firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 18 Sep 2022 21:12:24 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: D_bkXNLVqpGSDfZw3ruRMWXnIlM3pBfNpanMiSX6UW4OSQwbiEvXfw==
Age: 2592
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash adb43321efa5cd1662993b701ff25fa4
1299dcea7e9c59d9f22f39d69025484fe71098c1
2c25a6717245be3746f1412af9dd1c351e12dbb93e8e08c3ddcdacf35e419514
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C25A6717245BE3746F1412AF9DD1C351E12DBB93E8E08C3DDCDACF35E419514"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7687
Expires: Mon, 19 Sep 2022 00:03:43 GMT
Date: Sun, 18 Sep 2022 21:55:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 18 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SIZ3uCVjCSMxt8O9ndJ1wzikSbyQFDemEOq6BcKWKoO_sujxfK1PQA==
age: 62423
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 18 Sep 2022 21:55:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
104.21.79.72301 Moved Permanently 0 B URL HTTP/1.1 www.winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
IP 104.21.79.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_ HTTP/1.1
Host: www.winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 18 Sep 2022 21:55:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Cache-Enabled: False
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
X-Httpd-Modphp: 1
Host-Header: 6b7412fb82ca5edfd0917e3957f05d89
X-Proxy-Cache: MISS
X-Proxy-Cache-Info: W301 NC:000000 UP:SKIP_CACHE_NO_CACHE
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hp0KIwFfRzVPqi250lfMlqU7smcKDUwX70ufE9ox3F3FhFROKYQIhjp%2Fb%2Bdh4Aa%2B3aX9B7rp3J66fDOqzi4WVvi7Ncug5V9N502lMxLzzuCQSAnX0xvmgZ%2BoBumjAxnmYms%2Bvg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53a87a041c12-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 18 Sep 2022 21:03:22 GMT
Expires: Sun, 18 Sep 2022 21:08:41 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 22vEIj9GqSTwQkbEMP3hH8hz14jG0OGxUE2wctRFaLH3Pcrcn2CasQ==
Age: 3135
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5fd1174f35b25298fc44a6de1af3f3d6
d45a47995ec34c7df480b3efafb13f55d9df7eb8
f60573eff255ef3d7603ca813f410c30588931b4018ffa0e07fa0bb2653c47af
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2895
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 21:55:37 GMT
Last-Modified: Sun, 18 Sep 2022 21:07:22 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.148.148.62101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.148.62:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6B9ITJQF7dr8OhyRo4C9TQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bDIGiHVzERd3ebd95ANbzALZQ4c=
winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
172.67.169.56404 Not Found 11 kB URL HTTP/1.1 winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
IP 172.67.169.56:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9261), with CRLF, LF line terminators
Hash 7cda5f5becd3b04e6d71d92a64d73775
f610f78c6fd88d7a1e23beb316c6c19e9c3b3856
622ce95c6a8e473e3efa24c71970e9ff91c37b2773f6fabfecec8310074c4e83
GET /h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_ HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Date: Sun, 18 Sep 2022 21:55:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Cache-Enabled: False
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://winwin289.net/wp-json/>; rel="https://api.w.org/"
X-Httpd-Modphp: 1
Host-Header: 6b7412fb82ca5edfd0917e3957f05d89
X-Proxy-Cache: MISS
X-Proxy-Cache-Info: W NC:000000 UP:SKIP_CACHE_NO_CACHE
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lWFnGLrKoFhrpGUh82Z68%2BAB1sLsIiENOXmNHPUUS933xbImkOnhvrNUKjYfkWM2OY8qmvVqi%2F7t6vcPvByZ5AULHMdBlxnCQdDY6BgF9oBl0pZOAeLik81Qe4e%2F95sd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53ac48b8b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/uploads/elementor/thumbs/IMG_4614-pikitxcztj8200wx14tc7adti0l7z4d3ihs1qj4j54.png
172.67.169.56200 OK 12 kB URL HTTP/2 winwin289.net/wp-content/uploads/elementor/thumbs/IMG_4614-pikitxcztj8200wx14tc7adti0l7z4d3ihs1qj4j54.png
IP 172.67.169.56:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 2df271e8f375285785570a8d41dcf937
64003920cba74eac568e153fb6148d0303960517
2bc59fa135aeb4661f769d4d379f99bd239148b1dfacf038b3e3b2f4d862e3c5
GET /wp-content/uploads/elementor/thumbs/IMG_4614-pikitxcztj8200wx14tc7adti0l7z4d3ihs1qj4j54.png HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://winwin289.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 18 Sep 2022 21:55:38 GMT
content-type: image/png
content-length: 11452
last-modified: Wed, 05 Jan 2022 14:15:47 GMT
etag: "61d5a813-2cbc"
expires: Mon, 18 Sep 2023 21:55:22 GMT
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
x-proxy-cache-info: DT:1
cf-cache-status: HIT
age: 16
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WxpV5bPhspCF6%2FHSBiHwYXX1nTcHJJTARlb1sUU5JnuhyD3M0FxbqJvTp17Z84sWfZIsjI3hFWJWziOXX8AiNszfI1V5VM36Ar3VwK7qLYGmlCvCZYCpQDcwI8FTBsx%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74cd53b278a6b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eaa8b4aa123f9dd7237c5c51d2f848d9
1082f5f6ef7229ec76f94f3d236f273b26294563
d1ad33dae2fcab5c7d66875f0e7a01cc30e0b3a031606917fa5448c54f84e20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 21:55:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eaa8b4aa123f9dd7237c5c51d2f848d9
1082f5f6ef7229ec76f94f3d236f273b26294563
d1ad33dae2fcab5c7d66875f0e7a01cc30e0b3a031606917fa5448c54f84e20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 21:55:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
winwin289.net/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
172.67.169.56200 OK 4.3 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
IP 172.67.169.56:0
File type ASCII text, with very long lines (19233)
Hash 51c14be8cbfb7334383494746c733869
971da5aaf47ab655947d88c9249d6598c9bc5f20
