r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2794
Expires: Sun, 27 Nov 2022 04:43:10 GMT
Date: Sun, 27 Nov 2022 03:56:36 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1694
Cache-Control: max-age=111766
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:36 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 10:59:22 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 03:17:34 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2342
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5587
Expires: Sun, 27 Nov 2022 05:29:43 GMT
Date: Sun, 27 Nov 2022 03:56:36 GMT
Connection: keep-alive
lalangmanis.com/
194.233.68.84301 Moved Permanently 162 B IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 27 Nov 2022 03:56:36 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://lalangmanis.com/
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 8DYADUdJh0ZS7DIBXr/CfIUe1DVVt5cShJ4swzQS3IVs5y4DQXl1a7uDk3w1iHW/SsOVyPVl5Zo=
x-amz-request-id: BPEQYCAHY2D1RDZ1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 03:44:29 GMT
age: 727
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 03:08:54 GMT
cache-control: public,max-age=3600
age: 2863
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 055f40ceefa678ababfe492cc73041d7
9c9885d3fe6875a477b70a1066f7c05b4ce4c7fa
5568790ddc3806cf8524c90c47f75c35d2f6ce44235f3c4ac4720dbcae3a93d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5568790DDC3806CF8524C90C47F75C35D2F6CE44235F3C4AC4720DBCAE3A93D0"
Last-Modified: Sun, 27 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13511
Expires: Sun, 27 Nov 2022 07:41:48 GMT
Date: Sun, 27 Nov 2022 03:56:37 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5290
Cache-Control: max-age=110304
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:37 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:35:01 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.210.158.59101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.158.59:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iTNvm53F9pwU2EhiESHKfQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ifQR9aIEMabz9kPEHGjB5XUOCHY=
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 092abbce301f988f8d54d343658c8373
2bb68673250c48763e86bf547d4bc26c4ae7ee87
d76db1d142bf8afa955a2e83d8f9b26769c59d0493a7061144bd31e39837aaae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4203
Cache-Control: max-age=151684
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:38 GMT
Etag: "63827d0f-116"
Expires: Mon, 28 Nov 2022 22:04:42 GMT
Last-Modified: Sat, 26 Nov 2022 20:54:39 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6320
Expires: Sun, 27 Nov 2022 05:41:59 GMT
Date: Sun, 27 Nov 2022 03:56:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6320
Expires: Sun, 27 Nov 2022 05:41:59 GMT
Date: Sun, 27 Nov 2022 03:56:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6320
Expires: Sun, 27 Nov 2022 05:41:59 GMT
Date: Sun, 27 Nov 2022 03:56:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6320
Expires: Sun, 27 Nov 2022 05:41:59 GMT
Date: Sun, 27 Nov 2022 03:56:39 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 092abbce301f988f8d54d343658c8373
2bb68673250c48763e86bf547d4bc26c4ae7ee87
d76db1d142bf8afa955a2e83d8f9b26769c59d0493a7061144bd31e39837aaae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4204
Cache-Control: max-age=151684
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:39 GMT
Etag: "63827d0f-116"
Expires: Mon, 28 Nov 2022 22:04:43 GMT
Last-Modified: Sat, 26 Nov 2022 20:54:39 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 278
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:37 GMT
age: 21902
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 31bd21c7-1d75-4159-af51-52035da16da4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-krGE6AIAMF2Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c1b13-32a7b9c6642592c70783a0cf;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 00:42:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6v42KU65wdKKPvjE7TRA3Li3o2dvrdPH7oGVDZGPPsAepqFFjQJkkA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 16:15:20 GMT
age: 42079
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:51:41 GMT
age: 21898
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2212cf75f99dc67fd45db47f7101d754
4b4a8c8e8aeccfff25d2748720dcef8fed287126
7b2d2e302faba8f273b51031fa48b444cb7839733b90e8c9d077ca63637320d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6954
x-amzn-requestid: af6ab88e-884f-4c3f-a2ba-241d8bd04670
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8I_xG2SIAMF3xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b21fe-573bfad8002144b7637e80f0;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:00:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: icdx5uaiqsWXMMoKgOwAV4sOfVhAw7oLi79yfweIw5_1pTTzI_qm_w==
