f47fa5f06bc9a6af10b8e92adf3ed0865052739c649f9b98401bc01
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /css/skins/default.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Tue, 25 May 2021 13:18:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19237
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/css
siblingsgroupgh.com/css/custom.css
208.91.199.18200 OK 43 B URL HTTP/1.1 siblingsgroupgh.com/css/custom.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 938a59449ca680f77e10ebd4cdfb8581
4cc3eb604c5814b2d0c40afbfdf0992106f57e3a
ed79538feb2e96922e726e2488ad383244f7a260e89699499e9e60994f3d89d1
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /css/custom.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Content-Length: 43
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
siblingsgroupgh.com/vendor/modernizr/modernizr.min.js
208.91.199.18200 OK 4.4 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/modernizr/modernizr.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (9163), with CRLF line terminators
Hash 153a297c5155187250a213246478cdcb
7744e0f5f621c1ecec0989ddd2d3f05b0061a22a
1c23690126a8b08e0e0793e821e835d075bd0c53267d90433d970154b38db7a8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/modernizr/modernizr.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4428
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/rs-plugin/css/navigation.css
208.91.199.18200 OK 18 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/rs-plugin/css/navigation.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 3f86d595840eff871978276fb42d8f88
d49450b88e09a2b43ad58eb32a2ec6dd3f6fa2e5
daf3ee8a89175e0357df64bfa2af37af1960a6eed0318daa82e6eed9d361b676
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/rs-plugin/css/navigation.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
push.services.mozilla.com/
35.161.136.21101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.136.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NBmq6GCItGoStQ/QnOn8ig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +unf1uVUwAm1zzpF6OPEeDulS2k=
siblingsgroupgh.com/vendor/jquery.appear/jquery.appear.min.js
208.91.199.18200 OK 676 B URL HTTP/1.1 siblingsgroupgh.com/vendor/jquery.appear/jquery.appear.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (1411), with no line terminators
Hash 948aa1e34b703f500d5df9e6dd1e877d
3d4b93e9a4fecd6fe42a8eb4d2c504dcc2fe4e15
ebc3d413afcb3a96a840cc27809922e3b69ac609a0c98689d9f2af7afb601a6c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/jquery.appear/jquery.appear.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:32 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 676
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/jquery.easing/jquery.easing.min.js
208.91.199.18200 OK 823 B URL HTTP/1.1 siblingsgroupgh.com/vendor/jquery.easing/jquery.easing.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (2532), with no line terminators
Hash 4935c57d874061a9bcc88f68154ea696
097470ff0581ae948f8b1b58fcd71c5158018dde
d97a6d59d49ac743c0868a8b39c36055e2ca268be08c3530879183528c866ef1
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/jquery.easing/jquery.easing.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 823
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/jquery.cookie/jquery.cookie.min.js
208.91.199.18200 OK 668 B URL HTTP/1.1 siblingsgroupgh.com/vendor/jquery.cookie/jquery.cookie.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (1228), with no line terminators
Hash 072b11540f462be346ada2c8792ff396
82344cbcd064e9bc3979c9311be4c0943a7b3dcb
9c51a16fa668e389daa89045962adb271dc75cfccc1b0ab34132d5ac2ce46f09
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/jquery.cookie/jquery.cookie.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 668
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/popper/umd/popper.min.js
208.91.199.18200 OK 9.0 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/popper/umd/popper.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (20989)
Hash de65e574e7a270bd31706948bd376389
1e6395ded877e0d72db182f792428bd8390f65d6
01004a9d7b0a0df3cda4bb905ddf018b12266aa57a5b1ce9cf709179a75d692b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/popper/umd/popper.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8964
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/jquery/jquery.min.js
208.91.199.18200 OK 38 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/jquery/jquery.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (65451)
Hash 9dabb9b020190db614209f50f9150229
4fd54d63bdb82e180b4d677529859b812a919bcc
8a77018f18076ab7a158b6cc18bef6f6a5327759ec980ab71d112bb5b00092e4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/jquery/jquery.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
siblingsgroupgh.com/vendor/bootstrap/js/bootstrap.min.js
208.91.199.18200 OK 23 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/bootstrap/js/bootstrap.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (57791)
Hash 8717cb3b96fffc269f1b7c43530b6b84
784ca14bf4d79218797363edf7ee22895bcbd906
4ebc6de1b88da2fdc17bcea772d10a1387a7e1762488483525200a5a389c108b
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
siblingsgroupgh.com/vendor/common/common.min.js
208.91.199.18200 OK 10 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/common/common.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (24296), with no line terminators
Hash 82c6836df374de6928f5b32d67b1bb9a
cbaef7edce5935f1faa0caf5f2d3cccecae21f2e
18cdfd996e651f133a079c4223a8c41879f5c46bfb86b7504b6b2f9185731e7d
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/common/common.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:32 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10094
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/jquery.validation/jquery.validate.min.js
208.91.199.18200 OK 9.7 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/jquery.validation/jquery.validate.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Unicode text, UTF-8 text, with very long lines (24228)
Hash e03ebc482dd50d0f4bf4e43a08d784aa
86f8da6fcb1349bd7089e9e39c2ba7aad7965ee3
f5ebf52ed15ae43791b1d09d1719b38592a9d370add4eb127e45512b25410573
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/jquery.validation/jquery.validate.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9688
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/css/theme-elements.css
208.91.199.18200 OK 66 kB URL HTTP/1.1 siblingsgroupgh.com/css/theme-elements.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 4c4f12c30be167b5c17f69bef40113fc
7dc5b1f7c2f1abbd81ccd31796003e04a56d8c69
e3be4adfcbd1eb2ce21955ff9e19283e45199ae63b9727708a86ff9664eb6f51
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /css/theme-elements.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
siblingsgroupgh.com/vendor/jquery.easy-pie-chart/jquery.easypiechart.min.js
208.91.199.18200 OK 1.7 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/jquery.easy-pie-chart/jquery.easypiechart.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (3765)
Hash ae7aba3aa801837d7d6408e02fb1d6a5
917bc7c3fc5df3bae78fa32e82f7e79118e84f94
bff748b8ebbfbab2558db905bd0b9ca9a88f456d86e1dea4abd017611344a285
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/jquery.easy-pie-chart/jquery.easypiechart.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1738
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/jquery.gmap/jquery.gmap.min.js
208.91.199.18200 OK 1.4 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/jquery.gmap/jquery.gmap.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (3572), with no line terminators
Hash e23441a0e2276e71faf0f375cee6b13d
f3df76ca647248c637b8cd7fba3dc4459ab2570d
79b0088ca44940261d68738e99d3e504199ac1170b3a4b42ce027bdda168a10c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/jquery.gmap/jquery.gmap.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:32 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1392
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/jquery.lazyload/jquery.lazyload.min.js
208.91.199.18200 OK 1.3 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/jquery.lazyload/jquery.lazyload.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (3271), with no line terminators
Hash 06ae781d24a2087b98d096b5ef830d72
c284bffe5f253459f73b2d2e66b32332a2f82fd7
fca3eeb026731c303e575ab576d1790893aa0feecffb48e2f459d58be4b291f3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/jquery.lazyload/jquery.lazyload.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:32 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1278
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/isotope/jquery.isotope.min.js
208.91.199.18200 OK 18 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/isotope/jquery.isotope.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (32019), with CRLF line terminators
