r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4293
Expires: Tue, 20 Sep 2022 20:41:17 GMT
Date: Tue, 20 Sep 2022 19:29:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 19:03:07 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GQAATsdv-ZynoHJsidvpZyQMiIlNamtxWHEu78cwAzQj9-fPUu0Pcg==
Age: 1597
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fcdfpVWKAEItkiDEbdT2rHc3SCB91kH7RU0QzRt9EN8OV5vfrfke7g==
age: 53671
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 19:29:44 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 20 Sep 2022 19:03:22 GMT
Expires: Tue, 20 Sep 2022 19:31:32 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6rM0SfP-BL7Ut_ApTFTmXRsjVH0pV-GAt-Rq5kH-eYCe7h_rZQeN2Q==
Age: 1582
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6272
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:45 GMT
Last-Modified: Tue, 20 Sep 2022 17:45:13 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.86.38.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.86.38.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lwEbrXK7oI8+qpfPVimCYg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ZcmRdnZ6BodyfHOgcs1bwl3zwIY=
www.immigration.net/tag/601a/
132.148.112.52301 Moved Permanently 0 B URL HTTP/1.1 www.immigration.net/tag/601a/
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /tag/601a/ HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 20 Sep 2022 19:29:44 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Tue, 20 Sep 2022 20:29:45 GMT
Cache-Control: max-age=3600
X-Redirect-By: WordPress
Set-Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; expires=Wed, 21-Sep-2022 19:29:44 GMT; Max-Age=86400; path=/
YWRlcnrXO=_xQmGW.fuOg7; expires=Wed, 21-Sep-2022 19:29:44 GMT; Max-Age=86400; path=/
CzepGkADlOSKtb=ry%40%5BA2UD; expires=Wed, 21-Sep-2022 19:29:44 GMT; Max-Age=86400; path=/
enCXHt=Bo1RIGh8nAkf; expires=Wed, 21-Sep-2022 19:29:44 GMT; Max-Age=86400; path=/
pll_language=en; expires=Wed, 20-Sep-2023 19:29:45 GMT; Max-Age=31536000; path=/; SameSite=Lax
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: https://www.immigration.net/tag/601a/
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7599
Expires: Tue, 20 Sep 2022 21:36:25 GMT
Date: Tue, 20 Sep 2022 19:29:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7599
Expires: Tue, 20 Sep 2022 21:36:25 GMT
Date: Tue, 20 Sep 2022 19:29:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7599
Expires: Tue, 20 Sep 2022 21:36:25 GMT
Date: Tue, 20 Sep 2022 19:29:46 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30fbdfee7ec4513a5ff3dfcb7282f816
a852edb64a7220532aa619ab2a440c3a7e11b97a
4adee59f97bea412c6a0a786d0a27e431a497198b9047a75841b0a530803bdfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72c9eb8-103b-4d09-b405-97d1a7ae99a8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9543
x-amzn-requestid: 17be04c9-54f0-4988-82dd-f13911a2a629
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugINHN1IAMF8iA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09a-35496b4c21c23dec75257964;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y3urrVdjZEds_DKf3yL2XfaOy-5UPBwU-YVWe5eKYsDpl3JPmqffsw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:23:30 GMT
age: 75976
etag: "a852edb64a7220532aa619ab2a440c3a7e11b97a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c283017ec789693602177a2785177e21
ff8286c4d2cf87a1865d56d082bc5235dba60ad7
520db2567ad5529d35d2ac63b94d4186848382e9c86d0c4355ab979b34f0e0ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F28b8af49-2631-4a57-aeca-43e33f0f6d83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11145
x-amzn-requestid: dcb726a6-2f43-4170-a53c-4f0d2883309e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yuh7yHfHIAMFu4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e37e-11bf06e96123e01c11854cbb;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:47:42 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DwufJXA1yHz_jnJL0PWjCQYF9fa3jlJ0e-2hIomInAXCpmPISX3mjg==
via: 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:02:33 GMT
age: 77233
etag: "ff8286c4d2cf87a1865d56d082bc5235dba60ad7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ca0c1a7f205ad07f1cce80b26448873
0e14f5062e40ce94346494ff947bfcf74b5e88c1
ebc960279032671136749823c126ec807334d9eaf2b019abcc63b41bcdbf4a7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d1af9c9-23b5-42e1-b7c6-655c21db6627.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9873
x-amzn-requestid: 7171299f-e6e3-40ef-a292-33779346e1ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI-FDIIAMF-xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-31f9413434a6b00e77e7709b;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: evL3aL1ULo6B2a8Rp6iILKCX7F14O9HMSbEqkEY3XHFhmMptE8FaVw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 21:50:04 GMT
age: 77982
etag: "0e14f5062e40ce94346494ff947bfcf74b5e88c1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1a7d863845e96c5927e812f325c08c16
b8484fb5443344b03e52dd56b1d6c5682eb6221a
fcb382029332a44deaf212298b618074a752d674d0c735a1b8b861ab4bb6ff0f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b9b6fcc-4a98-463a-8c9c-a60812d5b535.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9865
x-amzn-requestid: 7eeeff5b-cb13-4060-96a6-bf5a4be57331
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugokGQVoAMFXmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e169-4211dbbe1a22d0255a45aff0;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:38:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zDPKSOJ7SJImKcluUMhGvVMHv4t2oKLD2AJfGKAFSfedsdSA4VgZ_g==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:02:56 GMT
etag: "b8484fb5443344b03e52dd56b1d6c5682eb6221a"
content-type: image/jpeg
age: 77210
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ed7323b395e757f7766ea0045efdaca
8b91bc3069a3217bc719c27959d578b353b5d9dc
8daf8cb1464daa5f72bc4f1049adb4aba00b2c2dec11cb3ade3454ec2ebbfb63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4c2e0de8-088f-449b-a3cb-bbb83e3883a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11832
x-amzn-requestid: 75065a71-5f2d-4987-915b-9bddc772c76a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YugI_EsLIAMFdmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328e09f-1248d25405209da3353d4a4a;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 21:35:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7sCevVX1nGXxZxnrXSURjUcap1a7vCZwrMMIXfzcBPR1srMxJHLGUg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 22:07:05 GMT
age: 76961
etag: "8b91bc3069a3217bc719c27959d578b353b5d9dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e70b2859ca89b353682d03f6b46b93
ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 19:29:46 GMT
content-type: image/jpeg
content-length: 10894
x-amzn-requestid: 257316b9-2da7-4b43-a8b3-d89c088de1ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbsFXFpzoAMFkpQ=
x-content-type-options: nosniff
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
x-amzn-trace-id: Root=1-63215a22-6f365f587f25845668bf59b7;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 04:35:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Zj69wO77qUN6jg22gSs-Zc2mPJmAfrknEveL34YfVKtVtXIiokxn1w==
age: 190431
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css?ver=6.0.2
104.17.25.14200 OK 10 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css?ver=6.0.2
IP 104.17.25.14:0
File type ASCII text, with very long lines (59119)
Hash 14e1692fd4263ccfea0b84299bdbf1f5
7783020a9ced5f32c8d38205357c7d10798be1fd
8ff0cd2d1e7f0b6203a762fb9811256d4445a3ad0d97f07102e038ba0eb3db72
GET /ajax/libs/font-awesome/5.15.4/css/all.min.css?ver=6.0.2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 19:29:47 GMT
content-type: text/css; charset=utf-8
content-length: 10462
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "613fa20b-28de"
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 3634058