via: 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 08:41:17 GMT
age: 69322
etag: "4b4a8c8e8aeccfff25d2748720dcef8fed287126"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7f16c0f8a8e710210ce77c0e4c1c2a2
590c34be54c9889eec4ff7993e070fda836f711f
4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6883
x-amzn-requestid: 9e3878c9-1817-427e-b121-969a8cbc7ad8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cL1ySF0tIAMFY4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638169a8-5143ffea77b70cf67ef60ad7;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 01:19:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: agN3iI99V_lKDGyKTEkZg_jgR8P6nrI53d-fXsHGHkQP55suaCC2xA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 05:30:06 GMT
age: 80793
etag: "590c34be54c9889eec4ff7993e070fda836f711f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31dafe91-0b1b-40e9-927c-c01863516712.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31dafe91-0b1b-40e9-927c-c01863516712.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccb536b51f31391c89fb2abe3be6c749
c9a5ab962bfdd174aecd4809d770f0fe305ab8e4
b4b6f70603ab79399aeda1d8b7e8f2662da37b51a2d076b8e754c812b6fa5b47
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F31dafe91-0b1b-40e9-927c-c01863516712.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9073
x-amzn-requestid: 6cf20b75-6b27-4a34-97a8-017d7169f31b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b8JuVHY7IAMFtRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637b2328-1ca76b3537613fb26358b8f2;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 07:05:12 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: lg8rdnHT_ndB-9CMrHcVN8a2xZCubuTEpUQ2m6i77l-NfdNfhfITEQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 cca7d60248a961ff8fc8c5640024b652.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 16:41:41 GMT
age: 40498
etag: "c9a5ab962bfdd174aecd4809d770f0fe305ab8e4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lalangmanis.com/
194.233.68.84200 OK 49 kB IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (8124), with CRLF, LF line terminators
Hash 1b7479fd2d6b2d1850493a4af46d82cf
8357649a4c014ca993dcd681c677500fe2c116a1
38b1b17157dfee3600e11a33de88ae8c11a0eb531f83a481031784b9d515d648
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/html; charset=UTF-8
content-length: 48588
link: <https://lalangmanis.com/wp-json/>; rel="https://api.w.org/", <https://lalangmanis.com/wp-json/wp/v2/pages/102578>; rel="alternate"; type="application/json", <https://lalangmanis.com/>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2
lalangmanis.com/wp-includes/css/classic-themes.min.css?ver=1
194.233.68.84200 OK 189 B URL HTTP/2 lalangmanis.com/wp-includes/css/classic-themes.min.css?ver=1
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/css
content-length: 189
x-accel-version: 0.01
last-modified: Wed, 02 Nov 2022 20:15:24 GMT
etag: "d9-5ec82803c3b74-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/gadgets_pro/demo_style.css?ver=11.5
194.233.68.84200 OK 231 B URL HTTP/2 lalangmanis.com/wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/gadgets_pro/demo_style.css?ver=11.5
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
Hash 69c158794e26bebce90a488a686282b6
16bac9601837958703c610ce4040212473430244
527c9fbcd1e155844e774788a81cd18644120e7750b48ae58abf1e041e2689f5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/td-composer/legacy/Newspaper/includes/demos/gadgets_pro/demo_style.css?ver=11.5 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/css
content-length: 231
x-accel-version: 0.01
last-modified: Sun, 15 May 2022 10:27:18 GMT
etag: "1fe-5df0a5a1dd83f-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/uploads/2021/06/logo-lalang-manis-2.jpeg
194.233.68.84200 OK 11 kB URL HTTP/2 lalangmanis.com/wp-content/uploads/2021/06/logo-lalang-manis-2.jpeg
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x306, components 3\012- data
Hash 4db057f8e33ce71d65dab2832a7022fa
2777f38686cf37b4803cebd3f9eeb95289c06f0f
6fa159a0764a855c37539572f84f23483805b21af97843f6b97865b981d0f09d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2021/06/logo-lalang-manis-2.jpeg HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:39 GMT
content-type: image/jpeg
content-length: 11308
last-modified: Wed, 30 Jun 2021 15:30:33 GMT
etag: "60dc8e19-2c2c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lalangmanis.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
194.233.68.84200 OK 5.8 kB URL HTTP/2 lalangmanis.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type ASCII text, with very long lines (15660)
Hash 3e768017a0cc80a3e9f1cfb4e9b0c449
3dbdd694e61c81130fb316c2d74302426fee5dfa
229705764efb5302ff31a8f27d1395dec2c15808555e887b074ac0cf2a950919
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:39 GMT
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 08:43:34 GMT