Hash 2930b72cd46be738e81304e1d7cc6048
e0d2d366aa4c0c224743bbf51786a59b1979dcab
87493bcaf5f15b43864c61142f41f7c8b2d8d15c57f2e035b9f6ef0cb809d867
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/isotope/jquery.isotope.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
siblingsgroupgh.com/vendor/owl.carousel/owl.carousel.min.js
208.91.199.18200 OK 16 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/owl.carousel/owl.carousel.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (31997)
Hash 8a2ba9702fb3cca3c84924959fff383d
ec7e32b952d84e211870dd0e9f1520582e3b4270
ebcdf76e9e513c320785d95cbfa122a4aaa6143fc8ea69a2ea0dedf0277828b8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/owl.carousel/owl.carousel.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15883
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/magnific-popup/jquery.magnific-popup.min.js
208.91.199.18200 OK 9.2 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/magnific-popup/jquery.magnific-popup.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (20087)
Hash 7a10ae63b238729dc4da7f7bd8986219
654c47168dca0ec7080f6c57e8c4482b57f879d4
b782185399b361358f7c409d6f23f22d45f695dcbb63876c35752c7b1de72db3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/magnific-popup/jquery.magnific-popup.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9204
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/vide/jquery.vide.min.js
208.91.199.18200 OK 2.1 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/vide/jquery.vide.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (4322)
Hash 2bd8bd20ac328161bb3fa7bb18598c92
d668fe364cacfeabf4fa9469c1a376607aefe62e
c79a9dee13f83fccd26d4e4bc3ffecd8bcb7513c7d343f00c43e5b38d4916135
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/vide/jquery.vide.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2053
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/vivus/vivus.min.js
208.91.199.18200 OK 4.7 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/vivus/vivus.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (11871)
Hash 6ddf7a40e6d254843d23961423875113
74155f0fe359cf7154e558d166b9eb919b3462db
674d9775792617a8b26fc42530a6a76d315a80ea77dbfeaa609c08cad42f437f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/vivus/vivus.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4716
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/js/theme.js
208.91.199.18200 OK 38 kB URL HTTP/1.1 siblingsgroupgh.com/js/theme.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (572), with CRLF line terminators
Hash 66a69f16ae2768642351e2cfbd7f1bc8
f393837c05eb957e35e521aeba998a05e2f5d676
0524d73ed1ba17b3dd0118ca2bfbe89308ee79c71866340c62b0c46a49827a47
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /js/theme.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
siblingsgroupgh.com/vendor/rs-plugin/js/jquery.themepunch.tools.min.js
208.91.199.18200 OK 48 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/rs-plugin/js/jquery.themepunch.tools.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (27287), with CRLF line terminators
Hash a8b8d4a742e653438eb798e12665b43b
a080832766e89dfefb068a4633779a8accf98a39
9b0b623a3b416b395040f7680358e699b9c3818841042946137a993cce1a19cf
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/rs-plugin/js/jquery.themepunch.tools.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
siblingsgroupgh.com/vendor/circle-flip-slideshow/js/jquery.flipshow.min.js
208.91.199.18200 OK 2.2 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/circle-flip-slideshow/js/jquery.flipshow.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (5422), with no line terminators
Hash 3b815cce10b603505a72fe8b1c740787
7756142ad46ff8328817a9faf53a394edbabcc74
dd097795bb4406fe3dc1916d5d5465d1f5f5c4ef2bbc4b31f2d03b422375a778
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/circle-flip-slideshow/js/jquery.flipshow.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:32 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2167
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/js/views/view.home.js
208.91.199.18200 OK 645 B URL HTTP/1.1 siblingsgroupgh.com/js/views/view.home.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 7d9475ea11529d7669bb934767f54c67
ee51e0a35b5e29b786a4ee567caab0586bbe8dbc
6b33a151727bc97035ea6a6df0f318fc432a6e1cb7b23880d8a89247aa46c980
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /js/views/view.home.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 645
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/js/custom.js
208.91.199.18200 OK 0 B URL HTTP/1.1 siblingsgroupgh.com/js/custom.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /js/custom.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/js/theme.init.js
208.91.199.18200 OK 1.5 kB URL HTTP/1.1 siblingsgroupgh.com/js/theme.init.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 0a34f00db777c2e7de2ce6df2306d227
a417d835207b993ea029ef1d1a137a272909728c
85608e5067f25ba124473ca170c0851042bb7ff3f61bb0b964d2ee10dc86c3f3
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /js/theme.init.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1476
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: application/javascript
siblingsgroupgh.com/vendor/rs-plugin/js/jquery.themepunch.revolution.min.js
208.91.199.18200 OK 90 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/rs-plugin/js/jquery.themepunch.revolution.min.js
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (64660), with CRLF line terminators
Hash cafa0e32487c83da2f4bcaec1135b89f
9fc2f2da514ad0a8fc1a04a957c99d9560abc941
90192f99ceb26da4346468b81206be5b7c4105260808f7716ef944bbe6ecafc8
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/rs-plugin/js/jquery.themepunch.revolution.min.js HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:48 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:28 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
siblingsgroupgh.com/vendor/owl.carousel/assets/owl.theme.default.min.css
208.91.199.18200 OK 478 B URL HTTP/1.1 siblingsgroupgh.com/vendor/owl.carousel/assets/owl.theme.default.min.css
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (846)
Hash eb4a76f05bf1762bd61703377005623b
ce3c8fc73412f3a7300f1b53fa5ad05266e411c8
25d46807ab012b04c8e5f7b54d00656f49077ca5297f357dc9eb4b6dd6c174a9
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/owl.carousel/assets/owl.theme.default.min.css HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 16:16:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 478
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:26:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://siblingsgroupgh.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 74638
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/shadowsintolight/v15/UqyNK9UOIntux_czAvDQx_ZcHqZXBNQzdcD5.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/shadowsintolight/v15/UqyNK9UOIntux_czAvDQx_ZcHqZXBNQzdcD5.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 16296, version 1.0\012- data
Hash ab4a2c11e0a08a8b4fa7846c2adcc173
86304ab63791be3a22e5eb673245bca6351774a2
2498c027559c4ae9a920e18e30031193148983e7ea195416d62c5d0ea2eaa3ac
GET /s/shadowsintolight/v15/UqyNK9UOIntux_czAvDQx_ZcHqZXBNQzdcD5.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://siblingsgroupgh.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16296
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:50:47 GMT
expires: Thu, 23 Nov 2023 19:50:47 GMT
cache-control: public, max-age=31536000
age: 110162
last-modified: Wed, 27 Apr 2022 15:55:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash aee1eaa2ef2d0edbb0bc5703979e6439
8baa6d1cdd85ce2c5b6e30bd7a60096eeafce4db
095cc1e6ce8241ba22f88cb66d752587909fea3dc66936a72c369ef74b3134f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:26:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
siblingsgroupgh.com/img/root/siblings_construction.jpg
208.91.199.18200 OK 112 kB URL HTTP/1.1 siblingsgroupgh.com/img/root/siblings_construction.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1033, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=486], progressive, precision 8, 653x650, components 3\012- data
Size 112 kB (112498 bytes)
Hash ed0d45bf286cfcc9baa4423aeba18ac0
e835e6862cd3644d2a9074e4718ff2e48b97acc9
8f67b68d95eda3feb17e61a4c252b9710b25e16f603c5798ef40678ea8fee721
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/root/siblings_construction.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Thu, 06 May 2021 16:06:42 GMT
Accept-Ranges: bytes
Content-Length: 112498
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/siblings_impex/siblings_impex_slide01.jpg
208.91.199.18200 OK 240 kB URL HTTP/1.1 siblingsgroupgh.com/siblings_impex/siblings_impex_slide01.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2021:04:27 16:55:32], progressive, precision 8, 1170x780, components 3\012- data