77907724b67b6593434ba72dfdd5c8c448612d8b77b2becf4bfe84e22720e29d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-4b4f"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dRZ4qBN8yuePz7y1M%2BAm2i%2Fol0h8%2BTJYx8r%2B%2BrQAmU8Glo3dW2UkFuH%2BBrBndD0Tg%2BvkD2noci38J8BeLlpUlrKhUVm2fELL6gi6boJpn3%2B9An4MWeE1pg5yGTh6rnpo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b24b030b49-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/uploads/elementor/css/post-56.css?ver=1661937568
172.67.169.56200 OK 370 B URL HTTP/1.1 winwin289.net/wp-content/uploads/elementor/css/post-56.css?ver=1661937568
IP 172.67.169.56:0
File type ASCII text, with very long lines (1118), with no line terminators
Hash ec583b7b5377ab5a0079a10fff077ab1
ad96752ec6da08f0a34e3c7edbfefd2502f68f74
4a7779c8bf4ae881ecd4a85f826c7e8b6152b0188568b62fe8f3a61fe6a2cee8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-56.css?ver=1661937568 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:19:28 GMT
Vary: Accept-Encoding
ETag: W/"630f27a0-45e"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Li7Wk5ODqUPScpEicGPmzu0pO0wH6NXfDU0r49mGG5Hx7mfaMC7FlAXy34ZiEKVhrZHA9NyVp3gw6GakCuNHfe0JdnijzQEg%2BOqt74sOH5aqwi3xFLGXnAs0%2BcMemsGV"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b25b9e0b41-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.7.3
172.67.169.56200 OK 18 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.7.3
IP 172.67.169.56:0
File type ASCII text, with very long lines (65497)
Hash abbf65366ef0148f5f3ec9c97badb29a
5e8bf10fce6b310e01d0f0c28024a7b21a2bf531
673b831f8125f175c508d40c705d109ac53df6a8c79ca28f53d620f5d9021b93
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.7.3 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-1a788"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q68wv0S3m3RVTedMu778WsULAn42nu96Ww%2FyiZd8uF2wybDaaP3olgajJ%2BxdPvHO4MmnI1X0YgFY13eIhclhf0o6v2umKwH7sZYRjgnWVKXUDPtg1hGEpfTe3pF7pjNp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b25c020b65-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/themes/theme-slot-apollo/style.css?ver=1.4
172.67.169.56200 OK 31 kB URL HTTP/1.1 winwin289.net/wp-content/themes/theme-slot-apollo/style.css?ver=1.4
IP 172.67.169.56:0
File type Unicode text, UTF-8 text, with very long lines (403)
Hash 34475c9e2e2e246f9dc6bbdeac723a5f
b71494fdc39df54b6ee8c973fdf0f68c5f6509ce
01eb616839a5bb406797d36a078d4c30a77f740df379e17b56af6079538e45e7
GET /wp-content/themes/theme-slot-apollo/style.css?ver=1.4 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 15 Jul 2022 10:35:46 GMT
Vary: Accept-Encoding
ETag: W/"62d14302-2683e"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TNwEivw6qoCf8WrtGXq39ywdCpSZWp81t1WMqRr2kbBFpIff5FrhWbICbbvEdmB4Nc7Jze0SBJ9g5dXSPYlwfMjI1kqMRLnGw4lslngaXlTY31OQz338kLyRa9xobCEx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b24d33b4ff-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
172.67.169.56200 OK 15 kB URL HTTP/1.1 winwin289.net/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 172.67.169.56:0
File type ASCII text, with very long lines (43771)
Hash d38b2c323cba671cbd72a73d7cbaea08
a46c95529ed5782a1995a0f21acf9ddf36c315a7
bcefa1e059a6ebc5ad82b911d47095bd272f56218e30c556b48e4424ad590a5d
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 13 Aug 2022 13:42:16 GMT
Vary: Accept-Encoding
ETag: W/"62f7aa38-15b64"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCKGnSkWa4Vjz69PTRd164F8MI2xdBi6nD9%2FihmOwYNt5juSM9dAdlQYg2BIke8ORoD2Qr7PEj48S4omlBrcstulUkp1cWAhqGj4%2BJk71Jsaw7N21Ieg2guYkopiQHhg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b24ed9b4f7-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5372
Expires: Sun, 18 Sep 2022 23:25:10 GMT
Date: Sun, 18 Sep 2022 21:55:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5372
Expires: Sun, 18 Sep 2022 23:25:10 GMT
Date: Sun, 18 Sep 2022 21:55:38 GMT
Connection: keep-alive
winwin289.net/wp-content/plugins/powerpack-elements/assets/css/min/frontend.min.css?ver=2.4.0
172.67.169.56200 OK 53 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/powerpack-elements/assets/css/min/frontend.min.css?ver=2.4.0
IP 172.67.169.56:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 057b1c22276b4c10b79c3ee9ab912177
0f2f39167bc99ad09f49ce0ed2ea606452e858b6
b27069be3b7ff9cbd37e149ed0a98ac931b9b91c34cc617edc04326a84be0453
GET /wp-content/plugins/powerpack-elements/assets/css/min/frontend.min.css?ver=2.4.0 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:40 GMT
Vary: Accept-Encoding
ETag: W/"61d4a858-4dd06"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FDpgMyM40YA0Ich6pBTWYqg2dLGTAmmCl6FAsge4qVItDCEw2EJiZdKT6ttG8yKadwFcf8GX%2BidVygLOor%2BiHkKpBGbl5w%2BmmZbXrLu%2BZCs3zAoNGwlQX8PmydJSmBj5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b25a6c0b59-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5372
Expires: Sun, 18 Sep 2022 23:25:10 GMT
Date: Sun, 18 Sep 2022 21:55:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f003d8b6e12692fb16dddd6827deead8
786c333cf08456aea446a55c547520572e1c2df9
d79ea50cfc0f237b3de8f1826cbae1de0b1dbc632a5a06b08d9640abedded935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11919
x-amzn-requestid: 2f547c1f-2f5d-4707-8f6c-fe9dfff51383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfS4FI9oAMFScw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145ab-3c967f2653d06c1c079f88c1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QgOb-hraq20XpHk_0Cyz2UMxaIEjP8ilIXt2VuhiRJWJAOG5EuAb5A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 05:49:05 GMT
age: 57993
etag: "786c333cf08456aea446a55c547520572e1c2df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1d192c6-d447-4ad9-b142-a9258211f67d.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1d192c6-d447-4ad9-b142-a9258211f67d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 29f4a52fb629dce4ef8038d4df7ea58a
4a5b84c77bd53f4c94e1af4a702f6f85b46b51b0
32cee35b22110b83738f49f49edb6efcedb54fe793d5ccc900004e16e3fefda3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1d192c6-d447-4ad9-b142-a9258211f67d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5827
x-amzn-requestid: a30d5a61-ccb2-4582-8298-1abb79830dda