etag: W/"637c8bb6-529a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?ver=4173294bcf58591c4439ff8ccd792f1e
194.233.68.84200 OK 25 kB URL HTTP/2 lalangmanis.com/wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?ver=4173294bcf58591c4439ff8ccd792f1e
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type ASCII text, with very long lines (1037)
Hash 0e020051302e97897e72ccd2f49eb0ae
e065fa40f15d903c39e81b45cc4d181f9da2e98a
238d6ae644f73f9a0d06dc0e6d5d1243677b12bfdf86d66015d10c2ab5c6a78d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/td-cloud-library/assets/js/js_files_for_front.min.js?ver=4173294bcf58591c4439ff8ccd792f1e HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:39 GMT
content-type: application/javascript
last-modified: Sun, 15 May 2022 10:28:44 GMT
etag: W/"6280d5dc-a461"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lalangmanis.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:53:49 GMT
expires: Thu, 23 Nov 2023 18:53:49 GMT
cache-control: public, max-age=31536000
age: 291770
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/volkhov/v17/SlGQmQieoJcKemNecTUEhQ.woff2
216.58.207.195200 OK 27 kB URL HTTP/2 fonts.gstatic.com/s/volkhov/v17/SlGQmQieoJcKemNecTUEhQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 27436, version 1.0\012- data
Hash 060850edfe9d2f31b8b10875d3d8c5f5
6f9bb2d51ee4cdff5835b31ceb5c459e95a23270
772fa5a279ecad537bea7d71690183408a9aff38f71a094a2dff5698c724d9f8
GET /s/volkhov/v17/SlGQmQieoJcKemNecTUEhQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lalangmanis.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27436
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 23:30:38 GMT
expires: Thu, 23 Nov 2023 23:30:38 GMT
cache-control: public, max-age=31536000
age: 275161
last-modified: Wed, 27 Apr 2022 16:56:33 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lalangmanis.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 05:42:51 GMT
expires: Fri, 24 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 252828
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lalangmanis.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 14:07:32 GMT
expires: Thu, 23 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 308947
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lalangmanis.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 16:40:18 GMT
expires: Fri, 24 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 213381
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lalangmanis.com/wp-content/uploads/2022/11/Berita56.jpg
194.233.68.84200 OK 225 kB URL HTTP/2 lalangmanis.com/wp-content/uploads/2022/11/Berita56.jpg
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS6 (Windows), datetime=2022:11:11 12:22:27], progressive, precision 8, 602x752, components 3\012- data
Size 225 kB (224694 bytes)
Hash 7df3275060ff9cd84f748320ac31032d
ce1c868d9173a758bc671b908eb4592a010bd05b
9e620d7c77c94ddcd8f415616a995748191b74719c5c585dfc6477a4c1db9c85
GET /wp-content/uploads/2022/11/Berita56.jpg HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:39 GMT
content-type: image/jpeg
content-length: 224694
last-modified: Fri, 11 Nov 2022 04:23:09 GMT
etag: "636dce2d-36db6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=11.5
194.233.68.84200 OK 115 kB URL HTTP/2 lalangmanis.com/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=11.5
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type ASCII text, with very long lines (670)
Size 115 kB (115127 bytes)
Hash 2bc59509d47bd780464f855dab0e2241
f7d032e1c34b25569c63d2fe40ea345db82dea15
740cd4513da1f3309898137ce037e08233bcc359503079ffe14ac256aa76c52a
GET /wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=11.5 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:39 GMT
content-type: application/javascript
last-modified: Sun, 15 May 2022 10:27:19 GMT
etag: W/"6280d587-44c89"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
lalangmanis.com/wp-includes/js/underscore.min.js?ver=1.13.4
194.233.68.84200 OK 36 kB URL HTTP/2 lalangmanis.com/wp-includes/js/underscore.min.js?ver=1.13.4
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type ASCII text, with very long lines (18798)
Hash ff78700862b75848b6f360e7f3380931
40d154573af588ff2fb2970f8819f8df70a7ae6f
c7cc68efdf79917104ac8aebaa455c80b6e1f9bf102bea50e5cfb0d4056fa9a7
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/underscore.min.js?ver=1.13.4 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:39 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 20:15:25 GMT
etag: W/"6362cfdd-4991"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/uploads/2022/11/Ismail-Sabri-Banjir-1068x667.jpeg
194.233.68.84200 OK 102 kB URL HTTP/2 lalangmanis.com/wp-content/uploads/2022/11/Ismail-Sabri-Banjir-1068x667.jpeg
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1068x667, components 3\012- data