Size 240 kB (240185 bytes)
Hash 58ccbe4a9455dae275b5852eab6deaeb
a0571146b977e828b4c660cabcb573ab5f7c5a6b
fc8aacf1f1280cffed9e21869dec9e1d24bd2b8951c1b4f73934fd3b5bd2dd74
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /siblings_impex/siblings_impex_slide01.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Tue, 27 Apr 2021 16:55:36 GMT
Accept-Ranges: bytes
Content-Length: 240185
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/siblings_impex/siblings_impex_slide02.jpg
208.91.199.18200 OK 228 kB URL HTTP/1.1 siblingsgroupgh.com/siblings_impex/siblings_impex_slide02.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2021:05:07 08:12:24], progressive, precision 8, 1170x780, components 3\012- data
Size 228 kB (228444 bytes)
Hash e7383b79ff5ccbba38cbfd7ffbc92660
68053b28ee97aa4c6f426b7d0c5f7888209b7cfe
997581504f490c5362c63eb719e113bf9adc8e438f188a772383ce3652930f7f
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /siblings_impex/siblings_impex_slide02.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Fri, 07 May 2021 08:12:32 GMT
Accept-Ranges: bytes
Content-Length: 228444
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/jpeg
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5965
Expires: Fri, 25 Nov 2022 04:06:14 GMT
Date: Fri, 25 Nov 2022 02:26:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5965
Expires: Fri, 25 Nov 2022 04:06:14 GMT
Date: Fri, 25 Nov 2022 02:26:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5965
Expires: Fri, 25 Nov 2022 04:06:14 GMT
Date: Fri, 25 Nov 2022 02:26:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5965
Expires: Fri, 25 Nov 2022 04:06:14 GMT
Date: Fri, 25 Nov 2022 02:26:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4006a9037ab5f28dca62b0aa7a704c41
74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ESacQ13nZwlbUKiNnwl6AxqC9ar8cxPctKLMFWS86aB3ZGsbxG0ZOA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 04:22:08 GMT
age: 79481
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5863138af1ddbba34a7856242a7b3a06
2eba66ff6539388c48562503e8d11ff0e060350a
d1543e1b803a07095148b743925eebbbf21f566a2df9b785a1a9d48c5604496c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F981a8e9a-f018-45b6-af7e-199dc4c02c27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8917
x-amzn-requestid: 10f3b269-9437-476d-ae4f-a0ac3fb78491
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8wEIwoAMF8uA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-4cfeecf4553b26381ed11875;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:00 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lr9z8FWWpMGtxtvcYzeT-ewuydSzpma8I06pszLDQIICotFkB_SZlA==
via: 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 21:55:30 GMT
age: 16279
etag: "2eba66ff6539388c48562503e8d11ff0e060350a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2302d358-ba65-4bf0-9d74-b5fb532a1d52.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2302d358-ba65-4bf0-9d74-b5fb532a1d52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1adbf0cd373a4c06caa71eac14e1286c
236199a790f16dcf96dba80b9945836b37e3c2eb
767fd66cf0751dd80b2453588f9363fac7d9637da3dc9098d25fb65699ca8c5e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2302d358-ba65-4bf0-9d74-b5fb532a1d52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6590
x-amzn-requestid: 5d8b02c4-673a-4c77-8f24-498d9b8a28ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB8zGeAIAMF4HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe384-661ce3991caf87e8558158c3;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4iFMdgZvXpHdbGKY-3exNXsKVn2FuWGQg70mCqzGLSHk_bSTiXSCxA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:01:38 GMT
age: 15911
etag: "236199a790f16dcf96dba80b9945836b37e3c2eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6673267df195141739d1018c17101368
b80047da428636adb7027f12718c8d11bd461da4
de30af07eed7326a1326c831e04727649a112c20d0c485a7e973edd96f91bfaa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20a12e2c-1403-4b39-9da1-b2be17a6bbd1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11954
x-amzn-requestid: 0c912d90-72b5-4060-ae22-c2ecbe16b57a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8J-nEFEoAMF2eA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b2390-503ead086c8021af6eaeaa85;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:06:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JZAeoFNsUy2usSV7O41YGIfVow9gaIMXuKnfcaundLduQ5UX2eTKOQ==
via: 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 17:17:27 GMT
age: 32962
etag: "b80047da428636adb7027f12718c8d11bd461da4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 05:04:28 GMT
age: 76941
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ad933c0-8cbe-40eb-920c-38b8ae531c9f.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ad933c0-8cbe-40eb-920c-38b8ae531c9f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d43ec6824d4fdc4d31b8c245bf8c5849
81f85633fca39972d8e0bf9a4ec7cd999e54564f
b0e521b23879af86102f46a9ec412faf6345df31a97a7b58880f63f81fdcd0c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ad933c0-8cbe-40eb-920c-38b8ae531c9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7900
x-amzn-requestid: a9d184b1-3b4a-4ca6-9ad2-ce3aac10f422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB91H2IIAMFjGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38b-5732361f36c023c22c922ee9;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cRreyOCHys8rW4UWA3JSMhtOiiltT6ULxxgi9aLM7sw07UruCXgPkQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 24 Nov 2022 22:13:14 GMT
age: 15215
etag: "81f85633fca39972d8e0bf9a4ec7cd999e54564f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
siblingsgroupgh.com/siblings_impex/siblings_construction_slide01.jpg
208.91.199.18200 OK 356 kB URL HTTP/1.1 siblingsgroupgh.com/siblings_impex/siblings_construction_slide01.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2021:05:07 08:02:23], progressive, precision 8, 1170x780, components 3\012- data
Size 356 kB (356213 bytes)
Hash 7b13611ced4e49791cc31cc8b86b5ab1
9a5893d89d8560f28ea38e91541d2ba1c585bd91
c723ff23da34701bb5718d1304c3a4e0fdff914022c149b010cb33d7afe36553
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /siblings_impex/siblings_construction_slide01.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Fri, 07 May 2021 08:02:28 GMT
Accept-Ranges: bytes
Content-Length: 356213
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/vendor/fontawesome-free/webfonts/fa-solid-900.woff2
208.91.199.18200 OK 74 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/fontawesome-free/webfonts/fa-solid-900.woff2
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format (Version 2), TrueType, length 74256, version 329.-17761\012- data
Hash 418dad87601f9c8abd0e5798c0dc1feb
a6b003ef506e92d05cde73adf67487d7fd7ec6df
f18c486a80175cf02fee0e05c2b4acd86c04cdbaecec61c1ef91f920509b5efe
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://siblingsgroupgh.com/vendor/fontawesome-free/css/all.min.css
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 15:54:56 GMT
Accept-Ranges: bytes
Content-Length: 74256
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: font/woff2
siblingsgroupgh.com/vendor/fontawesome-free/webfonts/fa-regular-400.woff2
208.91.199.18200 OK 14 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/fontawesome-free/webfonts/fa-regular-400.woff2
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format (Version 2), TrueType, length 13552, version 329.-17761\012- data
Hash e6257a726a0cf6ec8c6fec22821c055f
8583a4f0dd12e15a48b3395593307a84d971cc33
ccf4db1eeb68c96e05e74f8ebfa75cc60c3a0fed862dae6b0ad85d4e1b5b4e4f
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/fontawesome-free/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://siblingsgroupgh.com/vendor/fontawesome-free/css/all.min.css
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 15:54:56 GMT
Accept-Ranges: bytes
Content-Length: 13552
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: font/woff2
siblingsgroupgh.com/vendor/fontawesome-free/webfonts/fa-brands-400.woff2
208.91.199.18200 OK 75 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/fontawesome-free/webfonts/fa-brands-400.woff2
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format (Version 2), TrueType, length 74768, version 329.-17761\012- data
Hash 5e2f92123d241cabecf0b289b9b08d4a
7f6c682ade204e641aed8f471064c56b6eddc263
dc64d7192f84497cacad5c10aef682562c24aa6124270f85fe247e223607f3ed
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/fontawesome-free/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://siblingsgroupgh.com/vendor/fontawesome-free/css/all.min.css
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Wed, 10 Apr 2019 15:54:56 GMT
Accept-Ranges: bytes
Content-Length: 74768