expires: Sun, 10 Sep 2023 19:29:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f8wBVfW5klZdCVw4oEJ2KGPCJ9Kwj7uOzYKVwwhlKgOWhYGgqnzfFu9FfyvGHGPs1Jd3XlganSqckh4%2FthMXDeI65yBLe6oxuemsPtKXQEzmTq%2BmDSEvlCm0C6kfKKOTvDD4BGeE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74dcf8cfafbeb4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.immigration.net/tag/601a/
132.148.112.52200 OK 20 kB URL HTTP/2 www.immigration.net/tag/601a/
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (11483), with CRLF, LF line terminators
Hash 8ca0d857f6bc27a407ea9473cc9da248
c986d926bf086ed79d24375a6b5d22983c5333bf
0392dc8d34d185bfa988b63a7369e4a6aa3012a22f024538dd0c840e9172ae8a
Analyzer Verdict Alert fortinet Malware
GET /tag/601a/ HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.30
link: <https://www.immigration.net/wp-json/>; rel="https://api.w.org/", <https://www.immigration.net/wp-json/wp/v2/tags/216>; rel="alternate"; type="application/json"
set-cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; expires=Wed, 21-Sep-2022 19:29:46 GMT; Max-Age=86400; path=/; secure
YWRlcnrXO=_xQmGW.fuOg7; expires=Wed, 21-Sep-2022 19:29:46 GMT; Max-Age=86400; path=/; secure
CzepGkADlOSKtb=ry%40%5BA2UD; expires=Wed, 21-Sep-2022 19:29:46 GMT; Max-Age=86400; path=/; secure
enCXHt=Bo1RIGh8nAkf; expires=Wed, 21-Sep-2022 19:29:46 GMT; Max-Age=86400; path=/; secure
pll_language=en; expires=Wed, 20-Sep-2023 19:29:47 GMT; Max-Age=31536000; path=/; secure; SameSite=Lax
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 19777
content-type: text/html; charset=UTF-8
date: Tue, 20 Sep 2022 19:29:46 GMT
server: Apache
X-Firefox-Spdy: h2
a.mailmunch.co/app/v1/site.js
143.204.55.40200 OK 8.4 kB URL HTTP/2 a.mailmunch.co/app/v1/site.js
IP 143.204.55.40:0
File type ASCII text, with very long lines (26047), with no line terminators
Hash d7737c5342c196e4b5ae33ef401ce949
e97975d456bb4457c7195f41c051e8ff16f3c95c
b34525cc99f50b83d8066782765cd956b52fbb39af075f0add0785703d999b8f
GET /app/v1/site.js HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 8416
date: Tue, 20 Sep 2022 19:21:12 GMT
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Mon, 19 Sep 2022 13:30:33 GMT
etag: "d7737c5342c196e4b5ae33ef401ce949"
cache-control: max-age=172800
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dWGO7Bd1GNagyjyrgzxCAclbfzSwK7v7Z570SWbXcZbSc3KUCJGQ3A==
age: 516
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61e5226dc3bddf0c0823c3134ebde224
4b35c53e8f91a840a4125b1ff92e99589c007a37
223615fe4754c0953ed65ec85d36d5219904395c8d7d7963670ab6f4c44e22da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5730
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Last-Modified: Tue, 20 Sep 2022 17:54:18 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0a103478642d8967648f98988c7e6419
b39283cc8c8cd4f335f94e15f03ede72698f75de
348b99176d4f4d9f324ce464cf051eac70f03bb6219e54c0b6fbf35efa356443
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b921991dfbfa20dcb749dcd851f63417
2c4fc6404ebfd1f170c2311cebd0dd5e3d2b5d69
bf48daac503b11689f1e99f5d014e1505fe87d73ccb6a99dae662276752c9697
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4639
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Last-Modified: Tue, 20 Sep 2022 18:12:28 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 26fcf8aea27805b4a6a29e3e2a4ba19b
f920fd6c5a79a4adb2f456edcee678757ff1602c
7aa63d03f514e4f51190e85f167f747563f980e0e6fdee6cce9393321dff1038
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0a103478642d8967648f98988c7e6419
b39283cc8c8cd4f335f94e15f03ede72698f75de
348b99176d4f4d9f324ce464cf051eac70f03bb6219e54c0b6fbf35efa356443
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 37e91e37f4afb91487afcc921e070688
3ec236d0729944092acf06d9adb10d55ec8300fe
f8bccbcb577589d803512c874bc93411baeb62863ab99c6858f3a60f98fbb02f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3535
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Last-Modified: Tue, 20 Sep 2022 18:30:52 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 61e5226dc3bddf0c0823c3134ebde224
4b35c53e8f91a840a4125b1ff92e99589c007a37
223615fe4754c0953ed65ec85d36d5219904395c8d7d7963670ab6f4c44e22da
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5730
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Last-Modified: Tue, 20 Sep 2022 17:54:18 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 279
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.3.0
132.148.112.52200 OK 4.3 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash ab51a57b0a7892002f038df1b5804f17
8ff348441a76ff9aad17e731bc33b9e53aa406d0
22d2bf6b4a7f66c1bff36c3228d6887436400deb15f1ab44517b9ad0efa07a1f
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b419fc-5c7b-5e700677cd6ca-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4318
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.css?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2
132.148.112.52200 OK 1.1 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.css?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (7116)
Hash 826884fdb05b65bb7a14b9db8a343e78
c82f3e28cdc0ff73c184174378a7e1ba0b0bc538
824f944e16e18ef36d50608cadec803c542ea322f4931f1e08896822a2c932ee
GET /nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.css?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:49 GMT
etag: "28e0426-2043-5e90a2a25e5f7-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1051
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-10928892074
142.250.74.72200 OK 62 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10928892074
IP 142.250.74.72:0
File type ASCII text, with very long lines (4682)
Hash c88669427daa9d1f7362831b2d9c2cf2
9b3b3782e3d3a0dc8d432cc9892aceeb2f4148de
17b1c4c3d58f7168cd6e6d876a386c0b4f837fef0132618afd7ef8d2d4e9cf84
GET /gtag/js?id=AW-10928892074 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 20 Sep 2022 19:29:47 GMT
expires: Tue, 20 Sep 2022 19:29:47 GMT
cache-control: private, max-age=900
last-modified: Tue, 20 Sep 2022 18:15:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 62189
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
132.148.112.52200 OK 3.3 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (27709)
Hash de25deb1514a3ba39e90bb45665aaa2f
fd5d4c836cc80f4350101414de25e665c4df4b51
67cdfdaf9767c318d1f269c0c46e768a65520ff151b103f40fc1446b473abec8
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 14 Jul 2021 15:50:19 GMT
etag: "1a00e34-6c70-5c7174fb524c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3267
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0a103478642d8967648f98988c7e6419
b39283cc8c8cd4f335f94e15f03ede72698f75de
348b99176d4f4d9f324ce464cf051eac70f03bb6219e54c0b6fbf35efa356443
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 26fcf8aea27805b4a6a29e3e2a4ba19b
f920fd6c5a79a4adb2f456edcee678757ff1602c
7aa63d03f514e4f51190e85f167f747563f980e0e6fdee6cce9393321dff1038
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bit.ly/3qtHNyR
67.199.248.11301 Moved Permanently 163 B IP 67.199.248.11:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 541c17809172ccc0057dfdc275a00cdd
e35982fdbeabce9ac267a95076e40e77d8fcee2a
3e3f83a55f14f1106a07e846d10890f5fa09f559369e81f5500213e24c8c02d0
GET /3qtHNyR HTTP/1.1
Host: bit.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 20 Sep 2022 19:29:47 GMT
content-type: text/html; charset=utf-8
content-length: 163
cache-control: private, max-age=90
location: https://resource.kenect.com/api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG
set-cookie: _bit=m8kjtL-ac93736fc11e00230a-003; Domain=bit.ly; Expires=Sun, 19 Mar 2023 19:29:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b921991dfbfa20dcb749dcd851f63417
2c4fc6404ebfd1f170c2311cebd0dd5e3d2b5d69
bf48daac503b11689f1e99f5d014e1505fe87d73ccb6a99dae662276752c9697
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4639
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Last-Modified: Tue, 20 Sep 2022 18:12:28 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
www.immigration.net/nova/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