Size 102 kB (101855 bytes)
Hash 264cf21607acc50a71f659866be5db4a
8864bc8632299798d1493dbb0d4ed44dbf61274c
15874fe75bc268d81ef19f77e8888ca578a97ed4e18bcdffed979a0fc57ca87a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2022/11/Ismail-Sabri-Banjir-1068x667.jpeg HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:39 GMT
content-type: image/jpeg
content-length: 101855
last-modified: Sat, 12 Nov 2022 12:17:21 GMT
etag: "636f8ed1-18ddf"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 91d4c4c590fed9e5a1138de8cc92dd48
961a28eded247ebf443488b3d9b5167ecdee622d
1a99c16ee0c7122c6a341dd4d62e5705692d01f831bb2e3e4c36e072e2b47a84
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A99C16EE0C7122C6A341DD4D62E5705692D01F831BB2E3E4C36E072E2B47A84"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10972
Expires: Sun, 27 Nov 2022 06:59:32 GMT
Date: Sun, 27 Nov 2022 03:56:40 GMT
Connection: keep-alive
lalangmanis.com/wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?ver=4173294bcf58591c4439ff8ccd792f1e
194.233.68.84200 OK 138 kB URL HTTP/2 lalangmanis.com/wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?ver=4173294bcf58591c4439ff8ccd792f1e
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type ASCII text, with very long lines (543)
Size 138 kB (137748 bytes)
Hash eca1a06d6b4133f9cd02c81c6435be9e
5fa63254021a6c6761ceaafccbc2cbe984202b68
0c47145c4ffef0c7a012a4f8327af1d073ff49ba313386d50621467cf8241bd5
GET /wp-content/plugins/td-cloud-library/assets/js/js_posts_autoload.min.js?ver=4173294bcf58591c4439ff8ccd792f1e HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:39 GMT
content-type: application/javascript
last-modified: Sun, 15 May 2022 10:28:44 GMT
etag: W/"6280d5dc-14a0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
news.weatherplllatform.com/counter.js
89.22.228.250200 OK 1.5 kB URL HTTP/1.1 news.weatherplllatform.com/counter.js
IP 89.22.228.250:0
File type ASCII text, with very long lines (4140), with no line terminators
Hash 8ecb46e68d7ee2b249a6f0bd4ecabc88
e0d5a9f07ca629f4c4ac7154095bd419826ed245
16f62d801d81aa35dcebf8da2b88904663904c38d6ae8830be4f5db1d66bd22f
GET /counter.js HTTP/1.1
Host: news.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 03:56:40 GMT
Content-Type: application/javascript
Last-Modified: Fri, 25 Nov 2022 04:49:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"63804953-102c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 828fdb7ee345c61ad7579f18edec2108
41feff39952aa2df0bdbc15720b95378d6296956
47c8785becb33c52102cc1fb5a9062fbb483daf154d3790d31191b52e6daa164
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47C8785BECB33C52102CC1FB5A9062FBB483DAF154D3790D31191B52E6DAA164"
Last-Modified: Fri, 25 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11953
Expires: Sun, 27 Nov 2022 07:15:53 GMT
Date: Sun, 27 Nov 2022 03:56:40 GMT
Connection: keep-alive
files.findtrustclicks.com/scripts/stock.js
89.22.228.250200 OK 14 B URL HTTP/1.1 files.findtrustclicks.com/scripts/stock.js
IP 89.22.228.250:0
File type ASCII text, with no line terminators
Hash 72f1e8b856d4317cb40af986a55b6670
47e6db80d6d59cf97163bd2723a5c4af15f8b9cf
1a106fea3287079a3f873a0552cdc8c7edea992195a3d1248472ec27c855e599
GET /scripts/stock.js HTTP/1.1
Host: files.findtrustclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 03:56:40 GMT
Content-Type: application/javascript
Content-Length: 14
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Sat, 26 Nov 2022 12:49:46 GMT
ETag: "e-5ee5f12b586cd"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f79de44e08c43da30a3c6c5291fdc427
1a07b622d844d4793fe4767199f5f33f0f3229e2
d536b31b46e283bf64ff0c3e3bf29c706f1d5c2b63d82bc41c76e15bf4a06fe2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2194
Cache-Control: max-age=170553
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:40 GMT
Etag: "6382ce9f-1d7"
Expires: Tue, 29 Nov 2022 03:19:13 GMT
Last-Modified: Sun, 27 Nov 2022 02:42:39 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_GB/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_GB/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1957)
Hash 0f77190ecdedfcfc498853d380b7a7bd
5f513094756b19e4707e32de37cdda09c5a0d493
73ceee494eed44c476f31c629616b780ea7c04a831444f41f125b8ba2eadc46a
GET /en_GB/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lalangmanis.com
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: b0ad107ccaa72c2638c3d465076c6a35
etag: "e02c6afbe842e07444fd2d836a2056a7"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 27 Nov 2022 04:07:27 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: D3cZDs3t/PxJiFPTgLenvQ==
x-fb-debug: y7Qdju42BGp9RLvrEKrJRS44tk7L4qDGGpnZAu4kC1mES0SbdCliM2jGGJQun6Sm31qaseyc7euuib1nx+RjXg==
content-length: 1685
x-fb-trip-id: 1904183273
date: Sun, 27 Nov 2022 03:56:40 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash a22bc94a1116f343d9c3377cfd4fc5b2