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yl7VSF21IAMFvGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63257288-5b79117f185617fb0f37a845;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 07:08:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2cYYmknnm5GHRMA69N-dqXXKHb1-tfN1PuRYB5xxtRJK5Gk3-PO0Bw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 07:16:15 GMT
age: 52763
etag: "4a5b84c77bd53f4c94e1af4a702f6f85b46b51b0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62071590-e532-4ed4-a54b-1fb5a73d2f63.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62071590-e532-4ed4-a54b-1fb5a73d2f63.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 591051a00cb3f972934af2f5f945b9c3
4ae396f23a386b68ea35e348da9fdaabf973e978
ad4dbe49c25ca214af9c54466551826325e4b2d6db9346e812572be81f7e8133
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62071590-e532-4ed4-a54b-1fb5a73d2f63.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13098
x-amzn-requestid: 5f4b3013-e2e5-4efc-bb37-ad3a48246c32
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbTBxF3RoAMFkRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6321320b-146edea60890413e7ebac28b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 01:44:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: a0IVdWhkfwm-zx3d-0NhWnr9hrOxxOxyO0ZwbKA9COU_VHzAGHrTSA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 22:18:56 GMT
age: 85002
etag: "4ae396f23a386b68ea35e348da9fdaabf973e978"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0743b1dc-9d34-4282-a031-42c70fa409f3.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0743b1dc-9d34-4282-a031-42c70fa409f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 56ade9172e883c777dd974ca879bceba
b2aaf019e083443a6404c262206ee2e981d3165c
c8407ad191143d2d947464b357d8426efb334cb165c4fa5ca01573d8f7ca7b76
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0743b1dc-9d34-4282-a031-42c70fa409f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5133
x-amzn-requestid: 01f39c0a-c86f-4057-a505-20200819203c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YioKkFrFoAMFhMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632420a9-5821f44144b61475180ec961;Sampled=0
x-amzn-remapped-date: Fri, 16 Sep 2022 07:07:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: mDe4BYbMkqkO3wq6onH6c_YOfWn32Z4L9t-QW_5mwez4bcrVkrQBuw==
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 07:38:13 GMT
age: 51445
etag: "b2aaf019e083443a6404c262206ee2e981d3165c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99a57f83-dfc8-4b82-ba40-2b21aa8c0f64.webp
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99a57f83-dfc8-4b82-ba40-2b21aa8c0f64.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 51d067e534c477ce996b3e806f6a132e
451c1f67948e45909e636828e3d2a3099de922f0
e13318949733eb7992695c61570cc8b2961d881a8343c677a77cd035e787bbaf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99a57f83-dfc8-4b82-ba40-2b21aa8c0f64.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6869
x-amzn-requestid: e4e424a6-6c79-405b-8d1b-d40749ae3f0e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn5yLHi8oAMFpXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263cda-22f6dae17ded045177976eaf;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:32:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eSPLuSCIr6IOor8bQh1STKcy6i_bS6nPhndKrN_g7IrXl6U43TogYw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 22:29:35 GMT
etag: "451c1f67948e45909e636828e3d2a3099de922f0"
content-type: image/jpeg
age: 84363
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fa6db45-871c-41e1-be1d-bc188fa9419b.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fa6db45-871c-41e1-be1d-bc188fa9419b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2e5759fd404a039955868b121bbd075
04fb3179255ba5ec897ffc4581966945cc9fe2ca
42623d1a0f52682db915b075a894d8cd18f2b53efc7815304b0304841536cf35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8fa6db45-871c-41e1-be1d-bc188fa9419b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8005
x-amzn-requestid: 2ce67f7f-9a03-4f4d-b06c-ec0de59c2854
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn6KhH9PoAMFh2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263d76-6aeeee3217540c5863913912;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:34:46 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hHE8PD-PBif2YjztVe4A08wILChFqRvVUrJD-XScWKENd8X0_jornw==
via: 1.1 ca66331b52971370c4e54619e8a952cc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 17 Sep 2022 22:11:46 GMT
age: 85432
etag: "04fb3179255ba5ec897ffc4581966945cc9fe2ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
winwin289.net/wp-content/uploads/elementor/css/global.css?ver=1661937570
172.67.169.56200 OK 7.1 kB URL HTTP/1.1 winwin289.net/wp-content/uploads/elementor/css/global.css?ver=1661937570
IP 172.67.169.56:0
File type ASCII text, with very long lines (51458)
Hash 40216e05d6daaa578960b810727e3cd8
9ffa910a8c58ff440106ca2fb6fd1080a4d1ee9b
424aea555d2b7f73ec73ec90d16a2c49fe77ebcc8dd26d71b387487db88e5653
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/global.css?ver=1661937570 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:19:30 GMT
Vary: Accept-Encoding
ETag: W/"630f27a2-13e4a"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N3WFYq5xgCkTk%2BnSc3GNETiVmXjiuLsgYIbOhW7ScOhlcUeUlAdYIySW%2BrV8bd02qL5Pz%2BQOkVNEd6HMeLeurBdyfUE6P47x6om5kOsVcBzB7qxr1PFKm%2Bb3tGxH5c44"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b4ed9e0b41-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/uploads/elementor/css/post-334.css?ver=1661937570
172.67.169.56200 OK 799 B URL HTTP/1.1 winwin289.net/wp-content/uploads/elementor/css/post-334.css?ver=1661937570
IP 172.67.169.56:0
File type ASCII text, with very long lines (1895)
Hash 4e40898174ae633ca3af295ae6c6a2f9
2cf8616a82dd16dbfd9e8cb0d6add1b212f5e876
4940968505281dfca84f4ad116f53f46a8f719597d45ba7c1424bc4b1d29d32f
GET /wp-content/uploads/elementor/css/post-334.css?ver=1661937570 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:19:30 GMT
Vary: Accept-Encoding