132.148.112.52200 OK 12 kB URL HTTP/2 www.immigration.net/nova/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (43771)
Hash e5548800176e913a9084f47a3e1e04f6
eff4604acc5c26ae82a19188de2f98bf5b79d80c
a2569c768eaca09f2483b971fcebb97badd57c9a16b5ae3e16b8cdcd8c688b07
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 13 Jul 2022 02:59:58 GMT
etag: "1a400f6-15b64-5e3a6faf52780-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 11681
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/visual-link-preview/dist/public.css?ver=2.2.4
132.148.112.52200 OK 273 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/visual-link-preview/dist/public.css?ver=2.2.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (637)
Hash 7088432ee0ac9084b81eb0db71aed8d1
b3ec7fa11323e31b1787888bcd2db74bc50d6706
b5c3abb76b713f1f1a1a893667e19d0cbf0900244599b77e88239a4544086011
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/visual-link-preview/dist/public.css?ver=2.2.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 03 Feb 2022 15:00:22 GMT
etag: "1a2066a-27f-5d71e64b30d80-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 273
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/wp-ada-compliance-check-basic/styles.css?ver=1650652011
132.148.112.52200 OK 4.7 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/wp-ada-compliance-check-basic/styles.css?ver=1650652011
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (405)
Hash 9aac96cd088c656c1abd20bec99485e0
abe636351b19d1a3ffc035137ed1647002a90712
09d6c27aa7abbe68f0bd42ae82ea85e6f489df3d6d9937e928c404cffb5a5a90
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/wp-ada-compliance-check-basic/styles.css?ver=1650652011 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 22 Apr 2022 18:26:51 GMT
etag: "19e1271-5502-5dd425ec370c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4740
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/themes/x-child/style.css?ver=9.1.4
132.148.112.52200 OK 463 B URL HTTP/2 www.immigration.net/nova/wp-content/themes/x-child/style.css?ver=9.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash 19903779c578815d1ffa44a56f0e4c29
0a9ed74ac05dc366b27fb9807da23afac3a2cc17
1b38b631e6276d507645db54e100cd24ee5c4f830f45ef8536a2c675e81e5cd6
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/themes/x-child/style.css?ver=9.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 18 Nov 2021 16:39:29 GMT
etag: "1a21108-482-5d112cd633240-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 463
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.11.207200 OK 6.6 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (27303)
Hash bc43583a6a0214f9af469133530db467
3bec7b96d55e6c9dea1462dc4361be129b6571b0
fdf1483df052798be598563b800e2415cda805661adeae4656946cdbaa1a0c4d
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Sep 2022 19:29:47 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 9146435
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74dcf8d018b9b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/monarch/css/style.css?ver=1.3.16
132.148.112.52200 OK 13 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/monarch/css/style.css?ver=1.3.16
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (718)
Hash bf4e8a511d82daf1e22f290808d204d6
ff0d4c9d382224e906f316191212e799f453b798
3fcc24dac9076fdb99d3106c540c92a3b074c6574e2417821daac276fccfa5e9
GET /nova/wp-content/plugins/monarch/css/style.css?ver=1.3.16 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 11 Jan 2018 19:02:28 GMT
etag: "1a00edd-1c56d-56284ca03b900-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 12734
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
IP 142.250.74.3:0
Hash d7f69b9b28872b08d66024cfd5d24923
57f941909b09e630dc8ea1ee770ceb5eab6e0e3d
986136a03d49cba47025e43a15b039d8f25f1c318172f0b482713d7d4e66580a
POST /s/gts1d4/_FxBsn3OejE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:47 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/themes/x/framework/dist/css/site/stacks/integrity-light.css?ver=9.1.4
132.148.112.52200 OK 33 kB URL HTTP/2 www.immigration.net/nova/wp-content/themes/x/framework/dist/css/site/stacks/integrity-light.css?ver=9.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash d43fc828f8dcd8cbda95e57b1ece2450
cf5f94a9916d67d0017d6c31d56afbd0c69888ec
1f83236713a2ab03b6808de3ff2f8e3572f283866b3785ab8bd1026b5c7284ae
GET /nova/wp-content/themes/x/framework/dist/css/site/stacks/integrity-light.css?ver=9.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Nov 2021 16:25:39 GMT
etag: "1a21133-2ff49-5d0d6426446c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 33334
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
132.148.112.52200 OK 212 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash db66de13c05ea53fcf76501102756efa
e124611eaa5ac52ad1ffa6d8e13bd54ec53f251b
bcc8b236b089f186585569d3128078fcc27eafe97a8d01b2075f6f8528779e07
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/a3-lazy-load/assets/css/jquery.lazyloadxt.spinner.css?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 19:36:11 GMT
etag: "1a00197-137-5e4ce877c00c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 212
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
132.148.112.52200 OK 195 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash f9d342a66f882a21aaa6bf2f886dec5f
208b0196ddc4618f81a4acbe5e03b0789da1b9b3
16354818e612c2d6a9457960b8425bc745d7d48aa7e35f2c4ff4a32be4633cdf
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:48:16 GMT
etag: "1a00e3c-14b-5e909a3df7e09-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 195
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4
132.148.112.52200 OK 1.8 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (8319)
Hash 4ef76087ceebf8f309ed48ec12e63876
8c01ce47d1fd1bdbdf77f4b4b1e002ccd7d92afa
2a79fd037132847cedca153e7cb2ac6057afb3a33af627d63c0fce9a5393b8d5
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:50 GMT
etag: "28e01bb-2080-5e90a2a3a96f4-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1786
content-type: text/css
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.3.0
132.148.112.52200 OK 3.4 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Unicode text, UTF-8 text, with very long lines (21440)
Hash a033d66bedb7d4b81e367e0cd3bdd24b
366af2db24db29b2b6bed3d627f4d8de0d97e77e
5a540db5c135e3911ef9c9e78d3e2eaf780da89aa49567b2c176928ad6bf3294
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b41a13-54f7-5e700677cde9a-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3372
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4
132.148.112.52200 OK 4.6 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1003)
Hash 48e61f2f2c6015a4336e6366befb522d
527f22a82e9f5fba1da3443b191acb0792b24f1f
efa0fbecb4898606bdd63c8d6cc44759e1baf2c26af09a749b6857651432cb06
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:50 GMT
etag: "28e01a1-35f6-5e90a2a3a8f24-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4564
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.3.16
132.148.112.52200 OK 1.9 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.3.16
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (4205)
Hash adffe288d354bc53918565e48f7b60b7
3b5815526f8fbe9b19fe9c472d33b54f86b75991
4f3d1120aa1a8584b66c9407d9cf3979767bd42e2f3b8d59a4f1492398c3fe90
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/monarch/js/idle-timer.min.js?ver=1.3.16 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:54:11 GMT
etag: "1a00ee9-10e3-5e0d106d592c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1882
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
132.148.112.52200 OK 4.2 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (11126)
Hash 5629711d7fdd5b28441bac39b851299f
4e0bf2b7383097f7c352023a1b1b1b48a50356b6
44c444309c7a6c05ff4a9bc198bed9e9596bedb5658637c85689c9a471dcdd16
GET /nova/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:23:40 GMT
etag: "1a40217-2bd8-5e9094be24ec5-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 4169
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