b0bad6a620abd0c33a96c32721ad87849da9f9e6
294cd4b44650b17a93cbe9a4de887ad1da8ab8c11105707cccff17812a8d5890
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f79de44e08c43da30a3c6c5291fdc427
1a07b622d844d4793fe4767199f5f33f0f3229e2
d536b31b46e283bf64ff0c3e3bf29c706f1d5c2b63d82bc41c76e15bf4a06fe2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2194
Cache-Control: max-age=170553
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:40 GMT
Etag: "6382ce9f-1d7"
Expires: Tue, 29 Nov 2022 03:19:13 GMT
Last-Modified: Sun, 27 Nov 2022 02:42:39 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.66200 OK 49 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.66:0
File type ASCII text, with very long lines (4885)
Hash 8de106db62fd9fb964d03750db3c12da
f8038ee9e7f0f8288d323a2caea7a7cba4724012
3a7f4ce2c92710da55a80d9ad2b9095ad45221c30c2a583c22a74cea17c06f59
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 27 Nov 2022 03:56:40 GMT
expires: Sun, 27 Nov 2022 03:56:40 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 981241331336433007
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49268
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lalangmanis.com/wp-includes/js/comment-reply.min.js?ver=6.1.1
194.233.68.84200 OK 151 kB URL HTTP/2 lalangmanis.com/wp-includes/js/comment-reply.min.js?ver=6.1.1
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type ASCII text, with very long lines (2946)
Size 151 kB (150704 bytes)
Hash 60c2fb37afc0389f324060489a5d8699
81c78b9039f354e08232afd46c0fbf662dbc5d7c
0bbec322a1eed77bb3d99086552c7af8519e47c0d81524078befcf3c935eb74a
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/comment-reply.min.js?ver=6.1.1 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:39 GMT
content-type: application/javascript
last-modified: Tue, 24 May 2022 20:15:08 GMT
etag: W/"628d3ccc-ba5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
142.250.74.34200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20221110/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Sat, 26 Nov 2022 10:25:42 GMT
expires: Sat, 10 Dec 2022 10:25:42 GMT
cache-control: public, max-age=1209600
age: 63058
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_GB/sdk.js?hash=a46d47fefb0eee0c1573f66cf8f39400
31.13.72.12200 OK 88 kB URL HTTP/2 connect.facebook.net/en_GB/sdk.js?hash=a46d47fefb0eee0c1573f66cf8f39400
IP 31.13.72.12:0
File type ASCII text, with very long lines (18530)
Hash 3020c93f7826d40b1add8c0ea5e57a9d
74df1829995222bb1e83e31cd9850f3e94dc12de
3379410bb8698127890858e2127801bc7e9dc0805342d83ca0adf43a415a975c
GET /en_GB/sdk.js?hash=a46d47fefb0eee0c1573f66cf8f39400 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lalangmanis.com
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 4f83f59ce8ad4fbb47678a03ed3c195f
etag: "290ff7760d900d70b6b16f827f718519"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Mon, 27 Nov 2023 03:15:30 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: MCDJP3gm1Asa3YwOpeV6nQ==
x-fb-debug: 1e5YonVVT5p5/CqwRkaYs2Ztg2s6ADWWPUwDeeB705NSzgteAohlnRacms3/qrBn3y2KqQ20mOWxNE/UI4BSKw==
content-length: 88367
x-fb-trip-id: 1904183273
date: Sun, 27 Nov 2022 03:56:40 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e922b25acaba2d7f8921ebe973a4b261
5dd4c237c84a652cbcf3db163529f3788ceafc46
a7856c7777aa01b671ddae097494f2b031cbbddc7b244fe8714a8c02b85d8589
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=lalangmanis.com
142.250.74.98200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=lalangmanis.com
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=lalangmanis.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 27 Nov 2022 03:56:41 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=lalangmanis.com
216.58.207.226200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=lalangmanis.com
IP 216.58.207.226:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=lalangmanis.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 27 Nov 2022 03:56:41 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f3424fd0abb5ab18be62cd209cb3d3dc
dbb2a21b12e92c8837c4346b6d052454bb6dffd6
e69548655278cf6a48fce549928656eb5a91d787e7b1afc12959e2bffb58990b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e922b25acaba2d7f8921ebe973a4b261
5dd4c237c84a652cbcf3db163529f3788ceafc46
a7856c7777aa01b671ddae097494f2b031cbbddc7b244fe8714a8c02b85d8589
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 15619e238e943befcd5fa4737f76c851
7198f9cb4672d54e5d6812730b875b6172e64b53
7ecac89dd434501d9e15d8c728d1ec497ac7b4962285396c7fbfcc7987700ca0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=lalangmanis.com&callback=_gfp_s_&client=ca-pub-5763358465546973&gpid_exp=1
172.217.21.162200 OK 257 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=lalangmanis.com&callback=_gfp_s_&client=ca-pub-5763358465546973&gpid_exp=1
IP 172.217.21.162:0