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: font/woff2
siblingsgroupgh.com/siblings_impex/siblings_construction_slide02.jpg
208.91.199.18200 OK 268 kB URL HTTP/1.1 siblingsgroupgh.com/siblings_impex/siblings_construction_slide02.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2021:05:07 08:18:33], progressive, precision 8, 1170x780, components 3\012- data
Size 268 kB (267506 bytes)
Hash 27eef9e196a05b75beccf71fa4c7efb0
8cc660a75a66479aac30fb4c64fe7bbb1e6d2317
80cae8453db9017402e44a75c48eb17ce3cdccb86d5e6f185ff763ec42afb97a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /siblings_impex/siblings_construction_slide02.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Fri, 07 May 2021 08:18:36 GMT
Accept-Ranges: bytes
Content-Length: 267506
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/vendor/rs-plugin/fonts/revicons/revicons.woff?5510888
208.91.199.18200 OK 7.5 kB URL HTTP/1.1 siblingsgroupgh.com/vendor/rs-plugin/fonts/revicons/revicons.woff?5510888
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format, TrueType, length 7536, version 1.0\012- data
Hash 04eb8fc57f27498e5ae37523e3bfb2c7
d942ae11706c3f7e511e3c49b0e4574d7ad199c4
f7b9c3065e55fa3b9e320093612e7b30dcb14355a44ec461247b495a3e729686
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /vendor/rs-plugin/fonts/revicons/revicons.woff?5510888 HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://siblingsgroupgh.com/vendor/rs-plugin/css/settings.css
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Sun, 27 Sep 2015 22:48:46 GMT
Accept-Ranges: bytes
Content-Length: 7536
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: font/woff
siblingsgroupgh.com/img/logo.png
208.91.199.18200 OK 13 kB URL HTTP/1.1 siblingsgroupgh.com/img/logo.png
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 350 x 108, 8-bit/color RGBA, non-interlaced\012- data
Hash 42e8105766c9dfa511cdd98a5c8da341
ac8f304c7e89ee333e8428c1a7c40443cea6028b
750c79c5b41ed0dbc61a95b368072eeaaec68b163753ef718d4cdf1858819b03
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/logo.png HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Fri, 07 May 2021 16:06:46 GMT
Accept-Ranges: bytes
Content-Length: 13385
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/png
siblingsgroupgh.com/img/slides/siblings_slider04.jpg
208.91.199.18200 OK 205 kB URL HTTP/1.1 siblingsgroupgh.com/img/slides/siblings_slider04.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=670, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1459], progressive, precision 8, 1459x670, components 3\012- data
Size 205 kB (205105 bytes)
Hash e6d24185a2ecff984911d46a7e4f0ccd
4e2f348967c30887457097c5df6ee5c10b499ea0
72500ecfe2dd8eda4f9532abd9b9f145a687c13ad516d76d9cd2d657a6817193
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/slides/siblings_slider04.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Tue, 25 May 2021 14:02:58 GMT
Accept-Ranges: bytes
Content-Length: 205105
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/img/slides/siblings_slider02.jpg
208.91.199.18200 OK 198 kB URL HTTP/1.1 siblingsgroupgh.com/img/slides/siblings_slider02.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=670, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1459], progressive, precision 8, 1459x670, components 3\012- data
Size 198 kB (198189 bytes)
Hash b9be902d0d97fea0c235a9d805294016
c0580586743ab65eadc5c5aad7e3ae211eded6c9
fdeb61cd53e357e145390a3dd1820dfca4c63a72907ba6af40b6b395252b701e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/slides/siblings_slider02.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Tue, 25 May 2021 13:55:38 GMT
Accept-Ranges: bytes
Content-Length: 198189
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/img/slides/siblings_slider03.jpg
208.91.199.18200 OK 245 kB URL HTTP/1.1 siblingsgroupgh.com/img/slides/siblings_slider03.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=670, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1459], progressive, precision 8, 1459x670, components 3\012- data
Size 245 kB (245031 bytes)
Hash 8886c986f843bc13569583b8cedb8c89
35837ac82b85bd0beb94b679c89b42eb1ba3784c
5bf67f90a09eec96044e1a157ed34155af87f5722f9ed9a57b1331e2b7382e07
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/slides/siblings_slider03.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:50 GMT
Server: Apache
Last-Modified: Tue, 25 May 2021 16:40:54 GMT
Accept-Ranges: bytes
Content-Length: 245031
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/img/services/services21.jpg
208.91.199.18200 OK 138 kB URL HTTP/1.1 siblingsgroupgh.com/img/services/services21.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=700, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=700], progressive, precision 8, 700x700, components 3\012- data
Size 138 kB (138112 bytes)
Hash 5c1cea72d33a4dd4ec3accfb8e5e7608
15112c3e162a00ef0622f679cf7402b06c3c0f6a
37283e99f573659aba086445dcf3d19e2a69e7f0917ca612a40f5b9fd6398d8d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/services/services21.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:50 GMT
Server: Apache
Last-Modified: Fri, 07 May 2021 15:51:44 GMT
Accept-Ranges: bytes
Content-Length: 138112
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/img/services/services19.jpg
208.91.199.18200 OK 73 kB URL HTTP/1.1 siblingsgroupgh.com/img/services/services19.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=700, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=700], progressive, precision 8, 700x700, components 3\012- data
Hash 655a06321ffb41412f66fc12d2371b6e
af6bcbdaa514e18531f939c1a8ff0e323fc93229
64a6e575dbe560b8d6663ab7eb670c760a8736db4e74eec362ef21a1afa37518
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/services/services19.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:50 GMT
Server: Apache
Last-Modified: Fri, 07 May 2021 15:50:20 GMT
Accept-Ranges: bytes
Content-Length: 73306
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/img/services/services22.jpg
208.91.199.18200 OK 101 kB URL HTTP/1.1 siblingsgroupgh.com/img/services/services22.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=700, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=700], progressive, precision 8, 700x700, components 3\012- data
Size 101 kB (100925 bytes)
Hash cfc2dc955e88d7955fd4cc0040f89863
c8916b89c0c8b0344502ecf51b162d16209b2163
cf32dbf9f1775486d981c770b1e2bad63197254dac35317c6770089c1ed8806b
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/services/services22.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:50 GMT
Server: Apache
Last-Modified: Fri, 07 May 2021 15:52:12 GMT
Accept-Ranges: bytes
Content-Length: 100925
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/img/root/siblings_impex.jpg
208.91.199.18200 OK 76 kB URL HTTP/1.1 siblingsgroupgh.com/img/root/siblings_impex.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 653x650, components 3\012- data
Hash 22d87ab0d8f0bc9fd16d87cc1e1827f0
e2d9907b4f2a5bdc0ae74728083c73e8b9953713
79b574f88023bab8dbfcbd64ad6b47a1ac9a63ec856093997397f20308be430d
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/root/siblings_impex.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:50 GMT
Server: Apache
Last-Modified: Thu, 06 May 2021 15:59:08 GMT
Accept-Ranges: bytes
Content-Length: 76143
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/jpeg
siblingsgroupgh.com/img/root/siblings_farms.jpg
208.91.199.18200 OK 134 kB URL HTTP/1.1 siblingsgroupgh.com/img/root/siblings_farms.jpg
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1033, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=486], progressive, precision 8, 653x650, components 3\012- data
Size 134 kB (134433 bytes)
Hash 792609006c0b7ea91ad0f91781742d28
4362cbc4e863f67e6285ffaf050cdd328c2e05ca
4a4ed1c47eaa561fb4b6568fd7777b269d694bc37218d00f912a06b754f6d821
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/root/siblings_farms.jpg HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:49 GMT
Server: Apache
Last-Modified: Thu, 06 May 2021 16:25:06 GMT
Accept-Ranges: bytes
Content-Length: 134433
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 670dda5fda45a89db08867e9109f65b7
2a64bc381f8e795fe7a46a98c3e8add2f1ade404
7c2085a52a32eab3f4ab73c4ab3718cf1e7d67502e83001ce45d2857b37a0755
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3870
Cache-Control: max-age=99851
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:26:50 GMT
Etag: "637efbd7-1d7"
Expires: Sat, 26 Nov 2022 06:11:01 GMT
Last-Modified: Thu, 24 Nov 2022 05:06:31 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js
157.240.200.14200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1957)
Hash c3fca662711e7a24c63a6761a2f9d687
852bd222535ffa53fafb350403c6628aeca77653
03b32a7afa07d237402493c5b53a707794da6dc629341074bf8596dc081d37e5