132.148.112.52200 OK 2.9 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (9680), with no line terminators
Hash 7c2c4ebd10adb73367b5c5f0e1e5d3ce
a67e4fd0e3e7452e74b22517ba924b58307d7758
5244443e699788a134cc77adfc3fd18f03386df5fe49e6c82b057387ba4d0ebd
GET /nova/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 06:29:09 GMT
etag: "1ac01ee-25d0-5e7abd904cb2a-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 2914
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
resource.kenect.com/api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG
34.149.59.194200 OK 24 kB URL HTTP/2 resource.kenect.com/api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG
IP 34.149.59.194:0
File type Unicode text, UTF-8 text, with very long lines (24355), with no line terminators
Hash be61b0a0004e754488ea7fb2fcd77e44
212cb3448da348e4210b33835cae508ead202423
f7142e633bb1306b0454dd2670cf771431546f346bdd700da0b46a7c8ae06469
GET /api/v1/widget/client-data/6Sj957aIcyVWOLohrUqwmG HTTP/1.1
Host: resource.kenect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.immigration.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.23.1
date: Tue, 20 Sep 2022 19:29:47 GMT
content-type: text/javascript;charset=UTF-8
content-length: 24363
x-cloud-trace-context: b8c55690e8c13ec5fb7edeb43a428f23/1251605916935640753
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
132.148.112.52200 OK 5.0 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (15660)
Hash e6624e0b978e6ddba476be41aaaa82df
822e920d8233072110ed7c8a7f379e5b13209b18
dac86a9ce08e4d8cded47b4fa900a664b0c997d8910c2a1be54a423678925a41
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:23:40 GMT
etag: "1802a54-48b9-5e9094be1c60d-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 5009
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
132.148.112.52200 OK 3.9 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (12211), with no line terminators
Hash 7ef755c2700783f9eae63fc539149a18
e57c0c5ceb5e2fbf1aaad44aad6319f8b26b69a1
95c808afbeaf569865125c132b69df4a68bca03fd6b792d38ef9a0e341dbf06b
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 06:29:09 GMT
etag: "1ac01f1-2fb3-5e7abd904cb2a-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 3934
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.0
132.148.112.52200 OK 415 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash 62e6439ea22c07d86674d88b688a9fb1
e499a5c06d34f838fc1a5b36a924ca5600f4f9cd
2e117cc65e06418d0232894884eb7b596ecc9d82c5c7c2c5ea6ee2c630af8e43
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extend.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:48:05 GMT
etag: "1a001ae-415-5e909a3317265-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 415
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4
132.148.112.52200 OK 1.1 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type HTML document, ASCII text, with very long lines (3102)
Hash 92aff458c46ce464686ea160ceae90a7
c77d998b0eda7b5a56194b7d18240e628e540523
3c4f4a2919827a5e38510c6fdf3dc66ed3af07e5662a72035839d2bee19cc30f
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:50 GMT
etag: "28e0191-c1f-5e90a2a3a8754-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1082
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.0
132.148.112.52200 OK 764 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1533)
Hash 5482bab316d4745f945ceedf9a6a4a74
e19b9f0423ec7ea517fb3af8d04a08182e323da6
72be1dd2581dc327b485bb623a54884f951fa91ac86c39b534adf3ee80b87415
GET /nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.srcset.min.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:48:05 GMT
etag: "1a001b7-625-5e909a331958e-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 764
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/_FxBsn3OejE
IP 142.250.74.3:0
Hash d7f69b9b28872b08d66024cfd5d24923
57f941909b09e630dc8ea1ee770ceb5eab6e0e3d
986136a03d49cba47025e43a15b039d8f25f1c318172f0b482713d7d4e66580a
POST /s/gts1d4/_FxBsn3OejE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.0
132.148.112.52200 OK 1.5 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (2976)
Hash ef92f9c387fe31483aa1baa625d6f380
6af89e953cff5893779d1183467f89d6ea753b17
42bf5be4ace7a18492dc4fd2cbf563867812f799b7930021e648752e1e109e7a
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/a3-lazy-load/assets/js/jquery.lazyloadxt.extra.min.js?ver=2.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:48:05 GMT
etag: "1a001b3-bc7-5e909a3318205-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1538
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/monarch/js/custom.js?ver=1.3.16
132.148.112.52200 OK 6.5 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/monarch/js/custom.js?ver=1.3.16
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (1815)
Hash 4f7996d43ee4c68714b20f4296799364
e8f38c124d82ef19779bb48fbdcf54c0089fc28f
f57fd305904a112ffc4678dffc512e5506890fd338b142c874b907c99c7ba295
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/monarch/js/custom.js?ver=1.3.16 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:54:11 GMT
etag: "1a00ee8-6e10-5e0d106d592c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 6466
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
132.148.112.52200 OK 31 kB URL HTTP/2 www.immigration.net/nova/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65447)
Hash 9640915738503451aa21181699feab5b
c053eaf36ef0da96619706b3abda326305063bd6
f8834e669ad1f4039442c26aaa373ec39c35a233b9786d374fc3f670f16b0adc
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 15:23:40 GMT
etag: "1a4021f-15db1-5e9094be246f5-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 30908
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/themes/x/framework/dist/js/site/x.js?ver=9.1.4
132.148.112.52200 OK 15 kB URL HTTP/2 www.immigration.net/nova/wp-content/themes/x/framework/dist/js/site/x.js?ver=9.1.4
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (54351), with no line terminators
Hash ccbefa361a7ff48b275b71aa9def53bc
e6921539bfeed4ff0a4e2a004e9e333e30ab8606
d7b1a7dd56e78c321cf377310a318082af7c43f1d126bbeab12aae8e4f5545b7
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/themes/x/framework/dist/js/site/x.js?ver=9.1.4 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:54:18 GMT
etag: "1a2113e-d44f-5e0d107406280-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 15382
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.3.0
132.148.112.52200 OK 42 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65343)
Hash 8915ae671d1b078d67b86d554ee78087
2bb06cd05eb0e9e3375df44a1e8dce34a96db301
fa807f6f33b991c713df5b48eddbec3ddd35f5eba9b7cd98bd997d490570ba65
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b41a12-1e049-5e700677cdab2-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 41980
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2018/01/Kuck_Baxter_Logo_2018.png
132.148.112.52200 OK 37 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/Kuck_Baxter_Logo_2018.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 2001 x 824, 8-bit/color RGBA, non-interlaced\012- data
Hash 7d44788bc34ac5e61dbfd213fa8d599e
415bde76066080d99326779e7e2630aa700b80b8
a4e84089771d0353a227f74d203ba7b67a89177077f235279066414ca1959429
GET /nova/wp-content/uploads/2018/01/Kuck_Baxter_Logo_2018.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 04 Jan 2018 12:16:09 GMT
etag: "1a2158d-9121-561f24c061440"
accept-ranges: bytes
content-length: 37153
content-type: image/png
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/js/site/cs.6f62d0f.js
132.148.112.52200 OK 46 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/js/site/cs.6f62d0f.js
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash ce8386fcb7d86dbda40a00d063d6cd57
5960ed916fa94e0846df795a50b39d9e02b58de1
149afab4a6ae5889221997de240deadf6c16d9791ef1a1453bc3415c2c7ce935
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/js/site/cs.6f62d0f.js HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 07 Jun 2022 00:53:55 GMT