ETag: W/"630f27a2-f91"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T7EAifiuFooUjIIYpViV%2BSMV8V0wTLu%2BRCOh4Xr9rAdeMevUnE3iJlNg7c5DuENT48nJNOFL8VH1KXxChooepqIfT06sRGhkvJj%2BA5iEZ9RkTTC05ZvvfL7o%2Fy94bEDE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b5bef80b65-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/uploads/elementor/css/post-72.css?ver=1661937570
172.67.169.56200 OK 1.2 kB URL HTTP/1.1 winwin289.net/wp-content/uploads/elementor/css/post-72.css?ver=1661937570
IP 172.67.169.56:0
File type ASCII text, with very long lines (9501), with no line terminators
Hash 2ef62142f083177101f4ca8497493629
9b73a83c340437021dbf8271d7cfe0189f6f79d4
151891c6140b015f7f189df213af8acc49ee26e69ff8b7827f27580f2ee57663
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-72.css?ver=1661937570 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:19:30 GMT
Vary: Accept-Encoding
ETag: W/"630f27a2-251d"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aUZI0IoENVCfCviBOVTEalF5LooLx33wteliMrkz9Jzch31fZ%2BJtDwO%2FR3KTd5MpSVsPLoRSWos%2B4NIEylZJ9S1DMRXNy6je4Q4triw9GodBfGouKe6c%2BfNZseupt8pw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b61a27b4f7-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/uploads/elementor/css/post-59.css?ver=1661937570
172.67.169.56200 OK 927 B URL HTTP/1.1 winwin289.net/wp-content/uploads/elementor/css/post-59.css?ver=1661937570
IP 172.67.169.56:0
File type ASCII text, with very long lines (4799), with no line terminators
Hash 63a4c12c5ecf0964b62c6b588e276810
e45d0a487b4177bc3da5e5598b8bf6d4f5a55e9f
d4d765b6e55e009d90cc1f24cadb651b22874e3f00980946beb3bd8ecb4bbb01
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-59.css?ver=1661937570 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:19:30 GMT
Vary: Accept-Encoding
ETag: W/"630f27a2-12bf"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EDWh6%2ByrhlXqn22zZMmnXlvQ4bkO1MsdQEnXBcBzek36D%2BNAHpJdZBdcSZtozTOMBxn5uYEZ2Pccb2xPZP9OZTJYHcnPwv6PPkjfr5ZJzfmZanVhLk16SgnNAU9AL5%2Be"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b5f8b8b4ff-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.5.2
172.67.169.56200 OK 19 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.5.2
IP 172.67.169.56:0
File type ASCII text, with very long lines (65493)
Hash 1e8d0dbfdc579a741dd39dd82818c921
8b369edd11e98e05007c52cc03e48264d734dd05
64ab628cfe012b181f16b6bd94f7282a42a35dd0b52157085701ba4d313329ab
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.5.2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:38 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:12 GMT
Vary: Accept-Encoding
ETag: W/"61d4a83c-1f12b"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzgvOJ5VTupOLFaSGysPHTUrw00VxFReWHbI3D51fn%2FflDCtdOTUcTclWNmZEXM3BTpI%2B7RR8TRw2WKLtyBfpjctlSscfbIXLvT%2BiceHtFuK4siSKoxaBfu9VdDdpymD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b4bc990b49-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css
172.67.169.56200 OK 1.3 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css
IP 172.67.169.56:0
File type ASCII text, with very long lines (11736)
Hash a79f321fe64ae062a95b0aafde620ef5
5a0a8771cc5f502926a6e49da75b996f65136840
d5e8f97a65b85483f421c333bd44c8ecf763e68c63cf419ed368e154e1c842e2
GET /wp-content/plugins/elementor/assets/css/widget-icon-list.min.css HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-2dff"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iEc9KXcxfjdBi4EUa0Z6gtFRPfAzFwPSPkdc5XYcXzfRKNoEOmmpODY59aeQUmp2pO13FsQY1y3wECb7MQkZMecFZJclH4sJtIvLeIKGItCGAPBbH1cognSgPii%2BG%2FUU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b85c0fb4f7-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
172.67.169.56200 OK 321 B URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 172.67.169.56:0
File type ASCII text, with very long lines (483)
Hash 1b6c98ed57eb5a5e1426e912ff9ef79c
0f3899c84cfe3de64788d2ac019fac7e05e6f352
45f1da057905d257fc7232a14f915f0b139ead26876d7204e5cf4be523d98528
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-29d"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZUwUDX5Kq5bjZfUyIis5G1yId%2BEJze8HQFft2tbjWrXg4zN8ErMpov5eOKuP%2FM7mSKZvzJ5%2FNusdV2t0jY%2FOUnD9d2pLSrMH7bOj%2B%2FiYlGQ0ERWPrDv1%2BPZER%2BALU%2BUz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b72f320b41-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.7.3
172.67.169.56200 OK 3.1 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.7.3
IP 172.67.169.56:0
File type ASCII text, with very long lines (10019)
Hash 2e78424f6f30aa03e844df941b5d5806
92110bd60749c85bf4f8689edd9a97ac2b871f4e
13dd49f0087487df4778c29d928ebeb0d95e96fbefb6b41b16885e03ec35c9ea
GET /wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.7.3 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-4824"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NBcT8bg1MFSgIRemX7h0aOiYIwHlxf4nfHmD0r%2BTaN%2BxtOA0AeYg3YXnvZm94Na1o4qV42R5sqY8SJlNZtZwUP9CpzGgnKjW%2BXSXXiHSM%2FmXBIspWceqkQcBaQ37PpZI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b8af7b0b49-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
172.67.169.56200 OK 317 B URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
IP 172.67.169.56:0
File type ASCII text, with very long lines (489)
Hash 9b4eb16849374e1b3f567cb74ad60289
78977e4e43da9b0b410dbd7ba8a4de1cefc89d3e
4dbd6e3f216fc6da0c6aaef6bb2b46f21ef7409864c0ab5ec315fa5c8263ae28
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-2a3"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ATPJq9s6Ba6AFvybfA0reVC%2BY0u5nKV6cWBtesrw9ZU9NfI8AbZKWdB2YWMCDGlkUcuxfd%2FnZF%2BPm0RDwK5rKwcmbd3onYJvuK27ftfvDSUIhJCpnlLyb3mCo8nPmxHy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b808b00b65-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
172.67.169.56200 OK 14 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 172.67.169.56:0
File type ASCII text, with very long lines (57726)
Hash 2b13e7e69990369543c916802d65d013
b79d4e242b364da92259def2435462fce6ae994d
94c10397d0444e615e62f29afa2b0d64fa47399e1444acac6cf6b8edeb9fe068
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-e238"