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://siblingsgroupgh.com
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 9b718c65422042cc082af4f9f1fc7612
etag: "f8374750f9b258c56f5352252f6df33e"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 25 Nov 2022 02:39:43 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: w/ymYnEeeiTGOmdhovnWhw==
x-fb-debug: oXprJ/7Cje8GJmUO4GJmNjfi1TSnYPvano/cszmmB63LAk4+B5eohv7ul+qXcqGO0bm7r0VCvegM7hO9D29yUQ==
content-length: 1687
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 670dda5fda45a89db08867e9109f65b7
2a64bc381f8e795fe7a46a98c3e8add2f1ade404
7c2085a52a32eab3f4ab73c4ab3718cf1e7d67502e83001ce45d2857b37a0755
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3870
Cache-Control: max-age=99851
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 02:26:50 GMT
Etag: "637efbd7-1d7"
Expires: Sat, 26 Nov 2022 06:11:01 GMT
Last-Modified: Thu, 24 Nov 2022 05:06:31 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
siblingsgroupgh.com/img/apple-touch-icon.png
208.91.199.18200 OK 6.3 kB URL HTTP/1.1 siblingsgroupgh.com/img/apple-touch-icon.png
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 36476d3f4666f8844f2f846de18b1c60
e3a6e70b6003fcc8a384ed853cb1edb61bc9c490
3065b76bc6f4b040222bd48487f5a26ce6e88e0dbc502a7fa0f14d7b94eecabc
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/apple-touch-icon.png HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:50 GMT
Server: Apache
Last-Modified: Mon, 05 Mar 2018 17:09:42 GMT
Accept-Ranges: bytes
Content-Length: 6268
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/png
siblingsgroupgh.com/img/favicon.ico
208.91.199.18200 OK 1.2 kB URL HTTP/1.1 siblingsgroupgh.com/img/favicon.ico
IP 208.91.199.18:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash bc6405f2688f939f65b137d40d044992
0358cb9de4de200194cdf8df6d0e8b06c1197673
c4c295f2bc7036baeaf5fd248c48a6ea9653548b1a5fa382f89b253165564aec
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /img/favicon.ico HTTP/1.1
Host: siblingsgroupgh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 02:26:50 GMT
Server: Apache
Last-Modified: Mon, 05 Mar 2018 17:09:44 GMT
Accept-Ranges: bytes
Content-Length: 1150
Cache-Control: max-age=604800
Expires: Fri, 02 Dec 2022 02:26:50 GMT
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: image/x-icon
connect.facebook.net/en_US/sdk.js?hash=480906d0ec5e5eae1b9949d32b971491
157.240.200.14200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=480906d0ec5e5eae1b9949d32b971491
IP 157.240.200.14:0
File type ASCII text, with very long lines (18530)
Hash 6df9f20b79ccad7c1b4839b55eb2c9fd
ddd15d18358edaa3440fff554977a9c796d109ec
324a60b8c50d8cfc959bb009bb6fbef715946355dfbc7db4eab173661120dc2d
GET /en_US/sdk.js?hash=480906d0ec5e5eae1b9949d32b971491 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://siblingsgroupgh.com
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 7a735d65570df24f95ed83c4408e76a3
etag: "924b967a613c0331f9e2aa66fa43eab9"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 25 Nov 2023 01:42:52 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: bfnyC3nMrXwbSDm1XrLJ/Q==
x-fb-debug: ZKZLuzWlaJ/P81JMkDj4r0KmnswDSD+dyAYWf/Zo3iaezl7BlIvC2Uxkii0PqUYFojfQGjce+MwriPnX96Baaw==
priority: u=3,i
content-length: 88359
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yp/l/0,cross/oJI2v4nsT1A.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 5.1 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yp/l/0,cross/oJI2v4nsT1A.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (4431)
Hash 1edd6626ecc1fe1c708fe86319f5bc22
dd58cc72446f8658aac8f9c46075874d5df96b6a
afb2ce31a60811eac42759964232e5b0f6d23463b318c21677bff49f1ef71b9c
GET /rsrc.php/v3/yp/l/0,cross/oJI2v4nsT1A.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 24 Nov 2023 18:45:23 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: Ht1mJuzB/hxwj+hjGfW8Ig==
x-fb-debug: Ne8hjCb1Wi8nV30MsIucv1btJPTzvPzf0BPF4YklJfmkDr6VcEK7+MJSceq5ShE19wiwjTayjaDbWg2TZp11QA==
priority: u=2
content-length: 5146
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 830 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (724)
Hash d63a02ce87c07ffcfa869fef7fc5f233
cae745fef84088abe3525bb77f75c55cd1d4cc2c
bf9d4d71541a0a1f31b10be351add847ee935da6de355756314c8ca96512444d
GET /rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 18 Nov 2023 18:24:38 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 1joCzofAf/z6hp/vf8XyMw==
x-fb-debug: Kj7wDR4ZUhOCqpydHIir3jrZeY0lgM+7J9w/C7ydajKnbRQOLDivzqfww/dDUDhdoi+4Uz0SpoApq3vwuwWS0A==
content-length: 830
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y8/r/qc0dVyw0ZD0.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 91 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y8/r/qc0dVyw0ZD0.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (18622)
Hash 151e87d38f4f425e44d9c851c9aecf05
762111e5095f5354be95b98ad476f6e7161ce6b1
f236f289f38c8081b496e0537ed3b2c66822e7a743f5d9d4959f955c64b0b2b0
GET /rsrc.php/v3/y8/r/qc0dVyw0ZD0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 17 Nov 2023 16:54:49 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: FR6H049PQl5E2chRya7PBQ==
x-fb-debug: XKYCuFqqNH0kZrgnBK9d939R6pWs+fcIzk26id8p6lRkOvr6n2vQtYYz0yMcJoZ8xMvN0Ztyy0Cqwk+0Rwgf4Q==
content-length: 91088
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 1.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (1984)
Hash 16f083b23b565db9d2f20d1ad75933c1
6d74ad139c96b1e3fc9d541419788b5b4893ec9a
36b909cd9132a8996a1bbb221d05217c31506a6951bb408deeea6aa612dc4200
GET /rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 13 Nov 2023 03:51:31 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: FvCDsjtWXbnS8g0a11kzwQ==
x-fb-debug: vAu7uTEAu+gEN/sz1Jw17P+4oTMJN4Fhm0DWj+8piwOg3ib859sbfun8Mh2jVMKN5MsRzUy9LfbQ8WwSM/7rNg==
content-length: 1657
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/v10.0/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df9b8f5c0b03ce%26domain%3Dsiblingsgroupgh.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fsiblingsgroupgh.com%252Ff13068afb4f7a44%26relation%3Dparent.parent&container_width=445&height=250&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fsiblingsgroupgh&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=timeline&width=
157.240.200.35200 OK 28 kB URL HTTP/2 www.facebook.com/v10.0/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df9b8f5c0b03ce%26domain%3Dsiblingsgroupgh.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fsiblingsgroupgh.com%252Ff13068afb4f7a44%26relation%3Dparent.parent&container_width=445&height=250&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fsiblingsgroupgh&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=timeline&width=
IP 157.240.200.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (20456)
Hash 3708b51b0ab14078c95f33ddf6814ced
8cdc17770ef46cdc1292f293183908c58423b03a
dec4490c5f5c6b3c494e1028777c1a5191864bac091181c4cecc9be99e40bed5
GET /v10.0/plugins/page.php?adapt_container_width=true&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df9b8f5c0b03ce%26domain%3Dsiblingsgroupgh.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fsiblingsgroupgh.com%252Ff13068afb4f7a44%26relation%3Dparent.parent&container_width=445&height=250&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2Fsiblingsgroupgh&locale=en_US&sdk=joey&show_facepile=true&small_header=false&tabs=timeline&width= HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
facebook-api-version: v10.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 4u3yheVUyzEqQvSlA6yz9KGgh4p4HTafkCkcu35KGUGcM3maxw9Z6oUmAtmi0off+Z1y5aMrkCusMvw/ugHlRA==
date: Fri, 25 Nov 2022 02:26:50 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y-/r/y841rZ2iNa0.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 8.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y-/r/y841rZ2iNa0.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (9885)
Hash 71e8e93b5e55f2010013b0814f4e3ae5
4732ba3acc539a0e9ff12d08c1b5a16f535bd594
b710ea52f812ac39c5195f0c170142bfcfcc274aa6b250a29a1ed1c59ea58556
GET /rsrc.php/v3/y-/r/y841rZ2iNa0.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 12 Nov 2023 16:49:53 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: cejpO15V8gEAE7CBT0465Q==
x-fb-debug: K+vakdudtTdQF+msD/lkaUE6a2YRi6isCJuPTc0LNd9e9IlBt8LCzbYYbinXlIPe0wHMqStwCkhFMju4cwxNKQ==
content-length: 8748
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 293 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (327)
Hash 2f913d812811ef7e6fca30334c5972e2
d17caaa167443dc08696c672380f237e0db3fb02
ee8918a2f5d163099104b70f79065abc8fd309e69add57170546f2706956eef8
GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 17 Nov 2023 01:49:32 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: L5E9gSgR735vyjAzTFly4g==
x-fb-debug: TDBlQUD7qOxpmlB7A1B5M2c+qL1nI4bJGsbuk2auA/UsJ8YywQom5NNcXxZiLzUUpfXW2bJqqkvuhP2x/q3yEA==
content-length: 293