etag: "1a0097c-22b10-5e0d105e16ec0-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 46135
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f5180e6651455bc8443945fb5b6860c
01457b8648200c9d274b2790b95274b1dc855aaf
39301cccc2805993f794301cb01a70a954e7c8a8e5d6779acc4888f77d7282c0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 17:10:21 GMT
expires: Wed, 20 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 8367
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.3.0
132.148.112.52200 OK 74 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.3.0
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
Hash 84997269fa307fa50bd836a615efc602
f9d6784fb6efe569db09e5e3627704223db0b65b
281b3a336d49ff16329b6098a0279f0c7467a6eb8d1c955aac27e0f4469a83d7
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=7.3.0 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 24 Aug 2022 17:56:45 GMT
etag: "1b41a11-2048e-5e700677cdab2-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 17:10:21 GMT
expires: Wed, 20 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 8367
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c683e61e63df92799aa274fdac42cd3b
191aeec95861fa8596a90a10c60b22434431c033
898c007bc0e7d5f4d3180c9fe28b88036102ba64912d0773c023e1f4f07d7beb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net//nova/wp-content/uploads/2018/07/yelp-brands.jpg
132.148.112.52200 OK 1.1 kB URL HTTP/2 www.immigration.net//nova/wp-content/uploads/2018/07/yelp-brands.jpg
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 32x32, components 3\012- data
Hash 6a09a2f803b7310a34915a131c78c23f
6866bf0f42f32745cd2d01b6ab1aac9f221cb0fe
0fc12d125cbb69bef362d8831222705d0a07a59d0b549cc23df4b020ac58247e
GET //nova/wp-content/uploads/2018/07/yelp-brands.jpg HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/nova/wp-content/themes/x-child/style.css?ver=9.1.4
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 01 Aug 2018 01:04:51 GMT
etag: "1a21680-438-572554819f2c0"
accept-ranges: bytes
content-length: 1080
content-type: image/jpeg
date: Tue, 20 Sep 2022 19:29:48 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-brands-400.woff2
132.148.112.52200 OK 78 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-brands-400.woff2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 78464, version 331.-31392\012- data
Hash ff496de99efc36ce4f6f1e611ada7e65
f6b96b15619d6c70e152ccc6901f5872b58b08be
59beb1f8f4ea7e16c50ae0652005e6f7a39f58f9deb0e155d8c8981ea99544b0
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/fonts/fa-brands-400.woff2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Nov 2021 16:26:12 GMT
etag: "1a0096b-13280-5d0d6445bd100"
accept-ranges: bytes
content-length: 78464
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Tue, 20 Sep 2022 19:29:48 GMT
server: Apache
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2
104.17.25.14200 OK 78 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2
IP 104.17.25.14:0
File type Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196\012- data
Hash d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
GET /ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 20 Sep 2022 19:29:48 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 78268
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "613fa20b-131bc"
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 4748493
expires: Sun, 10 Sep 2023 19:29:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bv3QyOlRdQTBG5kP02HIUxwfyjE45XLC%2BHBAVDy7GCL1SL6Am46onwRJHUGm5ZSJkgwDuO6jJfMTnnAHCdgzZWB2Dw4WFiHvquW4HIqN6vZa9VH8FGtLhJmmh2EQ46o9xH5uqagz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74dcf8d7cbdab4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f590ca1282d11ae4f03734614277fc8d
8a1fb5a3f738f196a1c7434d95825f6bfad96d42
b353f176dace4486e71cad9e6d271b30b5d7125790600427f41c0cbee3046856
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f590ca1282d11ae4f03734614277fc8d
8a1fb5a3f738f196a1c7434d95825f6bfad96d42
b353f176dace4486e71cad9e6d271b30b5d7125790600427f41c0cbee3046856
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f590ca1282d11ae4f03734614277fc8d
8a1fb5a3f738f196a1c7434d95825f6bfad96d42
b353f176dace4486e71cad9e6d271b30b5d7125790600427f41c0cbee3046856
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-solid-900.woff2
132.148.112.52200 OK 141 kB URL HTTP/2 www.immigration.net/nova/wp-content/plugins/cornerstone/assets/fonts/fa-solid-900.woff2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type Web Open Font Format (Version 2), TrueType, length 140996, version 331.-31392\012- data
Size 141 kB (140996 bytes)
Hash 25d740d42658b6e2c293ce7b3322aac7
41cc9ae4b5dd70fd3988059dfb864f20f99ae371
8b5a3ff47c2413e0bf3dd3bb7899a25aeef9b390a055847a1185a39ad48a2da2
Analyzer Verdict Alert fortinet Malware
GET /nova/wp-content/plugins/cornerstone/assets/fonts/fa-solid-900.woff2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 15 Nov 2021 16:26:12 GMT
etag: "1a00974-226c4-5d0d6445bd100"
accept-ranges: bytes
content-length: 140996
vary: Accept-Encoding,User-Agent
content-type: font/woff2
date: Tue, 20 Sep 2022 19:29:48 GMT
server: Apache
X-Firefox-Spdy: h2
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.210200 OK 3.1 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (7751)
Hash 57efbbeb3e1d23c82b677511c67c8b0e
f927ba115ef4be362694c22850ddbdd1c1b054d1
873b38d80c8ff1ffcac23ecdb7fb2d17413ae3c217236d8e1e24574b1c4707c6
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=25746
date: Tue, 20 Sep 2022 19:29:49 GMT
content-length: 3063
x-cdn: AKAM
X-Firefox-Spdy: h2
storage.googleapis.com/widget.kenect.com/resources/prompt.html.gz
108.177.14.128200 OK 1.4 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/prompt.html.gz
IP 108.177.14.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1300)
Hash 8f25df841e51cfab45b5aae5db6d18b8
90e76f0a60f48f3d790e95540aa1be35a6f884ac
03a07b070691db50795f43a532e134326abc81f2907d8e2ffb067f27f0ce105b
GET /widget.kenect.com/resources/prompt.html.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdvYvsz1DDBTSKycaMF5IuuKSyKGTjL3WvHStf3Bv5onZXt-IO7L1XntHLks9m38yK43_aVp67z1B7oMGXO-cEngjg
x-goog-generation: 1657738774177700
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1436
content-encoding: gzip
x-goog-hash: crc32c=AnuppQ==, md5=jyXfhB5Rz6tFtarl220YuA==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1436
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Tue, 20 Sep 2022 19:29:48 GMT
expires: Tue, 20 Sep 2022 20:29:48 GMT
cache-control: public,max-age=3600
last-modified: Wed, 13 Jul 2022 18:59:34 GMT
etag: "8f25df841e51cfab45b5aae5db6d18b8"
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
storage.googleapis.com/widget.kenect.com/resources/button.html.gz
108.177.14.128200 OK 1.4 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/button.html.gz
IP 108.177.14.128:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (748)
Hash 1abce8a949d23fca5c2156778d9a6d05
3228af8bc8423320f24dd107212f835aeb02887b
9a86a76d4c8cd062a42ab00509932aea93efe2499829e1efeff273cd38fed501
GET /widget.kenect.com/resources/button.html.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdstCf2w8CDDParLULj7rUeFlesBIq0xDcx69mAOBzVr2cR7G9j9-AYqgXZLibSkkuZJmVsm7lQf8ScUPB4sCVwNog
x-goog-generation: 1657738772691696
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1414
content-encoding: gzip
x-goog-hash: crc32c=zIMPaA==, md5=GrzoqUnSP8pcIVZ3jZptBQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1414
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Tue, 20 Sep 2022 19:29:48 GMT
expires: Tue, 20 Sep 2022 20:29:48 GMT
cache-control: public,max-age=3600
last-modified: Wed, 13 Jul 2022 18:59:32 GMT
etag: "1abce8a949d23fca5c2156778d9a6d05"
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.oribi.io/XzI4MTU4OTU5OA/oribi.js
143.204.55.35200 OK 3 B URL HTTP/2 cdn.oribi.io/XzI4MTU4OTU5OA/oribi.js
IP 143.204.55.35:0
File type JSON data\012- , ASCII text
Hash 8a80554c91d9fca8acb82f023de02f11
5f36b2ea290645ee34d943220a14b54ee5ea5be5
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