File type ASCII text, with very long lines (397), with no line terminators
Hash 4e2448d1b1faaa83c1df9fd4fb3d630f
8bc1cbe575f2d58d0b7d813664501a4d688ee278
085179003975581956d7b57746b3408de50a53d50fc1f9966c94df66e7500f66
GET /gampad/cookie.js?domain=lalangmanis.com&callback=_gfp_s_&client=ca-pub-5763358465546973&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sun, 27 Nov 2022 03:56:41 GMT
server: cafe
cache-control: private
content-length: 257
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 69b4c95baca69139e9e4f7e5ffa6bace
a33af721a9defcb815716234aafdb69de7169455
9f752625bea112bc5402067fd695ba893590e6de9844de640a663e4e8fdc1475
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b6a8d7314bd2bdf43d1a5f6fe75d0cda
eced9f4efda12d22970bbaa7a3330bb7167e5d06
5affb4c2aae7ca3993899ae7784dbd74151275301515ddb73e14b357c9153563
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5AFFB4C2AAE7CA3993899AE7784DBD74151275301515DDB73E14B357C9153563"
Last-Modified: Fri, 25 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16192
Expires: Sun, 27 Nov 2022 08:26:33 GMT
Date: Sun, 27 Nov 2022 03:56:41 GMT
Connection: keep-alive
js.interestmoments.com/scripts/count.js
193.169.194.63200 OK 1.7 kB URL HTTP/1.1 js.interestmoments.com/scripts/count.js
IP 193.169.194.63:0
ASN #50321 FOP Reznichenko Sergey Mykolayovich
File type ASCII text, with very long lines (4587), with no line terminators
Hash 604404f904668bba5c2412748523a5b2
fb364d5fdabc9781a35d270f72502c3329bd7e43
cf4051550888255f110d596d59a1ecf8c5c961c32322d844604c6affc2f6f9fe
GET /scripts/count.js HTTP/1.1
Host: js.interestmoments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 03:56:41 GMT
Content-Type: application/javascript
Last-Modified: Fri, 25 Nov 2022 05:06:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63804d4a-11eb"
Expires: Wed, 07 Dec 2022 03:56:41 GMT
Cache-Control: max-age=864000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 816d70da869514eb692b661a8226d9c1
a89905476481099656b3461acd454ad11ad5584d
cd03b16cdd0d63deb1336dec06481a119a46359358605c8faca8955f90939a34
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 0c7f923b97046608033f90253a891bf0
bf5025e94ed9ea85ee3e7677561ee686480b526c
1062154cd5de28de1d012a4f4d10fb5e548fabf6d67918eaeb745975949a3294
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/simgad/303482322522025667/downsize_200k_v1?w=400&h=209
142.250.74.33200 OK 10 kB URL HTTP/2 tpc.googlesyndication.com/simgad/303482322522025667/downsize_200k_v1?w=400&h=209
IP 142.250.74.33:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 399x209, components 3\012- data
Hash 7df2431d1327dff2e86a418693b7c1e1
fdbcf7edc357b9297d05115be24d8bde6cdcbf04
63b98c17243cbf66ad21460cec9a4fcb57de4d8b43cb4be1c26f4a82c72e06a6
GET /simgad/303482322522025667/downsize_200k_v1?w=400&h=209 HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 10030
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 23:44:27 GMT
expires: Sat, 25 Nov 2023 23:44:27 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Nov 2022 10:31:15 GMT
content-type: image/jpeg
age: 101534
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/simgad/16955727447009767909/downsize_200k_v1?w=100&h=100
142.250.74.33200 OK 2.6 kB URL HTTP/2 tpc.googlesyndication.com/simgad/16955727447009767909/downsize_200k_v1?w=100&h=100
IP 142.250.74.33:0
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash a312c0d8608401404a90225ec2950eec
be5dca2db00148731e7c5c3e50adce5e2f9f301d
68a6c5ef2fbd7899e5e3eca7af4a5ad8fde7d6c5cdebad755b2673dbf5e88a23
GET /simgad/16955727447009767909/downsize_200k_v1?w=100&h=100 HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 2618
x-content-type-options: nosniff
x-dns-prefetch-control: off
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:57:50 GMT
expires: Fri, 24 Nov 2023 21:57:50 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 10 Sep 2020 11:06:06 GMT
content-type: image/png
age: 194331
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/uploads/2021/06/logo-lalang-manis-2-294x300.jpeg
194.233.68.84200 OK 7.7 kB URL HTTP/2 lalangmanis.com/wp-content/uploads/2021/06/logo-lalang-manis-2-294x300.jpeg
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 294x300, components 1\012- data
Hash 9ef034d6a3fd1b095c758188b015e6ce
03b672dfc3d3e6ca34b08b93298490c3a66649b8
ceb677cfaae5022dabf2f4494d472900c5e59358168fa79d5db6c586af4b651b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2021/06/logo-lalang-manis-2-294x300.jpeg HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Cookie: MgidStorage=%7B%220%22%3A%7B%22svspr%22%3A%22%22%2C%22svsds%22%3A1%7D%2C%22C1168211%22%3A%7B%22page%22%3A1%7D%7D; __gads=ID=87c30bf6daf91f1a-22dba7f696d700ea:T=1669521401:RT=1669521401:S=ALNI_MZFzYDHRvVrd5paadTAbTAxEVLCoQ; __gpi=UID=00000b88e36c5832:T=1669521401:RT=1669521401:S=ALNI_MbNhVpEYR8NcDWabQ3CW1Jl-iVHGg; trainmeassystt=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:41 GMT