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yt/l/en_US/JGSM2yXjSKh.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 24 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yt/l/en_US/JGSM2yXjSKh.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (42048)
Hash 3051900d03a657ddbbc9afa8ac11cdbd
557f26734897e137a6678f6d2a81672fc6a34ad2
038035ce01be57324c7e251c8834229b4910f27e3a042912fd7276947e5750df
GET /rsrc.php/v3iEpO4/yt/l/en_US/JGSM2yXjSKh.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 13 Nov 2023 04:32:28 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: MFGQDQOmV927ya+orBHNvQ==
x-fb-debug: w4l7Sx6wSVLShR32MW0rbYvh+683ddVo7u/iVf8RGsviLXpNpLjwVhqXatYzA5HeC3Hzmkay5fXaHGjjK2PKog==
priority: u=3,i
content-length: 23455
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yW/r/0aTHA2C1d6g.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 7.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yW/r/0aTHA2C1d6g.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (4057)
Hash 571700b5a1e8db88d5d79007a910b962
07102cc5f2b19f190830664e1ec6718efb33c011
ecccefedaf39e094079b22880aba987993015fbf1b70fd3c63bc57dc10685f11
GET /rsrc.php/v3/yW/r/0aTHA2C1d6g.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 14 Nov 2023 06:04:49 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: VxcAtaHo24jV15AHqRC5Yg==
x-fb-debug: NT+M5oXO8pwkIMnEqGwapf+WVRORcDdI9fHky/3paBQ/wwz6CTFWuVr8ViFofTrTwDWDAUG1I14mocRnBu+xzA==
content-length: 7238
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (27906)
Hash 581c8e7db81902c4b1a7e68b3fb769b9
f02a6eb814ad6ff5c90c5662d37ba1132a2043b3
f85eb2c44db44ac266555d963a998a030cdc4708312aa32f30594aedf7fd6cec
GET /rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 13 Nov 2023 01:47:53 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 37KShYF/ynsGi6DsmKojkg==
x-fb-debug: AUN8vHKt6ATPAICOUXoIh7FvESG6JOnxdP9Ze8OT/i6Vodl3kZmNp6riDWrD5hx1281VhiOddsl8y8qgFMyjFQ==
priority: u=3,i
content-length: 16262
x-fb-trip-id: 1679558926
date: Fri, 25 Nov 2022 02:26:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-arn2-1.xx.fbcdn.net/v/t39.30808-1/302132809_483468653788643_5927304588169171430_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=fcPAvesAT_QAX9Q12H9&_nc_ht=scontent-arn2-1.xx&oh=00_AfCCnsbAtDgA91M1SbB7rxciyNj6rCOl5sl3nrUxCcJBMQ&oe=6385ED2C
31.13.72.12200 OK 1.6 kB URL HTTP/2 scontent-arn2-1.xx.fbcdn.net/v/t39.30808-1/302132809_483468653788643_5927304588169171430_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=fcPAvesAT_QAX9Q12H9&_nc_ht=scontent-arn2-1.xx&oh=00_AfCCnsbAtDgA91M1SbB7rxciyNj6rCOl5sl3nrUxCcJBMQ&oe=6385ED2C
IP 31.13.72.12:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, components 3\012- data
Hash a2ff239c8b2c4b2cb92c53a06cd4449e
8e818a191689429872b089c4d8dc039a9c2a5a7b
64aded076d04c4f1bda8412316acdb67660ae41dd94f59b9fd218ecca3eed99e
GET /v/t39.30808-1/302132809_483468653788643_5927304588169171430_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=103&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=fcPAvesAT_QAX9Q12H9&_nc_ht=scontent-arn2-1.xx&oh=00_AfCCnsbAtDgA91M1SbB7rxciyNj6rCOl5sl3nrUxCcJBMQ&oe=6385ED2C HTTP/1.1
Host: scontent-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Wed, 07 Sep 2022 03:08:08 GMT
x-haystack-needlechecksum: 771878487
x-needle-checksum: 3274840686
content-type: image/jpeg
content-digest: adler32=417534260
content-length: 1553
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1904183273
date: Fri, 25 Nov 2022 02:26:53 GMT
x-fb-edge-debug: LdJj4bDqkGm2NM4tynDMJeMEF2pAtO3n8gjnukVyQEpWusIw-oqaQyyupF3r2KmJpjxYngIWlYiYhorVGtA3rYtNsfHFDprOgSFCgWoHXHI
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-arn2-2.xx.fbcdn.net/v/t39.30808-6/263263858_1620478151636394_4892058534656400700_n.jpg?stp=dst-jpg_p173x172&_nc_cat=100&ccb=1-7&_nc_sid=110474&_nc_ohc=UxPV_zTWYUcAX-BTPb1&_nc_ht=scontent-arn2-2.xx&oh=00_AfCcDO46lAGf-P9OVAQN20ep5dMAUkw7hKh17Xt63XKtrg&oe=63855A22
157.240.194.27200 OK 12 kB URL HTTP/2 scontent-arn2-2.xx.fbcdn.net/v/t39.30808-6/263263858_1620478151636394_4892058534656400700_n.jpg?stp=dst-jpg_p173x172&_nc_cat=100&ccb=1-7&_nc_sid=110474&_nc_ohc=UxPV_zTWYUcAX-BTPb1&_nc_ht=scontent-arn2-2.xx&oh=00_AfCcDO46lAGf-P9OVAQN20ep5dMAUkw7hKh17Xt63XKtrg&oe=63855A22
IP 157.240.194.27:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 329x172, components 3\012- data
Hash 49a378746d9467947fa58222910acfae
7751f3f436846e6878dd9194b4f1408f1e59037f
d98418875d049f6f9f1e754b92c5d1c6e18cc8488fac950f23b2ca74fff244da
GET /v/t39.30808-6/263263858_1620478151636394_4892058534656400700_n.jpg?stp=dst-jpg_p173x172&_nc_cat=100&ccb=1-7&_nc_sid=110474&_nc_ohc=UxPV_zTWYUcAX-BTPb1&_nc_ht=scontent-arn2-2.xx&oh=00_AfCcDO46lAGf-P9OVAQN20ep5dMAUkw7hKh17Xt63XKtrg&oe=63855A22 HTTP/1.1
Host: scontent-arn2-2.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Fri, 03 Dec 2021 09:56:21 GMT
x-haystack-needlechecksum: 2729445230
x-needle-checksum: 2223382376
content-type: image/jpeg
content-length: 11895
content-digest: adler32=3384373011
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1904183273
date: Fri, 25 Nov 2022 02:26:53 GMT
x-fb-edge-debug: -wR2fDyNVYPnoL4W8hfzBDfkuF8bTIY8j-DJBnAYEymBEu0lklVUDfnFjQouozf_bs-XmphjdlcjKxdeA9Ht-5tO8aZ750GlbHaxiGKN6CI
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-arn2-1.xx.fbcdn.net/v/t39.30808-6/257857715_1607614629589413_6163010759013439919_n.jpg?stp=dst-jpg_s370x247&_nc_cat=107&ccb=1-7&_nc_sid=110474&_nc_ohc=ZWwJ0EtpazEAX_muAj9&_nc_ht=scontent-arn2-1.xx&oh=00_AfARAcJ5fL8Gx1D6ns8hPI451k4QscysiOsnKOKfzynUtw&oe=63856A40
31.13.72.12200 OK 13 kB URL HTTP/2 scontent-arn2-1.xx.fbcdn.net/v/t39.30808-6/257857715_1607614629589413_6163010759013439919_n.jpg?stp=dst-jpg_s370x247&_nc_cat=107&ccb=1-7&_nc_sid=110474&_nc_ohc=ZWwJ0EtpazEAX_muAj9&_nc_ht=scontent-arn2-1.xx&oh=00_AfARAcJ5fL8Gx1D6ns8hPI451k4QscysiOsnKOKfzynUtw&oe=63856A40
IP 31.13.72.12:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 329x247, components 3\012- data
Hash 364ebfb3dcd68d0c6b051f7901ef40c4
ddb05bc7ae8faf34d12ddf905b70be82c3e5e839
ac821dc6113d5954bbd2a546c059065863a51694e522311664d81ea6a7568615
GET /v/t39.30808-6/257857715_1607614629589413_6163010759013439919_n.jpg?stp=dst-jpg_s370x247&_nc_cat=107&ccb=1-7&_nc_sid=110474&_nc_ohc=ZWwJ0EtpazEAX_muAj9&_nc_ht=scontent-arn2-1.xx&oh=00_AfARAcJ5fL8Gx1D6ns8hPI451k4QscysiOsnKOKfzynUtw&oe=63856A40 HTTP/1.1
Host: scontent-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Mon, 15 Nov 2021 09:09:32 GMT
x-haystack-needlechecksum: 2018081399
x-needle-checksum: 725429911
content-type: image/jpeg
content-length: 13402
content-digest: adler32=953285962
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1904183273
date: Fri, 25 Nov 2022 02:26:53 GMT
x-fb-edge-debug: uDIKPhxLKZX2LqL2PjFswJzadNTn2oq2KTuOzpvKs6cI_vDS7OAbu8bk-xYgGcc4aAmVdAK8SCPJ-y6mrq6KOANJ2HPW4YW9kvLu0fek8TM
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-arn2-2.xx.fbcdn.net/v/t15.5256-10/280110403_528413152223406_1899259994002884972_n.jpg?stp=dst-jpg_p280x280&_nc_cat=108&ccb=1-7&_nc_sid=08861d&_nc_ohc=2s7405fvnHEAX-DGD_3&_nc_ht=scontent-arn2-2.xx&oh=00_AfC-fLqKkLqOrY2VRaNB5jz_GSlqrK43o1VOvfAPuKcA1A&oe=63850761
157.240.194.27200 OK 17 kB URL HTTP/2 scontent-arn2-2.xx.fbcdn.net/v/t15.5256-10/280110403_528413152223406_1899259994002884972_n.jpg?stp=dst-jpg_p280x280&_nc_cat=108&ccb=1-7&_nc_sid=08861d&_nc_ohc=2s7405fvnHEAX-DGD_3&_nc_ht=scontent-arn2-2.xx&oh=00_AfC-fLqKkLqOrY2VRaNB5jz_GSlqrK43o1VOvfAPuKcA1A&oe=63850761
IP 157.240.194.27:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 280x498, components 3\012- data
Hash f4c82274a1c9ccc7c04b00903fbd34d5
84ca9a66008193d5ddfe1413dee3ebc75fa8ea8e
5267cba67c2b532785ab1e56cfe1cbd009f87e3b5dcf609ba430519fbb897707
GET /v/t15.5256-10/280110403_528413152223406_1899259994002884972_n.jpg?stp=dst-jpg_p280x280&_nc_cat=108&ccb=1-7&_nc_sid=08861d&_nc_ohc=2s7405fvnHEAX-DGD_3&_nc_ht=scontent-arn2-2.xx&oh=00_AfC-fLqKkLqOrY2VRaNB5jz_GSlqrK43o1VOvfAPuKcA1A&oe=63850761 HTTP/1.1
Host: scontent-arn2-2.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Fri, 06 May 2022 09:24:34 GMT
x-haystack-needlechecksum: 696161656
x-needle-checksum: 3981319857
content-type: image/jpeg
content-length: 17061
content-digest: adler32=29801047
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1904183273
date: Fri, 25 Nov 2022 02:26:53 GMT
x-fb-edge-debug: k5_uocE-oz02DDhAQtDlurUiAXcT8dKqCKcaKGGvD1XT_Z79-R4l4H7dvm6TmphbIPCV2NdQM_CT8jcMXc1YvIk6EzFM-okCMXZW4wvX7Gk
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-arn2-1.xx.fbcdn.net/v/t15.5256-10/258872678_473765327379002_8627260801609442962_n.jpg?stp=dst-jpg_p280x280&_nc_cat=103&ccb=1-7&_nc_sid=08861d&_nc_ohc=FmPXWtsBkbkAX_BIDVA&_nc_ht=scontent-arn2-1.xx&oh=00_AfC88nNXyRL-bs--clbJJ7WeBFN47gHZ_O9ItAQ-GeE5gw&oe=6385A1C8