Expires: Mon, 18 Sep 2023 21:55:38 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=brtG3h6FGOmgA9KYWql%2BawLLKdlz%2BkUYRRVT7gnggiRYn4O260YSZ2dAXI5ngiv4f2eMM%2BTZhC9S7GWTXZKdUnCG2TWrObvEk4J5Nq713hlMfkzIbDd2mNcrDokAhurO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b6fd8e0b59-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor-pro/assets/css/widget-nav-menu.min.css
172.67.169.56200 OK 4.3 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor-pro/assets/css/widget-nav-menu.min.css
IP 172.67.169.56:0
File type ASCII text, with very long lines (29127)
Hash 718de8e3752e4f09647ef30c7640f7e7
94210026803069dca20c73699fcf6ad4af8ef693
2ab92efa7d097c1115a9b3e47eb23f6a66a38ec3e764305c20695204bc6d80da
GET /wp-content/plugins/elementor-pro/assets/css/widget-nav-menu.min.css HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:12 GMT
Vary: Accept-Encoding
ETag: W/"61d4a83c-71f2"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqhxFuXxH%2FRLDsJU3JRTDaPzfMveHyup67iIcRyRuOiX27aa6VWexyQOEd%2F9Z550Y34OItA%2FigWN%2BWBEbnhc08iWTODExN8LGVe74DgVcYo%2BMXAeGd1OSaf9jsqrGpBT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b8ab15b4ff-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 21:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 21:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sarabun/v13/DtVmJx26TKEr37c9YOZqik8s6zDX.woff2
142.250.74.163200 OK 9.7 kB URL HTTP/2 fonts.gstatic.com/s/sarabun/v13/DtVmJx26TKEr37c9YOZqik8s6zDX.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 9732, version 1.0\012- data
Hash 7a59e0c727dcb89a36b87bd91f2282ad
c0d8490fe89c01a6961c41f331a65fce10a4b9fa
1a35f22ee94681b7d7216b1d03261f18775f1f2b89c4293d098b017df0e33777
GET /s/sarabun/v13/DtVmJx26TKEr37c9YOZqik8s6zDX.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://winwin289.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9732
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Sep 2022 02:23:10 GMT
expires: Fri, 15 Sep 2023 02:23:10 GMT
cache-control: public, max-age=31536000
age: 329549
last-modified: Wed, 27 Apr 2022 17:10:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sarabun/v13/DtVjJx26TKEr37c9aAFJn2QN.woff2
142.250.74.163200 OK 9.7 kB URL HTTP/2 fonts.gstatic.com/s/sarabun/v13/DtVjJx26TKEr37c9aAFJn2QN.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 9676, version 1.0\012- data
Hash 03678a5c89db52b79ce0e4e654e6e665
e4183c887fd51f5c6aad9790e7f13521494106ea
7255a0ff175fc2330ee58fb2e55efc5edbc54d2f4546220b7b639c1fe601b443
GET /s/sarabun/v13/DtVjJx26TKEr37c9aAFJn2QN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://winwin289.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9676
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 20:08:59 GMT
expires: Thu, 14 Sep 2023 20:08:59 GMT
cache-control: public, max-age=31536000
age: 352000
last-modified: Wed, 27 Apr 2022 16:03:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 21:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sarabun/v13/DtVjJx26TKEr37c9aBVJnw.woff2
142.250.74.163200 OK 10 kB URL HTTP/2 fonts.gstatic.com/s/sarabun/v13/DtVjJx26TKEr37c9aBVJnw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10440, version 1.0\012- data
Hash 75e25514abab4c4b56ec8977962a0663
f3d915bf5b670b57670e25b0031fc1528fd9e1d5
e4c8d9eb25e0f1c7c066217c5e65ca77bc8cd09b470b574c745f662e15d4e01c
GET /s/sarabun/v13/DtVjJx26TKEr37c9aBVJnw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://winwin289.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10440
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 21:07:09 GMT
expires: Thu, 14 Sep 2023 21:07:09 GMT
cache-control: public, max-age=31536000
age: 348510
last-modified: Wed, 27 Apr 2022 16:03:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 21:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sarabun/v13/DtVmJx26TKEr37c9YOZqilss6w.woff2
142.250.74.163200 OK 11 kB URL HTTP/2 fonts.gstatic.com/s/sarabun/v13/DtVmJx26TKEr37c9YOZqilss6w.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 10696, version 1.0\012- data
Hash 1222ddf5ed5ea742f2e87a1f3df896b8
f2ffd520a284bc18ce913035692086ecbc3b1bf6
c8e39cbd33c50101aed76abd99b4e27e407a041df367ed59bdbbad0c554f2da5
GET /s/sarabun/v13/DtVmJx26TKEr37c9YOZqilss6w.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://winwin289.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10696
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Sep 2022 02:23:10 GMT
expires: Fri, 15 Sep 2023 02:23:10 GMT
cache-control: public, max-age=31536000
age: 329549
last-modified: Wed, 27 Apr 2022 16:06:05 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 21:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://winwin289.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:21 GMT
expires: Thu, 14 Sep 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 354078
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://winwin289.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Sep 2022 19:34:08 GMT
expires: Thu, 14 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 354091
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://winwin289.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 17 Sep 2022 02:02:22 GMT
expires: Sun, 17 Sep 2023 02:02:22 GMT
cache-control: public, max-age=31536000
age: 157997
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash a9323cf0781cad0d5ac23f0c81c105b1
772d0218be53da9f875bb96a287c904976c296da
5c808b03cd8dd26275f12a850d8a36b467246c1461ea65a4c717acb04f2ca722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 18 Sep 2022 21:55:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
winwin289.net/wp-content/themes/theme-slot-apollo/assets/js/responsive-embeds.js?ver=1.4
172.67.169.56200 OK 563 B URL HTTP/1.1 winwin289.net/wp-content/themes/theme-slot-apollo/assets/js/responsive-embeds.js?ver=1.4
IP 172.67.169.56:0
Hash b91df3dd7433f2f65f4235d41c867f41
dfb8df7e67852e17407d7050c63ee8cc01451126
6c5f72b878b7ac001a45c14116dc5de9dfbd1037df7c6b874c8868b58eb73235
GET /wp-content/themes/theme-slot-apollo/assets/js/responsive-embeds.js?ver=1.4 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 18 Dec 2020 01:27:08 GMT
Vary: Accept-Encoding