content-type: image/jpeg
content-length: 7676
last-modified: Wed, 30 Jun 2021 15:30:33 GMT
etag: "60dc8e19-1dfc"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 24c20c1cea9bf5159f8d40c78cd2257d
72709bf6a4600bd0ba5e9d127ae07be5d8e7ca6c
44248daffbe338834bedb2494130d3f980f8d974a7b8e453e77629d33121c752
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "44248DAFFBE338834BEDB2494130D3F980F8D974A7B8E453E77629D33121C752"
Last-Modified: Fri, 25 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18403
Expires: Sun, 27 Nov 2022 09:03:25 GMT
Date: Sun, 27 Nov 2022 03:56:42 GMT
Connection: keep-alive
long.interestmoments.com/go/away.php?id=9689546-75-934597645&pid=2324&lid=7933345&from=google
193.169.194.63302 Found 0 B URL HTTP/1.1 long.interestmoments.com/go/away.php?id=9689546-75-934597645&pid=2324&lid=7933345&from=google
IP 193.169.194.63:0
ASN #50321 FOP Reznichenko Sergey Mykolayovich
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go/away.php?id=9689546-75-934597645&pid=2324&lid=7933345&from=google HTTP/1.1
Host: long.interestmoments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 27 Nov 2022 03:56:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://long.interestmoments.com/go/away.php?id=987730385-23-683234&pid=7856&lid=07882367658&jid=67852&from=Carly15
Access-Control-Allow-Origin: *
long.interestmoments.com/go/away.php?id=987730385-23-683234&pid=7856&lid=07882367658&jid=67852&from=Carly15
193.169.194.63200 OK 440 B URL HTTP/1.1 long.interestmoments.com/go/away.php?id=987730385-23-683234&pid=7856&lid=07882367658&jid=67852&from=Carly15
IP 193.169.194.63:0
ASN #50321 FOP Reznichenko Sergey Mykolayovich
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash d282386a919dab7821ecb8af2c2be991
cb29f509dd65f520b4b8d72ee0c2b560a2c360b0
6403ec35140c92ba51786815e1505a33606ae5e76f33d13e5f64ed83ff5c2179
GET /go/away.php?id=987730385-23-683234&pid=7856&lid=07882367658&jid=67852&from=Carly15 HTTP/1.1
Host: long.interestmoments.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lalangmanis.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 03:56:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 5cf2a28add733de10d9971dea4541cb0
d5bd2e2abc4674f6e8cc4697a87b365d77851b45
453c726863ab176877490d26c3c5e0c4f58015ac2e4080f34e0e6de6f97392d9
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 27 Nov 2022 03:56:44 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 26 Nov 2022 21:39:45 GMT
Expires: Sun, 27 Nov 2022 21:39:45 GMT
ETag: "d5bd2e2abc4674f6e8cc4697a87b365d77851b45"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
track.wargaming-aff.com/click?pid=1287&offer_id=94&ref_id=jydxgt3x997ma2c679wd&sub1=EZ46KGBJ6R
35.204.100.195302 Found 0 B URL HTTP/2 track.wargaming-aff.com/click?pid=1287&offer_id=94&ref_id=jydxgt3x997ma2c679wd&sub1=EZ46KGBJ6R
IP 35.204.100.195:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?pid=1287&offer_id=94&ref_id=jydxgt3x997ma2c679wd&sub1=EZ46KGBJ6R HTTP/1.1
Host: track.wargaming-aff.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-length: 0
location: https://trck.wargaming.net/l533wk2q/?t=1&pub_id=1287&xid=6382dffdcbd356000123a1a7&xid_param1=EZ46KGBJ6R&xid_param_2=
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=6382dffdcbd356000123a1a7; expires=Mon, 27 Nov 2023 03:56:45 GMT; secure; SameSite=None
afoffers={"94":1669521405}; expires=Mon, 27 Nov 2023 03:56:45 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64811320325f86b01d7ec3d1f686a6ca
90771bcfe4976810a2e71566b48166f020c5fca0
f253c4a645f33010f4a46f9af7466363fec0a47000b231c3dd2e5b95db4db80b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4273
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 03:56:45 GMT
Last-Modified: Sun, 27 Nov 2022 02:45:32 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
trck.wargaming.net/l533wk2q/?t=1&pub_id=1287&xid=6382dffdcbd356000123a1a7&xid_param1=EZ46KGBJ6R&xid_param_2=
92.223.23.230301 Moved Permanently 22 B URL HTTP/1.1 trck.wargaming.net/l533wk2q/?t=1&pub_id=1287&xid=6382dffdcbd356000123a1a7&xid_param1=EZ46KGBJ6R&xid_param_2=
IP 92.223.23.230:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with no line terminators
Hash 0e0bf67572311f8a23814419ff24ee9a
78328dfc54708433cdfb3e7857e57f87ec443b08
c5f6c267ba4a2964fff5d304d4a1e79c371ce30d32eaf017b3bb40becccd58d2
GET /l533wk2q/?t=1&pub_id=1287&xid=6382dffdcbd356000123a1a7&xid_param1=EZ46KGBJ6R&xid_param_2= HTTP/1.1
Host: trck.wargaming.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sun, 27 Nov 2022 03:56:45 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 22
Connection: keep-alive