31.13.72.12200 OK 28 kB URL HTTP/2 scontent-arn2-1.xx.fbcdn.net/v/t15.5256-10/258872678_473765327379002_8627260801609442962_n.jpg?stp=dst-jpg_p280x280&_nc_cat=103&ccb=1-7&_nc_sid=08861d&_nc_ohc=FmPXWtsBkbkAX_BIDVA&_nc_ht=scontent-arn2-1.xx&oh=00_AfC88nNXyRL-bs--clbJJ7WeBFN47gHZ_O9ItAQ-GeE5gw&oe=6385A1C8
IP 31.13.72.12:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 280x498, components 3\012- data
Hash 2cb069d355f8475eeb3bec288bb0fbf8
d64674a074dc2e07a7d20d9176bb688fc97fcec2
4099bf130e33e93523e0bb5ba0dfd35cb8d36937a3a64d110a122b42f4a0dba4
GET /v/t15.5256-10/258872678_473765327379002_8627260801609442962_n.jpg?stp=dst-jpg_p280x280&_nc_cat=103&ccb=1-7&_nc_sid=08861d&_nc_ohc=FmPXWtsBkbkAX_BIDVA&_nc_ht=scontent-arn2-1.xx&oh=00_AfC88nNXyRL-bs--clbJJ7WeBFN47gHZ_O9ItAQ-GeE5gw&oe=6385A1C8 HTTP/1.1
Host: scontent-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Thu, 18 Nov 2021 14:47:59 GMT
x-haystack-needlechecksum: 2181174556
x-needle-checksum: 538247341
content-type: image/jpeg
content-length: 27508
content-digest: adler32=2049099740
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1904183273
date: Fri, 25 Nov 2022 02:26:53 GMT
x-fb-edge-debug: hOkmYpaUGRxi98rZW1XN0QQa6GBLE2TOotVAeV21inqmFuioQIm0LHptLE58Zp-MPzjbZj_s3BTuO513UDc-IEjJqjWRcOvUfqvoXMYMJ6o
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-arn2-1.xx.fbcdn.net/v/t39.30808-6/257640259_1610782042606005_2205056982885634932_n.jpg?stp=dst-jpg_p261x260&_nc_cat=107&ccb=1-7&_nc_sid=110474&_nc_ohc=zg7JMumO1sQAX84a96k&_nc_oc=AQl_I8tGcPQaWB5pm614OUpxk4gcNk0uA7ohA8ETAsrJ8Pf_C7f8TOSROOpGSZMMNA8&_nc_ht=scontent-arn2-1.xx&oh=00_AfAUYH6NJS_n9DvSB53iD5iQMwghbzBEAIN-w2Rh9zktZg&oe=6384C6C5
31.13.72.12200 OK 24 kB URL HTTP/2 scontent-arn2-1.xx.fbcdn.net/v/t39.30808-6/257640259_1610782042606005_2205056982885634932_n.jpg?stp=dst-jpg_p261x260&_nc_cat=107&ccb=1-7&_nc_sid=110474&_nc_ohc=zg7JMumO1sQAX84a96k&_nc_oc=AQl_I8tGcPQaWB5pm614OUpxk4gcNk0uA7ohA8ETAsrJ8Pf_C7f8TOSROOpGSZMMNA8&_nc_ht=scontent-arn2-1.xx&oh=00_AfAUYH6NJS_n9DvSB53iD5iQMwghbzBEAIN-w2Rh9zktZg&oe=6384C6C5
IP 31.13.72.12:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 261x348, components 3\012- data
Hash fbefb0432f31de12b11505d791914ec4
b9fa1ce6c271832b1ce162b36c6af6bc91cc00e7
772cbd926302148bd284a7d9bebc733b889a9c1d3e67645b71eec9d8d56c9d19
GET /v/t39.30808-6/257640259_1610782042606005_2205056982885634932_n.jpg?stp=dst-jpg_p261x260&_nc_cat=107&ccb=1-7&_nc_sid=110474&_nc_ohc=zg7JMumO1sQAX84a96k&_nc_oc=AQl_I8tGcPQaWB5pm614OUpxk4gcNk0uA7ohA8ETAsrJ8Pf_C7f8TOSROOpGSZMMNA8&_nc_ht=scontent-arn2-1.xx&oh=00_AfAUYH6NJS_n9DvSB53iD5iQMwghbzBEAIN-w2Rh9zktZg&oe=6384C6C5 HTTP/1.1
Host: scontent-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Fri, 19 Nov 2021 12:44:22 GMT
x-haystack-needlechecksum: 1147619206
x-needle-checksum: 3667198716
content-type: image/jpeg
content-length: 23538
content-digest: adler32=555234516
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1904183273
date: Fri, 25 Nov 2022 02:26:53 GMT
x-fb-edge-debug: H6uq3LqfxzeFoqOQHG3R-x_988EXfnBX7wTrGQEGWsHkQNwSl32REq47n2fNS6GhjfMrHZ5dFd51BkzpWJITTQiuooBARjPkKagPOSoYjZ4
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
video-arn2-1.xx.fbcdn.net/v/t39.25447-2/305564055_639137987498077_6754531541684990687_n.mp4?_nc_cat=111&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfaTRsaXRlYmFzaWNfNXNlY2dvcF9ocTJfZnJhZ18yX3ZpZGVvIn0%3D&_nc_ohc=3z0wenQjI1EAX-SJQRL&_nc_ht=video-arn2-1.xx&oh=00_AfBgWrBD8Z4pNH7HVRhtZjAo2mSUpeawagQcE4TPTZPfnw&oe=63857678&bytestart=0&byteend=947
31.13.72.14200 OK 948 B URL HTTP/2 video-arn2-1.xx.fbcdn.net/v/t39.25447-2/305564055_639137987498077_6754531541684990687_n.mp4?_nc_cat=111&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfaTRsaXRlYmFzaWNfNXNlY2dvcF9ocTJfZnJhZ18yX3ZpZGVvIn0%3D&_nc_ohc=3z0wenQjI1EAX-SJQRL&_nc_ht=video-arn2-1.xx&oh=00_AfBgWrBD8Z4pNH7HVRhtZjAo2mSUpeawagQcE4TPTZPfnw&oe=63857678&bytestart=0&byteend=947
IP 31.13.72.14:0
File type ISO Media, MP4 Base Media v5 \012- data
Hash 93bc27441d48f8c1784ee230ed41fc5b
27166cf39c47bb3a5fa9adfce8e9cecadcfc5a39
a7772bb82f06b06d798c5249b54f403459ea64e10d41b2aacd598cd950255766
GET /v/t39.25447-2/305564055_639137987498077_6754531541684990687_n.mp4?_nc_cat=111&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfaTRsaXRlYmFzaWNfNXNlY2dvcF9ocTJfZnJhZ18yX3ZpZGVvIn0%3D&_nc_ohc=3z0wenQjI1EAX-SJQRL&_nc_ht=video-arn2-1.xx&oh=00_AfBgWrBD8Z4pNH7HVRhtZjAo2mSUpeawagQcE4TPTZPfnw&oe=63857678&bytestart=0&byteend=947 HTTP/1.1
Host: video-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:206:HS_ERANGE_SUCCESS
last-modified: Wed, 07 Sep 2022 08:41:44 GMT
content-type: video/mp4
x-haystack-needlechecksum: 0
x-needle-checksum: 1828431492
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-digest: adler32=1828431492
content-length: 948
accept-ranges: bytes
x-fb-trip-id: 436667874
date: Fri, 25 Nov 2022 02:26:53 GMT
cache-control: max-age=1209600, no-transform
access-control-allow-origin: https://www.facebook.com
vary: Origin
x-fb-edge-debug: dKshvQkUna9japYrXsAhtR8M43YGGATG9w2RMawkq4dg-R_8OuRIy9fbaCVZHxROJVS2E9npkQCCYkNpTvIu_27I21q2koH2ApMXVeqomu4
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
scontent-arn2-1.xx.fbcdn.net/v/t39.30808-6/257466908_1610782172605992_8087867760732992952_n.jpg?stp=dst-jpg_p261x260&_nc_cat=111&ccb=1-7&_nc_sid=110474&_nc_ohc=OuZ-8K4qAGYAX8Goo97&_nc_ht=scontent-arn2-1.xx&oh=00_AfAtEdlfXaekPeSNsL9PJeu3BQZiOLy6dglT3GpmL19l5g&oe=63853B90
31.13.72.12200 OK 24 kB URL HTTP/2 scontent-arn2-1.xx.fbcdn.net/v/t39.30808-6/257466908_1610782172605992_8087867760732992952_n.jpg?stp=dst-jpg_p261x260&_nc_cat=111&ccb=1-7&_nc_sid=110474&_nc_ohc=OuZ-8K4qAGYAX8Goo97&_nc_ht=scontent-arn2-1.xx&oh=00_AfAtEdlfXaekPeSNsL9PJeu3BQZiOLy6dglT3GpmL19l5g&oe=63853B90
IP 31.13.72.12:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 261x348, components 3\012- data
Hash 162cf03b4c2f8a5a7fce313a21b90923
902bd38501d5a89b8690cf4a70e564b9faa2e470
a4194e29959b7d6e63ec66f6408f46a4bd6463be52ed4f4bdbe3e6f501106f13
GET /v/t39.30808-6/257466908_1610782172605992_8087867760732992952_n.jpg?stp=dst-jpg_p261x260&_nc_cat=111&ccb=1-7&_nc_sid=110474&_nc_ohc=OuZ-8K4qAGYAX8Goo97&_nc_ht=scontent-arn2-1.xx&oh=00_AfAtEdlfXaekPeSNsL9PJeu3BQZiOLy6dglT3GpmL19l5g&oe=63853B90 HTTP/1.1
Host: scontent-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Fri, 19 Nov 2021 12:44:34 GMT
x-haystack-needlechecksum: 1367695850
x-needle-checksum: 2065593327
content-type: image/jpeg
content-length: 23815
content-digest: adler32=3391278905
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1904183273
date: Fri, 25 Nov 2022 02:26:53 GMT
x-fb-edge-debug: Hlh6uKQgWJf9Ts866TD5t9eJL_pjJ2EZU4mlIYkJTH0NvFqydzYR_PP61RISIW7y4GrcpoMFVxbU5bqOLDT0NWOYdfZcczkQhPW9jq0xF2E
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
video-arn2-1.xx.fbcdn.net/v/t42.1790-2/257398577_1261317311010164_3429117857365743773_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mcmFnXzJfYXVkaW8ifQ%3D%3D&_nc_ohc=W6LCbyy75OkAX9xjY7Z&_nc_ht=video-arn2-1.xx&oh=00_AfBJFqmI4bvHOgNhT4dz-Hc8sR14NC-wZViqsTGFCTP9fQ&oe=6380464E&bytestart=0&byteend=906
31.13.72.14200 OK 907 B URL HTTP/2 video-arn2-1.xx.fbcdn.net/v/t42.1790-2/257398577_1261317311010164_3429117857365743773_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mcmFnXzJfYXVkaW8ifQ%3D%3D&_nc_ohc=W6LCbyy75OkAX9xjY7Z&_nc_ht=video-arn2-1.xx&oh=00_AfBJFqmI4bvHOgNhT4dz-Hc8sR14NC-wZViqsTGFCTP9fQ&oe=6380464E&bytestart=0&byteend=906
IP 31.13.72.14:0
File type ISO Media, MP4 Base Media v5 \012- data
Hash e27aaa23b763bfaf09b03eedc2407142
f24648cc7ae78f46ebcd416de64fad6772024bf5
d5d5d7195554d72cfa74ed9e4e9c712b47585e8a173e7bb39bf9cc76e7ad90a0
GET /v/t42.1790-2/257398577_1261317311010164_3429117857365743773_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mcmFnXzJfYXVkaW8ifQ%3D%3D&_nc_ohc=W6LCbyy75OkAX9xjY7Z&_nc_ht=video-arn2-1.xx&oh=00_AfBJFqmI4bvHOgNhT4dz-Hc8sR14NC-wZViqsTGFCTP9fQ&oe=6380464E&bytestart=0&byteend=906 HTTP/1.1
Host: video-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:206:HS_ERANGE_SUCCESS
last-modified: Thu, 18 Nov 2021 14:48:31 GMT
content-type: video/mp4
x-haystack-needlechecksum: 442534499
x-needle-checksum: 3647419548
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-digest: adler32=3647419548
content-length: 907
accept-ranges: bytes
x-fb-trip-id: 436667874
date: Fri, 25 Nov 2022 02:26:53 GMT
cache-control: max-age=1209600, no-transform
access-control-allow-origin: https://www.facebook.com
vary: Origin
x-fb-edge-debug: ykSZ49o49dmF5WxSSHGKR-d0ho554_wixv85CY3GoeI8pEfExypXj3n-LqRsyStS-wzTrDvZdS3pFDI8Kk7DMMqlHIfXUYCetnUJSX0F8Pw
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
video-arn2-1.xx.fbcdn.net/v/t42.1790-2/257398577_1261317311010164_3429117857365743773_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mcmFnXzJfYXVkaW8ifQ%3D%3D&_nc_ohc=W6LCbyy75OkAX9xjY7Z&_nc_ht=video-arn2-1.xx&oh=00_AfBJFqmI4bvHOgNhT4dz-Hc8sR14NC-wZViqsTGFCTP9fQ&oe=6380464E&bytestart=1107&byteend=17182