GET /XzI4MTU4OTU5OA/oribi.js HTTP/1.1
Host: cdn.oribi.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=UTF-8
content-length: 3
date: Tue, 20 Sep 2022 19:29:48 GMT
cache-control: public, max-age=60
x-cache: Miss from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GASVC80_jKQbW9SH-jy0AFYpaQBBdvW3vV70cIQ_P-4kYfOSHeShkA==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9405985bfe6aab7c008cf3a305f79b0f
d698b786300ea45e2cd1b9d3fadf2639e71efe5e
28c7a840f64d83b92b41d7255788845fbe83aefbee8acf3d8cb131ffd81f6267
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5197
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Last-Modified: Tue, 20 Sep 2022 18:03:12 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c53364cae0510b97de38fb4b3396ff56
d6088b7fe775ebc077d116271fbe7fce898c06f0
2df909d86d97fbb9a27dd94ca9335ea29eae8f9325fccc8d0ef00a4f7cd7cdc6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e34f594c2e3b9b6a81e4ae9fef80f363
b7f65f5fb0df328d3c863af6c9351923205645f2
bcedda132b602d90a62a5fbe07e7c37f69cce319fb4b84e1bed40b1200e9898b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
storage.googleapis.com/widget.kenect.com/resources/prompt.min.js.gz
108.177.14.128200 OK 1.1 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/prompt.min.js.gz
IP 108.177.14.128:0
File type ASCII text, with very long lines (2437)
Hash 1037d122e10bb5f0d760dc08a815afeb
a9d0faf68ebde9ef78a1c9fddea06ff094762235
e100214aa8f96b8c08394ebbca05454d0b142abc3a4c3e16f7693dabb4af13c8
GET /widget.kenect.com/resources/prompt.min.js.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://storage.googleapis.com/widget.kenect.com/resources/prompt.html.gz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsbQKZfiBE4_7W_hAl5Ygay9r_6a9ZRJavsbWy_WgzwsV4zD8bXK6FAfQ73yj0OnP1bgqH5s1hpcSv5F3vOqS7_WA
x-goog-generation: 1657738775277442
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1139
content-encoding: gzip
x-goog-hash: crc32c=EN5cHQ==, md5=EDfRIuELtfDXYNwIqBWv6w==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1139
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Tue, 20 Sep 2022 19:21:22 GMT
expires: Tue, 20 Sep 2022 20:21:22 GMT
cache-control: public,max-age=3600
age: 507
last-modified: Wed, 13 Jul 2022 18:59:35 GMT
etag: "1037d122e10bb5f0d760dc08a815afeb"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Tue, 20 Sep 2022 18:41:12 GMT
expires: Tue, 20 Sep 2022 20:41:12 GMT
cache-control: public, max-age=7200
age: 2917
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
storage.googleapis.com/widget.kenect.com/resources/button.min.js.gz
108.177.14.128200 OK 1.2 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/button.min.js.gz
IP 108.177.14.128:0
File type ASCII text, with very long lines (2745)
Hash 4cc815772707982e8c2b9ec45fd2fc96
95e0d491cda07f48bf73ea97355e71be7975020b
239d57f3384ca410ab6bfa207d1bf9c48949469f29c42acd4d3d27b3eca27fd2
GET /widget.kenect.com/resources/button.min.js.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://storage.googleapis.com/widget.kenect.com/resources/button.html.gz
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdshSYel8IZTLCdjUZ2JVsviH5GB0u3GW-Liof-actyT1DUQ56TNJ2CEHyC9dGtrPnJ4Rkhl7Mbg-WKqF797RznQYTvMk351
x-goog-generation: 1657738774766484
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1182
content-encoding: gzip
x-goog-hash: crc32c=nJPn3A==, md5=TMgVdycHmC6MK57EX9L8lg==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1182
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Tue, 20 Sep 2022 19:21:22 GMT
expires: Tue, 20 Sep 2022 20:21:22 GMT
cache-control: public,max-age=3600
age: 507
last-modified: Wed, 13 Jul 2022 18:59:34 GMT
etag: "4cc815772707982e8c2b9ec45fd2fc96"
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f590ca1282d11ae4f03734614277fc8d
8a1fb5a3f738f196a1c7434d95825f6bfad96d42
b353f176dace4486e71cad9e6d271b30b5d7125790600427f41c0cbee3046856
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
142.250.74.170200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32038)
Hash 103708790db3586027df27ded660f8ef
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe
GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Sep 2022 19:09:20 GMT
expires: Wed, 20 Sep 2023 19:09:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 1229
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash 9ecd89752214ef749272eef344b9089a
70a58a49c08934265ee34c74efb01d6b3124095d
f76c51487e348977288fcaf83984cd8fe4e73758cc352402774d9eb94680d528
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: wAFLmdHMj5VbnddzktLAFpqBtMB53ReukvOLV5IxtUDtKLfttRRNWRGwpSpCmepnZk5iFXuJoqta9Rfjs+ihkw==
priority: u=3,i
content-length: 26839
x-fb-trip-id: 1679558926
date: Tue, 20 Sep 2022 19:29:49 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,400i,700,700i&subset=latin,latin-ext&display=auto
142.250.74.10200 OK 1.6 kB URL HTTP/2 fonts.googleapis.com/css?family=Lato:400,400i,700,700i&subset=latin,latin-ext&display=auto
IP 142.250.74.10:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2673)
Hash 4e605212202bef6341e927ece364291c
90fb1bb3d0c4a7d7ab1743d50edbb95270351edf
2f2f695e374674ab34973f93da19994614b3490e6b626da6788faf56ad051544
GET /css?family=Lato:400,400i,700,700i&subset=latin,latin-ext&display=auto HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Sep 2022 19:29:47 GMT
date: Tue, 20 Sep 2022 19:29:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-32x32.png
132.148.112.52200 OK 788 B URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-32x32.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash c6aa6a2a07ab263497254c23bb616b8a
0c66fff3499b4f4e034ad214320b293ba66ec3bd
89f7476a2b80bf46a47a313fecef13e0e0c57d5ce4e511194db5c971666e262e
GET /nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-32x32.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en; _gcl_au=1.1.1701499309.1663702189
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Apr 2020 01:45:31 GMT
etag: "1a215a0-314-5a2bda7c864c0"
accept-ranges: bytes
content-length: 788
content-type: image/png
date: Tue, 20 Sep 2022 19:29:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-192x192.png
132.148.112.52200 OK 6.3 kB URL HTTP/2 www.immigration.net/nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-192x192.png
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 22088157dc6b204dde2ee845068880e5
316cf54d748255ddc055a0b40547396a944322ec
82333541f18d98b110bd0f85302b99868c2512c9a74990b4d05b026211cd9aec
GET /nova/wp-content/uploads/2018/01/cropped-Logo_Kuck_Favicon-192x192.png HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en; _gcl_au=1.1.1701499309.1663702189
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 08 Apr 2020 01:45:31 GMT
etag: "1a2159c-186e-5a2bda7c864c0"
accept-ranges: bytes
content-length: 6254
content-type: image/png
date: Tue, 20 Sep 2022 19:29:49 GMT
server: Apache
X-Firefox-Spdy: h2
storage.googleapis.com/widget.kenect.com/resources/scripts/newRelic.js.gz
108.177.14.128200 OK 10 kB URL HTTP/2 storage.googleapis.com/widget.kenect.com/resources/scripts/newRelic.js.gz
IP 108.177.14.128:0
File type ASCII text, with very long lines (29341)
Hash e8ae319d1b0ed5134b4a1514e3908a69
5b8c05c3a99c1dc66315b955458d05e37bb01a3c
ab12cde2168a0e555cb0a85f48246018ca63208f1652225e043cdd7b46d52c73
GET /widget.kenect.com/resources/scripts/newRelic.js.gz HTTP/1.1
Host: storage.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdvoiS8zVsVUz0XdfvseZWyfcdUzfXCycdJ2jcOYPz4xLWdzaAFJ2SQDcHzBVlTitxFmt_9GKogZixO1a9awtXm8OA
x-goog-generation: 1657738775559969
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 10369
content-encoding: gzip
x-goog-hash: crc32c=g0phvw==, md5=6K4xnRsO1RNLShUU45CKaQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
vary: Accept-Encoding
content-length: 10369
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
date: Tue, 20 Sep 2022 19:29:49 GMT
expires: Tue, 20 Sep 2022 20:29:49 GMT
cache-control: public,max-age=3600
last-modified: Wed, 13 Jul 2022 18:59:35 GMT
etag: "e8ae319d1b0ed5134b4a1514e3908a69"