ETag: W/"5fdc056c-467"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ol0HI3r2F6bCwRl56XGIPThLFPFl4ivgRSPfyXO18%2BMRlzoyRCGRBq7FuRFyt43JeAAMwjUvtwOkLeCqhOu8yjl5MY1Fj3xUQqobYcJBQ3At8HJKVvnRq%2BGuWfKPBhQz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b9ad9fb4f7-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
172.67.169.56200 OK 4.6 kB URL HTTP/1.1 winwin289.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 172.67.169.56:0
File type ASCII text, with very long lines (11126)
Hash 413654fdfa9b24fbd3d747482e3971c9
c23c501d5f668cd83443a4847197717536d55ab8
48470f972b6a6afef4cdb0177dae59d5c891353d995e76c47c9cb142fe45766e
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 13 Aug 2022 13:42:16 GMT
Vary: Accept-Encoding
ETag: W/"62f7aa38-2bd8"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2FTDwGUQpA2sCssNMIC%2FXQt9HpjQs9lREbepQDBg9bzdVQyV8hiMbvuzeFYNjtv%2FFXIYwFh1XLyx9LvxbqFFSw6gMuH%2BUQja6aX5D2jov3lEhtRoyVbbGxmG%2FeSuBelC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b9d83e0b49-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1
172.67.169.56200 OK 8.6 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1
IP 172.67.169.56:0
File type ASCII text, with very long lines (25115)
Hash 49374e86e2772b6d47b4aed26dfac90a
69e0c5fa052d1df2e81e938fd67347fc705c2aad
39fd22550af5da488f7717cdbd489c8b17a4694ebbf8420fb65d4d8c8f1d2569
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:12 GMT
Vary: Accept-Encoding
ETag: W/"61d4a83c-6272"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zUnL2d4OXLys8qC7Cgs96H24NXDP6J9%2BoP8Ox8p6PA7Yrvk4JOrYBE81iKoH3%2BQzZtEuLAlOx7RGbzN35ROjizcZOmzW06xj27TEaXKMaJQDUGcBq8UDQjJSFQsJ%2B9Z1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53ba5ab80b65-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.5.2
172.67.169.56200 OK 2.3 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.5.2
IP 172.67.169.56:0
File type ASCII text, with very long lines (4922)
Hash 5072c7e483352ac12f8099a908cebf4d
dde3d7358178734a7adf1b548eb90af81d065020
f0430cfb3e69bef1008381c4a9bf0462af4a205c7845953090316c008300c8cf
GET /wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.5.2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:12 GMT
Vary: Accept-Encoding
ETag: W/"61d4a83c-1365"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PImzVt90xXKfPPxpWZd1SXiqshmpeUcybaDBDZcQrx13RAWhpOuYYKn0clJX1UiAJZ63UvrWMcAtuaJL1NMFyzaVf6BkO6lRmvTGDimrJ%2F83NN3mYdId3F3yJT8ya%2FKj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53bab81e0b59-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
172.67.169.56200 OK 36 kB URL HTTP/1.1 winwin289.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 172.67.169.56:0
File type ASCII text, with very long lines (65447)
Hash 96abbf76656116141973b0e86cfdc079
632869104394321388fe091bc71ad680a595257a
effb21a3afbf333abb2db6cfa76fffcd758f9c043f09251db1872355c1443012
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 13 Aug 2022 13:42:16 GMT
Vary: Accept-Encoding
ETag: W/"62f7aa38-15db1"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EO8Sj45e%2BTXHVJN5AZAQJ%2Bjq5zmOSndEMQmWQk7CezIyfi8uyFiTRmNFG4t3%2BA%2BZ5LbuYEFEZF5sodHnSnQXGwAQsCinXCRoqO23IDiVrXNPFaAJbqHE3nLtr%2FsvZ2Mo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53b9b9b70b41-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.3
172.67.169.56200 OK 2.3 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.3
IP 172.67.169.56:0
File type ASCII text, with very long lines (4918)
Hash 63f6209d472bcaf189a4c94d722b0205
bffc9becdd8188a7731df1952c3f2b15b8a2b8fe
9ce0cacb945e53c23c78d98cd4dd623a556d49002869ab198c82da92ed701340
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.7.3 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-135d"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35AIjYIrBWUcpnXlUtEvgDTpliiwVADVftRP7JVFFBXs3PxDwUv5y7gBnb21QqCknxZ51ISKB3xmhPdngpQ8dnANE5A1CqMPelQ3Hk5gnZ%2B%2FgLbkOXkLEv7%2BFRxNLNki"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53bb1d4fb4ff-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
172.67.169.56200 OK 3.5 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
IP 172.67.169.56:0
File type ASCII text, with very long lines (12198), with no line terminators
Hash 8c1ca6b24af69ff630ef1da1cedbcce7
fabaafb776f0cf50e4b92fc5f3e7034ccf2ca2a1
b7d614392646cb9c6aa0422ee043ca3247d07fab2448461112fdf35d63298cbb
GET /wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-2fa6"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hHa75BdM8pYfbPQVpopxsO961XvV3d9lCUZt%2FI9Q7ElbtV8sFCqkjDmq7OJ3OLua6RD9henEfU%2Fqt5djvO0sFjPICj1tIQqneQBRkHbLVGzZxF4ZlIyPcYSzGj%2FmMH1v"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53bcbc600b65-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.3
172.67.169.56200 OK 12 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.3
IP 172.67.169.56:0
File type Unicode text, UTF-8 text, with very long lines (32889)
Hash 91c2f302ff26ad33947bc356da6ca3b2
6dd7d14479d86a0fd979a7dcf6704963be245eb1
f906de8e656d160bc286bcd27b90d819ecb6a8ee5b4075890b0774802116862b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.7.3 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-80a1"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zfxjsuJkIEbvJ%2FbDF9Xi1EyWNOf%2BHYNLVuE9%2BtRLOjb6V%2FxhRELnX9c2HKPDNkywYvbbiTYpolCEsvgFqquEXCS%2FfWhZC6ks7A4ZxqeEhIw8%2BoAYZwyHZhzCJ3PlMt9f"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53bc0ff3b4f7-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.5.2
172.67.169.56200 OK 6.2 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.5.2
IP 172.67.169.56:0
File type ASCII text, with very long lines (24241)
Hash e10510deb34bd14f9e04e6b7f3760efe
62a5ccae35f817dbb30c0d2c96ff78a36eb457f9
bc1a2a917838964042dfd18d9292b25cc774e77c9ca6c7b1e042a86c91c8aa31
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.5.2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:12 GMT
Vary: Accept-Encoding
ETag: W/"61d4a83c-5edc"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXnXleTiZrbdnaWvKBjm0Af6p6ui9HR76ELlfJnLS8FE%2BqtPodTPMY3sZ02asczncON%2BNDQir9f4LKS%2Fu0eeQI1ILCfhlA%2By0z0VfuwB8kPD2y2JYQ7p%2F1CcfOzvkUDN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53bd6f5fb4ff-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.5.2