31.13.72.14200 OK 62 kB URL HTTP/2 video-arn2-1.xx.fbcdn.net/v/t42.1790-2/257398577_1261317311010164_3429117857365743773_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mcmFnXzJfYXVkaW8ifQ%3D%3D&_nc_ohc=W6LCbyy75OkAX9xjY7Z&_nc_ht=video-arn2-1.xx&oh=00_AfBJFqmI4bvHOgNhT4dz-Hc8sR14NC-wZViqsTGFCTP9fQ&oe=6380464E&bytestart=1107&byteend=17182
IP 31.13.72.14:0
Hash f91fa7c3922c3918ad4fee2deea66ea5
59e1dce165fb95e377f02d17e3873c735e2afa38
9bec83291e3ae5acbfb076e0227b05e0e67f08aa6abe2d8273a14d0f8da2358f
GET /v/t42.1790-2/257398577_1261317311010164_3429117857365743773_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mcmFnXzJfYXVkaW8ifQ%3D%3D&_nc_ohc=W6LCbyy75OkAX9xjY7Z&_nc_ht=video-arn2-1.xx&oh=00_AfBJFqmI4bvHOgNhT4dz-Hc8sR14NC-wZViqsTGFCTP9fQ&oe=6380464E&bytestart=1107&byteend=17182 HTTP/1.1
Host: video-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:206:HS_ERANGE_SUCCESS
last-modified: Thu, 18 Nov 2021 14:48:31 GMT
content-type: video/mp4
x-haystack-needlechecksum: 442534499
x-needle-checksum: 3647419548
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-digest: adler32=3647419548
content-length: 16076
accept-ranges: bytes
x-fb-trip-id: 436667874
date: Fri, 25 Nov 2022 02:26:53 GMT
cache-control: max-age=1209600, no-transform
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
video-arn2-1.xx.fbcdn.net/v/t42.1790-2/257398577_1261317311010164_3429117857365743773_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mcmFnXzJfYXVkaW8ifQ%3D%3D&_nc_ohc=W6LCbyy75OkAX9xjY7Z&_nc_ht=video-arn2-1.xx&oh=00_AfBJFqmI4bvHOgNhT4dz-Hc8sR14NC-wZViqsTGFCTP9fQ&oe=6380464E&bytestart=907&byteend=1106
31.13.72.14200 OK 200 B URL HTTP/2 video-arn2-1.xx.fbcdn.net/v/t42.1790-2/257398577_1261317311010164_3429117857365743773_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mcmFnXzJfYXVkaW8ifQ%3D%3D&_nc_ohc=W6LCbyy75OkAX9xjY7Z&_nc_ht=video-arn2-1.xx&oh=00_AfBJFqmI4bvHOgNhT4dz-Hc8sR14NC-wZViqsTGFCTP9fQ&oe=6380464E&bytestart=907&byteend=1106
IP 31.13.72.14:0
Hash e6347ea6910f0b49dc9ff0b53c36197b
5651c92c571698426f093c2a125014bf8316e89e
2434ee7d02ae9e7a1f32b4cbe772515b85759ddf2498c509faad92a2ffb8e6f3
GET /v/t42.1790-2/257398577_1261317311010164_3429117857365743773_n.mp4?_nc_cat=109&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfYXVkaW9fYWFjcF82NF9mcmFnXzJfYXVkaW8ifQ%3D%3D&_nc_ohc=W6LCbyy75OkAX9xjY7Z&_nc_ht=video-arn2-1.xx&oh=00_AfBJFqmI4bvHOgNhT4dz-Hc8sR14NC-wZViqsTGFCTP9fQ&oe=6380464E&bytestart=907&byteend=1106 HTTP/1.1
Host: video-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:206:HS_ERANGE_SUCCESS
last-modified: Thu, 18 Nov 2021 14:48:31 GMT
content-type: video/mp4
x-haystack-needlechecksum: 442534499
x-needle-checksum: 3647419548
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-digest: adler32=3647419548
content-length: 200
accept-ranges: bytes
x-fb-trip-id: 436667874
date: Fri, 25 Nov 2022 02:26:53 GMT
cache-control: max-age=1209600, no-transform
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
video-arn2-1.xx.fbcdn.net/v/t39.25447-2/305564055_639137987498077_6754531541684990687_n.mp4?_nc_cat=111&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfaTRsaXRlYmFzaWNfNXNlY2dvcF9ocTJfZnJhZ18yX3ZpZGVvIn0%3D&_nc_ohc=3z0wenQjI1EAX-SJQRL&_nc_ht=video-arn2-1.xx&oh=00_AfBgWrBD8Z4pNH7HVRhtZjAo2mSUpeawagQcE4TPTZPfnw&oe=63857678&bytestart=948&byteend=1123
31.13.72.14200 OK 176 B URL HTTP/2 video-arn2-1.xx.fbcdn.net/v/t39.25447-2/305564055_639137987498077_6754531541684990687_n.mp4?_nc_cat=111&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfaTRsaXRlYmFzaWNfNXNlY2dvcF9ocTJfZnJhZ18yX3ZpZGVvIn0%3D&_nc_ohc=3z0wenQjI1EAX-SJQRL&_nc_ht=video-arn2-1.xx&oh=00_AfBgWrBD8Z4pNH7HVRhtZjAo2mSUpeawagQcE4TPTZPfnw&oe=63857678&bytestart=948&byteend=1123
IP 31.13.72.14:0
Hash 7a7ce1f2a3a467a30bc378dba88df0e2
07d1c4ad8e4fbe2a6846149efdc4c6082a4adee0
bd0e4ecd621d58173f928c3b9508df681cbe6bf6db2b7527c387b16b5f618435
GET /v/t39.25447-2/305564055_639137987498077_6754531541684990687_n.mp4?_nc_cat=111&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfaTRsaXRlYmFzaWNfNXNlY2dvcF9ocTJfZnJhZ18yX3ZpZGVvIn0%3D&_nc_ohc=3z0wenQjI1EAX-SJQRL&_nc_ht=video-arn2-1.xx&oh=00_AfBgWrBD8Z4pNH7HVRhtZjAo2mSUpeawagQcE4TPTZPfnw&oe=63857678&bytestart=948&byteend=1123 HTTP/1.1
Host: video-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:206:HS_ERANGE_SUCCESS
last-modified: Wed, 07 Sep 2022 08:41:44 GMT
content-type: video/mp4
x-haystack-needlechecksum: 0
x-needle-checksum: 1828431492
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-digest: adler32=1828431492
content-length: 176
accept-ranges: bytes
x-fb-trip-id: 436667874
date: Fri, 25 Nov 2022 02:26:53 GMT
cache-control: max-age=1209600, no-transform
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
video-arn2-1.xx.fbcdn.net/v/t39.25447-2/305564055_639137987498077_6754531541684990687_n.mp4?_nc_cat=111&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfaTRsaXRlYmFzaWNfNXNlY2dvcF9ocTJfZnJhZ18yX3ZpZGVvIn0%3D&_nc_ohc=3z0wenQjI1EAX-SJQRL&_nc_ht=video-arn2-1.xx&oh=00_AfBgWrBD8Z4pNH7HVRhtZjAo2mSUpeawagQcE4TPTZPfnw&oe=63857678&bytestart=1124&byteend=1007242
31.13.72.14200 OK 1.0 MB URL HTTP/2 video-arn2-1.xx.fbcdn.net/v/t39.25447-2/305564055_639137987498077_6754531541684990687_n.mp4?_nc_cat=111&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfaTRsaXRlYmFzaWNfNXNlY2dvcF9ocTJfZnJhZ18yX3ZpZGVvIn0%3D&_nc_ohc=3z0wenQjI1EAX-SJQRL&_nc_ht=video-arn2-1.xx&oh=00_AfBgWrBD8Z4pNH7HVRhtZjAo2mSUpeawagQcE4TPTZPfnw&oe=63857678&bytestart=1124&byteend=1007242
IP 31.13.72.14:0
Size 1.0 MB (1006119 bytes)
Hash 7e38ccdeb8e3973ea517fedf2e2ae9a6
01ac04d3f7ed1765990a059e293b181a60eb0174
523cb2b7a87c87961fd3c873284773c5315da98d4887ce18802bc1dc9d1ec156
GET /v/t39.25447-2/305564055_639137987498077_6754531541684990687_n.mp4?_nc_cat=111&ccb=1-7&_nc_sid=5aebc0&efg=eyJ2ZW5jb2RlX3RhZyI6ImRhc2hfaTRsaXRlYmFzaWNfNXNlY2dvcF9ocTJfZnJhZ18yX3ZpZGVvIn0%3D&_nc_ohc=3z0wenQjI1EAX-SJQRL&_nc_ht=video-arn2-1.xx&oh=00_AfBgWrBD8Z4pNH7HVRhtZjAo2mSUpeawagQcE4TPTZPfnw&oe=63857678&bytestart=1124&byteend=1007242 HTTP/1.1
Host: video-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:206:HS_ERANGE_SUCCESS
last-modified: Wed, 07 Sep 2022 08:41:44 GMT
content-type: video/mp4
x-haystack-needlechecksum: 0
x-needle-checksum: 1828431492
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-digest: adler32=1828431492
content-length: 1006119
accept-ranges: bytes
x-fb-trip-id: 436667874
date: Fri, 25 Nov 2022 02:26:53 GMT
cache-control: max-age=1209600, no-transform
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800%7CShadows+Into+Light%7CPlayfair+Display:400
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800%7CShadows+Into+Light%7CPlayfair+Display:400
IP 142.250.74.10:0
GET /css?family=Open+Sans:300,400,600,700,800%7CShadows+Into+Light%7CPlayfair+Display:400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://siblingsgroupgh.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 25 Nov 2022 02:26:48 GMT
date: Fri, 25 Nov 2022 02:26:48 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
video-arn2-1.xx.fbcdn.net/v/t42.1790-2/280050329_452054536691555_5170551478881755606_n.mp4?_nc_cat=103&ccb=1-7&_nc_sid=985c63&efg=eyJybHIiOjU0OSwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%3D&_nc_ohc=iCGKn5eUdv8AX-U_hRX&_nc_oc=AQlSvW1N4EI0KCUpdrsapkqBOGStkArgrJshLIS2vEWee4XNpFxUallILkJoKIbYs_I&rl=549&vabr=305&_nc_ht=video-arn2-1.xx&oh=00_AfBDElNFSziZEOGCL0ec2l1z5hLPT3hF9M_zFEyC1U6JsQ&oe=63804B4E
31.13.72.14206 Partial Content 0 B URL HTTP/2 video-arn2-1.xx.fbcdn.net/v/t42.1790-2/280050329_452054536691555_5170551478881755606_n.mp4?_nc_cat=103&ccb=1-7&_nc_sid=985c63&efg=eyJybHIiOjU0OSwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%3D&_nc_ohc=iCGKn5eUdv8AX-U_hRX&_nc_oc=AQlSvW1N4EI0KCUpdrsapkqBOGStkArgrJshLIS2vEWee4XNpFxUallILkJoKIbYs_I&rl=549&vabr=305&_nc_ht=video-arn2-1.xx&oh=00_AfBDElNFSziZEOGCL0ec2l1z5hLPT3hF9M_zFEyC1U6JsQ&oe=63804B4E
IP 31.13.72.14:0
GET /v/t42.1790-2/280050329_452054536691555_5170551478881755606_n.mp4?_nc_cat=103&ccb=1-7&_nc_sid=985c63&efg=eyJybHIiOjU0OSwicmxhIjo1MTIsInZlbmNvZGVfdGFnIjoic3ZlX3NkIn0%3D&_nc_ohc=iCGKn5eUdv8AX-U_hRX&_nc_oc=AQlSvW1N4EI0KCUpdrsapkqBOGStkArgrJshLIS2vEWee4XNpFxUallILkJoKIbYs_I&rl=549&vabr=305&_nc_ht=video-arn2-1.xx&oh=00_AfBDElNFSziZEOGCL0ec2l1z5hLPT3hF9M_zFEyC1U6JsQ&oe=63804B4E HTTP/1.1
Host: video-arn2-1.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
x-storage-error-category: dfs:none;hs_p:206:HS_ESUCCESS
last-modified: Fri, 06 May 2022 09:29:49 GMT
content-type: video/mp4
x-haystack-needlechecksum: 360535098
x-needle-checksum: 567117936
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-digest: adler32=567117936
content-length: 1380624
accept-ranges: bytes
content-range: bytes 0-1380623/1380624
x-fb-trip-id: 436667874
date: Fri, 25 Nov 2022 02:26:53 GMT
x-fb-edge-debug: XOkLNVOGuB5jS_3L7fqx2WUe7oQl-8cxpq8g75cYyzbAUvoQ5aPYWUUycW6wRoonQ7g6qrntZJTtEOHhJr327pYkTP__ZiQXdWAmlMAm-x8
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2