content-type: application/javascript
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://storage.googleapis.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 02:02:22 GMT
expires: Sun, 17 Sep 2023 02:02:22 GMT
cache-control: public, max-age=31536000
age: 322047
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a.mailmunch.co/app/v1/styles.css
143.204.55.40200 OK 2.3 kB URL HTTP/2 a.mailmunch.co/app/v1/styles.css
IP 143.204.55.40:0
File type ASCII text, with very long lines (21666), with no line terminators
Hash d1960a22292f1bb765b3e3b001e5d1fb
c7a423651222e15e88c266e69bc7026a683ce169
52e6bcf70e9a97094be1eb6af8a3d71fc2534ccc18e88ae665d66bb6e2ede1f8
GET /app/v1/styles.css HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css
content-length: 2274
date: Mon, 19 Sep 2022 21:03:25 GMT
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Mon, 19 Sep 2022 13:30:38 GMT
etag: "d1960a22292f1bb765b3e3b001e5d1fb"
cache-control: max-age=172800
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5N1DGmGVDdx1CdlZ6Wa-oOd9uf8WE-UiRg1cA4YXNCqA9I4TapspNw==
age: 80785
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9405985bfe6aab7c008cf3a305f79b0f
d698b786300ea45e2cd1b9d3fadf2639e71efe5e
28c7a840f64d83b92b41d7255788845fbe83aefbee8acf3d8cb131ffd81f6267
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5197
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Last-Modified: Tue, 20 Sep 2022 18:03:12 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e34f594c2e3b9b6a81e4ae9fef80f363
b7f65f5fb0df328d3c863af6c9351923205645f2
bcedda132b602d90a62a5fbe07e7c37f69cce319fb4b84e1bed40b1200e9898b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 81fa7001b4b94f54d2ab4f3237ecaabb
e21bb07f34d9bed91f5caac3f9a83e9600a5652c
0ecbe6e0c5198d792a0eeb4197c88ec1d3a9f8b215efae7a6bb87776f7673b6a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663702189032&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663702189032&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=4573033&time=1663702189032&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663702189032%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252Ftag%252F601a%252F%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQJ2PK9oFWwPxQAAAYNcYMSFOMf696vK-7rPzkgdMf0Yl7BpK5d3cPFgFqXDpBQXek9K-XplUMCfjQ; Max-Age=2592000; Expires=Thu, 20 Oct 2022 19:29:49 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIN_F7Hc6TWNwAAAYNcYMSFRR6XFQQtnX7g1aQRbGxSXehFk6xBW4f8jSfrMzunyDw8_qqmreRoL2cdZTmrsA; Max-Age=2592000; Expires=Thu, 20 Oct 2022 19:29:49 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&0b1d74d4-dbb8-44b4-88a1-06c51e845e0a"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 20-Sep-2023 19:29:49 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2346:u=1:x=1:i=1663702189:t=1663788589:v=2:sig=AQF1m72P6uoSrfccIajPbhSztNz4fsm2"; Expires=Wed, 21 Sep 2022 19:29:49 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXpINn/fqc4dQMOl7oMUA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 6E76730519914FAFB5920AB62D9A884F Ref B: OSL30EDGE0507 Ref C: 2022-09-20T19:29:49Z
date: Tue, 20 Sep 2022 19:29:48 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dda77a44a7f9eeb9bd828f659ccb7e22
9af43f88835600fd3206e4f18b0c1c2571a3959c
c8effed6366a20b26e104fc4f64d24213eb357d61e7683e28f812d0c21edd044
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10928892074/?random=1663702189173&cv=9&fst=1663702189173&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&auid=1701499309.1663702189&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.130200 OK 1.0 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10928892074/?random=1663702189173&cv=9&fst=1663702189173&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&auid=1701499309.1663702189&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (2284), with no line terminators
Hash a19b4a9b92d47bb13eedfd73b228d6ee
2f27b455e9e6b6931e28fd4ba30f2baff1c45467
5382608baf19e4cdce9cfe2d583d4fa08fb6e265069e28210767ceefb384d028
GET /pagead/viewthroughconversion/10928892074/?random=1663702189173&cv=9&fst=1663702189173&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&auid=1701499309.1663702189&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 20 Sep 2022 19:29:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1045
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 20-Sep-2022 19:44:49 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9baaa3878151bf5d83c8d7014da17e5d
d8952bdd01ddec1d9a5a480f17ff5e39f6bdb037
1734ff9035c0a9c965cb5047e9fdbc2c1184b6c568066e856c6dbf0b8dc51df3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
forms.mailmunch.co/sites/542742
54.162.128.250200 OK 130 B URL HTTP/1.1 forms.mailmunch.co/sites/542742
IP 54.162.128.250:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 0efc6ecbe4280204a98f7e186804f465
4067f1810186b063a3f9e8f40de6a8f3d68c7b10
040a7b63926e4afd0e48fce3c69bd80b974bcbc09491e6c0c683b8645cfa232f
GET /sites/542742 HTTP/1.1
Host: forms.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Cowboy
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-MM-Form-Tool, X-MM-Coupons
Access-Control-Expose-Headers: X-MM-Comp-Tracking, X-MM-EU-Continent, X-MM-T
Content-Type: application/json; charset=utf-8
Content-Length: 130
Etag: W/"82-QGfxgQGGsGOj+ej0Deao89aMexA"
Vary: Accept-Encoding
Date: Tue, 20 Sep 2022 19:29:49 GMT
Via: 1.1 vegur
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663702189032%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252Ftag%252F601a%252F%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663702189032%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252Ftag%252F601a%252F%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4573033%26time%3D1663702189032%26url%3Dhttps%253A%252F%252Fwww.immigration.net%252Ftag%252F601a%252F%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.immigration.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663702189032&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&7a6133e0-fdd9-43ce-8134-c551997c2dee"; Domain=.linkedin.com; Expires=Wed, 20-Sep-2023 19:29:49 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220920192949e399f59c-d042-4097-893d-33c81f690bbdAQEI5SBQN8Me9QkuulRIUynz5vB4ceWt"; Domain=.www.linkedin.com; Expires=Wed, 20-Sep-2023 19:29:49 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjM3MDIxODk7MjswMjGummTHpMwl3zawUYWnsAPpb/VkJLbUACr8mA7uAgsXag==; Domain=.linkedin.com; Expires=Sun, 19 Mar 2023 19:29:49 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2346:u=1:x=1:i=1663702189:t=1663788589:v=2:sig=AQF1m72P6uoSrfccIajPbhSztNz4fsm2"; Expires=Wed, 21 Sep 2022 19:29:49 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXpINoDAYm+tpSt3X5hwQ==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 5763116E6F804B0FB174373982DBB4D0 Ref B: OSL30EDGE0507 Ref C: 2022-09-20T19:29:49Z
date: Tue, 20 Sep 2022 19:29:49 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fde987c85b17b2242afddd76c3fd3b62
08e87b8185fc39462e6b331d565a864df2fd5865
49bc15e88c546089cc42939f8dc9f7046f1dd98332c31cf52435586bc8ea177c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=3361911217415580&ev=PageView&dl=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&rl=&if=false&ts=1663702189489&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.1.1663702189488.467370700&it=1663702189181&coo=false&rqm=GET
157.240.200.35200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=3361911217415580&ev=PageView&dl=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&rl=&if=false&ts=1663702189489&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.1.1663702189488.467370700&it=1663702189181&coo=false&rqm=GET
IP 157.240.200.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=3361911217415580&ev=PageView&dl=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&rl=&if=false&ts=1663702189489&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.1.1663702189488.467370700&it=1663702189181&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Tue, 20 Sep 2022 19:29:49 GMT