172.67.169.56200 OK 6.3 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.5.2
IP 172.67.169.56:0
File type ASCII text, with very long lines (20250)
Hash c8bfe11009abffd2016ecd5e640424f6
84c122a72def84592cfeba4b3dbe8fa9cd2f9d6a
43198a22dece6251b5ee0e4ec397f14f579780469986b369f18d921f82d53755
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.5.2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:12 GMT
Vary: Accept-Encoding
ETag: W/"61d4a83c-4f45"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RIuf9jnTD0nw0VWBZy8Fyy%2BXiOtvaxaPl60y5mYb0N1prt%2FHUhg%2Bf%2BDz345QOSoi7wCVhueF8OXtE4TJXkKSLQoOrpYKFLwbMPe0qoS1WY0Lx2VCOVxhFagSgtg95o%2Bg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53bc7a380b49-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
172.67.169.56200 OK 7.7 kB URL HTTP/1.1 winwin289.net/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 172.67.169.56:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash e5755c0c378392421fcfb55c37ff33f5
36166baf671a1f33308ade811db6d2c8edfa2d60
d38b16a769c3d8c0518b174713666e9c8c20f4e51ef6bce5e136d53c20a84db4
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 13 Aug 2022 13:42:16 GMT
Vary: Accept-Encoding
ETag: W/"62f7aa38-50eb"
Expires: Mon, 18 Sep 2023 21:55:39 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ktm%2ByJMsjosHNc5YBNyXda95ojsrodtI5twcJStB8lNWVIe%2F%2Bd76Jb1ECK02vx0uh3%2BH9tq0FHEvPjS9BJmg4uWIXuQy6LIWWnEvGTMpR1NmgjPq3DxWDIIbmXYKmWM8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53bd09c20b59-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.5.2
172.67.169.56200 OK 2.1 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.5.2
IP 172.67.169.56:0
File type ASCII text, with very long lines (6595), with no line terminators
Hash c311e12b5cc2913a214b06b8cbc9a19e
2da8720f7eddfa672b817dcb82f7015b79a01afe
7f2bfabef478681a529534d91093d26a5ea096ef97c43e585b62729b1bae8a27
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.5.2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:12 GMT
Vary: Accept-Encoding
ETag: W/"61d4a83c-19c3"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d11P23%2B8bT7Rz%2F3FcRRXF8C1ekkV0n7b01SHu37oVwOYVUv%2Ba722DWd0QecW3YMvBNtwRucoOAQAJYlY8G05VZ3RwM54oaY0BBdl5mjjEfamVwEJgqoA1PLmyZ%2BmCwTQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53be0d790b65-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.3
172.67.169.56200 OK 14 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.3
IP 172.67.169.56:0
File type ASCII text, with very long lines (40474)
Hash 088f164f59548723055351d657c99614
66166510f41d87669bba194bacaae95886aa4408
678318de3c36f30dc07dec53f6212cf5ceecab8a107490179633a1943217d7ac
GET /wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.3 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-9e41"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXKMRUvy524d2UYajAQ5UTFzngllqgU%2BX67V3GTsPelp%2BHqazdpPy7%2BRnYPArxxxWdoLdMiFivjwren2hrAkYVHGNbcBFTpqueGgujjp9JtYjTqMaQ7v8iZ5qQIWM%2BZb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53bd2c7e0b41-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/powerpack-elements/assets/js/pp-bg-effects.js?ver=1.0.0
172.67.169.56200 OK 3.0 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/powerpack-elements/assets/js/pp-bg-effects.js?ver=1.0.0
IP 172.67.169.56:0
Hash ab37b0345e22640707004e26c3e64bca
ae1472556ae5ec7a5011b2c657e6d5d558369bca
1f9f1047220cedd0f30e91b7f2a970c2a57654a7fa8b3a134ef7c64116c1a5e7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/powerpack-elements/assets/js/pp-bg-effects.js?ver=1.0.0 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:40 GMT
Vary: Accept-Encoding
ETag: W/"61d4a858-315c"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kH36diO2apVvCNuPmrWzl7btWFEtv8RpfIO8jFH1WpekrklYdZe%2FVd0XNIioZNACZWwhlUUi9FyayL9DolQooT3LUE1GG%2F3HcV4q2tGFHWwdZ9%2FZms6XLEBu0MRHHMBN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53be8a0bb4f7-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/powerpack-elements/assets/js/pp-custom-cursor.js?ver=2.4.0
172.67.169.56200 OK 1.2 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/powerpack-elements/assets/js/pp-custom-cursor.js?ver=2.4.0
IP 172.67.169.56:0
File type HTML document, ASCII text
Hash 7fb4faaa43161da450402a619ac96eb2
5b5e27017e71e63563df4d78f6c68365064f8a71
2d1cff9f87ac88a1ccaa22edbd37b28b00336c030565afc4b263f0d10a1a2df6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/powerpack-elements/assets/js/pp-custom-cursor.js?ver=2.4.0 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 04 Jan 2022 20:04:40 GMT
Vary: Accept-Encoding
ETag: W/"61d4a858-ded"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7HsGNFqkTjg10zyIrKmWW4RzU39gt0i6LdJtPnIBEUwxmbiVEareSoUU0eZOmzsEPu%2FyLfEtdOODE%2FmSFX8gE76so5%2FseDW%2FGfRlq%2FIrMfQqumdvZzimTo%2BEvmxvDM0o"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53be9885b4ff-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
172.67.169.56200 OK 5.8 kB URL HTTP/1.1 winwin289.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 172.67.169.56:0
File type ASCII text, with very long lines (15660)
Hash 9821563af79d0fbd798c5a96f11cb775
d7ad769f21b6cdbd3602ba2512449e5febe7a2ee
3a372dc0de21ae3d1a2e8d08c2d38599823eb332d06f35ec1eefd1afbbbe9f12
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 13 Aug 2022 13:42:16 GMT
Vary: Accept-Encoding
ETag: W/"62f7aa38-48b9"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TZr76aOvabnbxnqs5mcQIFjgEt7%2FnflzYQQl48daZD9aNRPXrxaTdww934PZrPiMRjYVGQPqeY3VREgzhFS96UI2M1jSIuwmP5x%2BnwA4SUVWtDZF%2BsKTktx1oRzAW3Kw"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53bedbf80b49-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/themes/theme-slot-apollo/assets/css/print.css?ver=1.4
172.67.169.56200 OK 1.2 kB URL HTTP/1.1 winwin289.net/wp-content/themes/theme-slot-apollo/assets/css/print.css?ver=1.4
IP 172.67.169.56:0
Hash 76f5f4d49a16d4dac38efc6446590512
b83ce691c7e1670d573587179a6ebb24927d4d55
01c1f5ed359e8fd06df1fbdd4876f4e405eb0cc8db6280eec2952a432653afbb