expires: Tue, 20 Sep 2022 19:29:49 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/10928892074/?random=1663702189173&cv=9&fst=1663700400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&async=1&fmt=3&is_vtc=1&random=358003163&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10928892074/?random=1663702189173&cv=9&fst=1663700400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&async=1&fmt=3&is_vtc=1&random=358003163&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10928892074/?random=1663702189173&cv=9&fst=1663700400000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&tiba=601a%20%7C%20Kuck%20Baxter&async=1&fmt=3&is_vtc=1&random=358003163&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 20 Sep 2022 19:29:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0180bad73e9143c70a43e0065c4a8072
035340a6bdb7d6438d9e1c5cfa1d5bd0928d98e4
c74f5ac8268c64bc64d08fe4da689750b91c40462265e8ce1b815d202889f3e7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663702189032&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=4573033&time=1663702189032&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=4573033&time=1663702189032&url=https%3A%2F%2Fwww.immigration.net%2Ftag%2F601a%2F&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.immigration.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&93a57f0e-a4a2-4751-8aa5-70a5d3799e4a"; domain=.linkedin.com; Path=/; Secure; Expires=Wed, 20-Sep-2023 19:29:49 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2391:u=1:x=1:i=1663702189:t=1663788589:v=2:sig=AQHYIPNfw5TScBdrazJj-xUCmKSbAvdD"; Expires=Wed, 21 Sep 2022 19:29:49 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXpINoGLzQbtU3snqCXKw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: CE17FA96EA704E8889387192944728AE Ref B: OSL30EDGE0507 Ref C: 2022-09-20T19:29:49Z
date: Tue, 20 Sep 2022 19:29:49 GMT
content-length: 0
X-Firefox-Spdy: h2
js-agent.newrelic.com/nr-spa-1211.min.js
151.101.86.137200 OK 16 kB URL HTTP/2 js-agent.newrelic.com/nr-spa-1211.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (32005)
Hash 7b77b3d7bee1029e0448396ce9b2a5cd
597bd0afc66a54e49f6eaab08ae66fe2e5c0ecd1
c29053215fa48791043f848a5a44effa881c8625e60d33585944a166e14db01e
GET /nr-spa-1211.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: unJyFjwMueefdw98CsCPPiCQzxwwDzQR5PsqUf7i1PqDfi/S2kW9zovTM8xnmkfD3kpFuU4eggQ=
x-amz-request-id: TXTEKQ3D4T65FNTE
last-modified: Mon, 27 Sep 2021 20:46:51 GMT
etag: "a5ee6c68d7de5e7446d73910964b5c10"
x-amz-version-id: CLSa7QJ2hagEFCkLjcLamPCZ0EDdPlaV
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 20 Sep 2022 19:29:49 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 16
x-timer: S1663702190.754915,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 16260
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b83a6b6b4befc3dde083b82c36d63a58
ee43af38bbdbf69c7f6697aa9edd70b0d1263b2b
177757fc5a4865f99a033f45e5e278d9c88ddc3344e7af940a6a7c0d934f368d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4652
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 19:29:49 GMT
Last-Modified: Tue, 20 Sep 2022 18:12:17 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5732&ck=1&ref=https://www.immigration.net/tag/601a/&be=5141&fe=5645&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663702184054,%22n%22:0,%22f%22:1511,%22dn%22:1512,%22dne%22:1513,%22c%22:1513,%22s%22:1661,%22ce%22:1953,%22rq%22:1954,%22rp%22:3300,%22rpe%22:3453,%22dl%22:3309,%22di%22:4694,%22ds%22:4729,%22de%22:4766,%22dc%22:5639,%22l%22:5639,%22le%22:5645%7D,%22navigation%22:%7B%7D%7D&fcp=4489&jsonp=NREUM.setToken
162.247.241.14200 OK 72 B URL HTTP/1.1 bam.nr-data.net/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5732&ck=1&ref=https://www.immigration.net/tag/601a/&be=5141&fe=5645&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663702184054,%22n%22:0,%22f%22:1511,%22dn%22:1512,%22dne%22:1513,%22c%22:1513,%22s%22:1661,%22ce%22:1953,%22rq%22:1954,%22rp%22:3300,%22rpe%22:3453,%22dl%22:3309,%22di%22:4694,%22ds%22:4729,%22de%22:4766,%22dc%22:5639,%22l%22:5639,%22le%22:5645%7D,%22navigation%22:%7B%7D%7D&fcp=4489&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash 107d93e382e2c9b00fbf9fb0edc65d86
77e750e3ebf9706f4f6dd253785602d70be17c6c
a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
GET /1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5732&ck=1&ref=https://www.immigration.net/tag/601a/&be=5141&fe=5645&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1663702184054,%22n%22:0,%22f%22:1511,%22dn%22:1512,%22dne%22:1513,%22c%22:1513,%22s%22:1661,%22ce%22:1953,%22rq%22:1954,%22rp%22:3300,%22rpe%22:3453,%22dl%22:3309,%22di%22:4694,%22ds%22:4729,%22de%22:4766,%22dc%22:5639,%22l%22:5639,%22le%22:5645%7D,%22navigation%22:%7B%7D%7D&fcp=4489&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 19:29:49 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 74dcf8de5e38b4f9-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=35c97dd0eb75a983; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
bam.nr-data.net/events/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5953&ck=1&ref=https://www.immigration.net/tag/601a/
162.247.241.14200 OK 24 B URL HTTP/1.1 bam.nr-data.net/events/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5953&ck=1&ref=https://www.immigration.net/tag/601a/
IP 162.247.241.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash bc32ed98d624acb4008f986349a20d26
2d3df8c11d2168ce2c27e0937421d11d85016361
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
POST /events/1/NRJS-d0beae4934ee7eb77f1?a=954751871&sa=1&v=1211.ba193a8&t=Unnamed%20Transaction&rst=5953&ck=1&ref=https://www.immigration.net/tag/601a/ HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 180
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 19:29:50 GMT
Content-Type: image/gif
Content-Length: 24
Connection: keep-alive
CF-Ray: 74dcf8df8ffab4f9-OSL
Access-Control-Allow-Origin: https://www.immigration.net
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare
www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.min.js?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2
132.148.112.52200 OK 0 B URL HTTP/2 www.immigration.net/nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.min.js?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2
IP 132.148.112.52:0
ASN #398101 GO-DADDY-COM-LLC
GET /nova/wp-content/plugins/buttonizer-multifunctional-button/assets/legacy/frontend.min.js?v=f2f87b58be0d57ecf71ada8df361a2d9&ver=6.0.2 HTTP/1.1
Host: www.immigration.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/tag/601a/
Cookie: MNWcrAfz=_a16%40mORpcGv7%2AL; YWRlcnrXO=_xQmGW.fuOg7; CzepGkADlOSKtb=ry%40%5BA2UD; enCXHt=Bo1RIGh8nAkf; pll_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 19 Sep 2022 16:25:49 GMT
etag: "28e0421-4d71d-5e90a2a25e20f-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/javascript
date: Tue, 20 Sep 2022 19:29:47 GMT
server: Apache
X-Firefox-Spdy: h2
a.mailmunch.co/forms-cache/542742/settings-1663681080.json
143.204.55.40200 OK 0 B URL HTTP/2 a.mailmunch.co/forms-cache/542742/settings-1663681080.json
IP 143.204.55.40:0
GET /forms-cache/542742/settings-1663681080.json HTTP/1.1
Host: a.mailmunch.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.immigration.net
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Tue, 20 Sep 2022 15:08:35 GMT
access-control-allow-origin: *
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
access-control-expose-headers: ETag
access-control-max-age: 3000
last-modified: Tue, 20 Sep 2022 13:38:13 GMT
etag: W/"1cd542084896d4f46dd12168f42e8113"
cache-control: max-age=31556952
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NM9tOJAwOvkOIqgHNj8uae8ibac8xQ2SbbcT4p_JBwATnoMpovsE_Q==
age: 15675
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,700
IP 142.250.74.10:0
GET /css?family=Open+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.immigration.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Sep 2022 19:29:47 GMT
date: Tue, 20 Sep 2022 19:29:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2