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/theme-slot-apollo/assets/css/print.css?ver=1.4 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 13 Nov 2020 05:06:16 GMT
Vary: Accept-Encoding
ETag: W/"5fae1448-b51"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1zxzqQVBJpRFBMwwtbXv%2FISaGmdmBuhjLC3IYqlZndlQwl7%2Bq9n%2BlDRGCTVFDjHR4cGxrNKRfFwgqJ2YlMrZJStOU8z3g2eVzMyr%2BLfcBEsM9ae5xPwqSMC1PFRugFW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53c0efdc0b41-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
172.67.169.56200 OK 685 B URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
IP 172.67.169.56:0
File type ASCII text, with very long lines (1320)
Hash e1b3b5c66d1e37478141b41cce4e81b0
1bc5a1f746f48e5fe3634cd9240861f8a2b3ca09
cce70bdf83e3a7881cb27e65963d218bb7db87d81e6a7123ece1ef3af7a312e7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-54f"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fPkC5mI6sC0mpJKIqvTBKWJV%2BTIpsIG9Upsd9vhKIDR0I7AUMC6Jn%2BBOLnLlqeLoIA61d8wCoRUAEIck%2BEAqdv43aA852ZBD5FIllIpgzMyeNaBQ7vPFKSdkNVWDpDXr"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53c1fc01b4ff-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
172.67.169.56200 OK 78 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
IP 172.67.169.56:0
File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261\012- data
Hash e8a427e15cc502bef99cfd722b37ea98
a9922842a120a7f1eaced667480c5e185a106d69
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: font/woff2
Content-Length: 78196
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
ETag: "630f241c-13174"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUhZSOEzSx45zbn1YzPecw6wpZHArDBrWZPpBFRGie06LSI9laGRPnn0%2BRXWKa1nqJvwuqd%2FwW1iv0uR1L2W9Qwhe8luHd1saBs%2BlnRQmY%2BF1NzgV1k%2BqcTkZxiRMCs5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74cd53bf5b850b59-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
172.67.169.56200 OK 3.8 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
IP 172.67.169.56:0
File type ASCII text, with very long lines (10544)
Hash 55cd3cf9226042f3c0b5fe2b7200ade5
4aeec86b788029ee752589d76f9c161ae74c42af
2e36542a634a231da1a0d20b1b02e6a7e7689504b0717e44648a904f14f4b6ed
GET /wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
Vary: Accept-Encoding
ETag: W/"630f241c-29ba"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DhNrcpw7EJZWX8UgNNhPo3kfmIuSKqSDXJuF3iQBRZAnMLi5nrjINUTmkv6iKHVBekewRPKYAbcQpuO33jjYAIcZnJlCWiqUhpbjXkA5ahcb0xRtxw%2FCX0DT%2BSdh4Hga"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 74cd53c21e2e0b49-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
172.67.169.56200 OK 77 kB URL HTTP/1.1 winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
IP 172.67.169.56:0
File type Web Open Font Format (Version 2), TrueType, length 76764, version 331.-31261\012- data
Hash f7307680c7fe85959f3ecf122493ea7d
fce0da592a3e536d6d5df5b50cb513398d8c5161
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://winwin289.net/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:40 GMT
Content-Type: font/woff2
Content-Length: 76764
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 09:04:28 GMT
ETag: "630f241c-12bdc"
Expires: Mon, 18 Sep 2023 21:55:40 GMT
Cache-Control: max-age=31536000
Host-Header: 8441280b0c35cbc1147f8ba998a563a7
X-Proxy-Cache-Info: DT:1
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5r4dOTz9BOMo%2BkKkrzNCAkZQxyNZDqToiBgWlORqQGa3T5LAoRsKxMHd39QD%2F8vgYPHqCQV62NZIFavfauLTQ8YJtyUnvJ8AXhRQ0DhVxmti1KlD0AK%2FMMxZC8t4JXQd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74cd53c08f220b65-OSL
alt-svc: h2=":443"; ma=60
winwin289.net/favicon.ico
172.67.169.56200 OK 20 B URL HTTP/1.1 winwin289.net/favicon.ico
IP 172.67.169.56:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /favicon.ico HTTP/1.1
Host: winwin289.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://winwin289.net/h89c/?BL3=FQWFjk7eaiEALaXRzDtYR9r6glQ3G5nMVKL5RgShpP11LUdZL1gtLUL2gwIk6HakCaozNLrGq+wM5dTwy7En1a2xDpCKphz+1Q==&Bp=Ytd4lx8p_
HTTP/1.1 200 OK
Date: Sun, 18 Sep 2022 21:55:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Cache-Enabled: False
Link: <https://winwin289.net/wp-json/>; rel="https://api.w.org/"
X-Httpd-Modphp: 1
Host-Header: 6b7412fb82ca5edfd0917e3957f05d89
X-Proxy-Cache: MISS
X-Proxy-Cache-Info: W NC:000000 UP:
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Sun, 18 Sep 2022 21:55:41 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gRMu48LqTzAzmpTE%2Bvy4WYRB8ITU5GcNWNvdTzdU2IrWc4rge5Ay62Rvs2w26oztrTfCsh2O%2BaQBxQxMYslk6Oj2POXSKLr7SsDhk3ajo7MZw4QwK8qNbb7LxHxFYPcD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74cd53c528d40b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0418a582-b5aa-4754-a162-d731a3e53f86.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0418a582-b5aa-4754-a162-d731a3e53f86.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9a9211e94d6aa2429e9663ef317707e
ac0d1af96508d026f9a1252d358660bd5671f9bd
36663b67119ae58b665e43d86b73045472cf23d73bf2c981754f479989690791
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0418a582-b5aa-4754-a162-d731a3e53f86.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5448
x-amzn-requestid: 3b63d209-af92-4d64-866a-d8f677aa62a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn659H9DIAMFQag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263ea5-30e7f8a32603ba70671addec;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:39:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CqzHFWav9sDzwBhF58p314oyYPwfcbmlplVt2oF9QxSBIi5ktgpS7w==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:49:03 GMT
age: 402
etag: "ac0d1af96508d026f9a1252d358660bd5671f9bd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CSarabun%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CSarabun%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.2
IP 142.250.74.10:0
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CSarabun%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://winwin289.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 18 Sep 2022 21:55:38 GMT
date: Sun, 18 Sep 2022 21:55:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2