Location: https://promo.worldofwarships.eu/glows-57455/eu-en/?t=1&pub_id=1287&xid=6382dffdcbd356000123a1a7&xid_param1=EZ46KGBJ6R&xid_param_2=&sid=SIDBbHKuFHuFRaK-JeXiYC-Je8d5d64zxBAjwvVbhZYbxvNPWUmv4GPASH629ufhO9si4kLfMJ5jAcN8MMsaqEYtZzY3w06MvxduIkd46cqoy2WKvbxGL-r3TLU1nmpIU6epdgGwRPy7hYBaw&enctid=comry1hcw6oc&lpsn=WOWS+WLAP+LP+Submarines+code+WOLFPACK&foris=1&teclient=1669521405290924063&utm_source=wlap&utm_medium=affiliate&utm_campaign=l533wk2q&utm_content=1287
Set-Cookie: STIDREFERRAL=SIDBbHKuFHuFRaK-JeXiYC-Je8d5d64zxBAjwvVbhZYbxvNPWUmv4GPASH629ufhO9si4kLfMJ5jAcN8MMsaqEYtZzY3w06MvxduIkd46cqoy2WKvbxGL-r3TLU1nmpIU6epdgGwRPy7hYBaw; Domain=wargaming.net; Max-Age=2592000; Path=/; SameSite=None; Secure
enctid=comry1hcw6oc; Domain=wargaming.net; Max-Age=2592000; Path=/; SameSite=None; Secure
teclient=1669521405290924063; Domain=wargaming.net; Max-Age=315360000; Path=/; SameSite=None; Secure
Cache-Control: no-cache
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 96d573764262859a18db5d3500b00f48
f8a4e9bcfcf88dfb3c9eb98e48ae5557214486e1
c3a47c2aa2bbd7776ebfe71643bd3316a1a5ebb72ea3b0fbdbfaf4a5cf6761d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C3A47C2AA2BBD7776EBFE71643BD3316A1A5EBB72EA3B0FBDBFAF4A5CF6761D6"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3528
Expires: Sun, 27 Nov 2022 04:55:33 GMT
Date: Sun, 27 Nov 2022 03:56:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 96d573764262859a18db5d3500b00f48
f8a4e9bcfcf88dfb3c9eb98e48ae5557214486e1
c3a47c2aa2bbd7776ebfe71643bd3316a1a5ebb72ea3b0fbdbfaf4a5cf6761d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C3A47C2AA2BBD7776EBFE71643BD3316A1A5EBB72EA3B0FBDBFAF4A5CF6761D6"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3528
Expires: Sun, 27 Nov 2022 04:55:33 GMT
Date: Sun, 27 Nov 2022 03:56:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 96d573764262859a18db5d3500b00f48
f8a4e9bcfcf88dfb3c9eb98e48ae5557214486e1
c3a47c2aa2bbd7776ebfe71643bd3316a1a5ebb72ea3b0fbdbfaf4a5cf6761d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C3A47C2AA2BBD7776EBFE71643BD3316A1A5EBB72EA3B0FBDBFAF4A5CF6761D6"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3528
Expires: Sun, 27 Nov 2022 04:55:33 GMT
Date: Sun, 27 Nov 2022 03:56:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 96d573764262859a18db5d3500b00f48
f8a4e9bcfcf88dfb3c9eb98e48ae5557214486e1
c3a47c2aa2bbd7776ebfe71643bd3316a1a5ebb72ea3b0fbdbfaf4a5cf6761d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C3A47C2AA2BBD7776EBFE71643BD3316A1A5EBB72EA3B0FBDBFAF4A5CF6761D6"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3528
Expires: Sun, 27 Nov 2022 04:55:33 GMT
Date: Sun, 27 Nov 2022 03:56:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 96d573764262859a18db5d3500b00f48
f8a4e9bcfcf88dfb3c9eb98e48ae5557214486e1
c3a47c2aa2bbd7776ebfe71643bd3316a1a5ebb72ea3b0fbdbfaf4a5cf6761d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C3A47C2AA2BBD7776EBFE71643BD3316A1A5EBB72EA3B0FBDBFAF4A5CF6761D6"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3528
Expires: Sun, 27 Nov 2022 04:55:33 GMT
Date: Sun, 27 Nov 2022 03:56:45 GMT
Connection: keep-alive
promo-cdn.worldofwarships.com/glows-57455/src/images/footer-logo.png
92.223.97.97200 OK 1.9 kB URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/images/footer-logo.png
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type PNG image data, 275 x 63, 8-bit colormap, non-interlaced\012- data
Hash 7ce94cd1324102c254e60ced58661dc3
b76e3b4e14cf98aa766788bc8cf4fbc97058fec0
fdd269a537d61d3fafbef167c6c7e22ae7707217427b506674f5f0d2f3caed48
GET /glows-57455/src/images/footer-logo.png HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/png
content-length: 1939
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: "7ce94cd1324102c254e60ced58661dc3"
x-amz-request-id: tx000000000000004109f33-0063775650-1c8e9cf0-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:55:09+00:00
x-id: sto5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/images/wowsl_logo.png
92.223.97.97200 OK 10 kB URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/images/wowsl_logo.png
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type PNG image data, 749 x 299, 8-bit colormap, non-interlaced\012- data
Hash 4d9371a87a4f9a0d6a8792e0397aa303
1308b49f8614f0ab05e81698daf5bfc4a2498bf0
68ddcc9fad945493001c241d8de6fb9acdd436bc82bff503302dbffa64f4f5ed
GET /glows-57455/src/images/wowsl_logo.png HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/png
content-length: 10514
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: "4d9371a87a4f9a0d6a8792e0397aa303"
x-amz-request-id: tx000000000000000786d8f-0063775650-1cdfff90-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc12
accept-ranges: bytes
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/images/ship.png
92.223.97.97200 OK 119 kB URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/images/ship.png
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 119 kB (118869 bytes)
Hash 96794bb792180f78a843e58ae828251e
e8c4ec950ec7134c1e8bce85eadd6f5ef0ebeeed
7d01d0ef7e635d9e5af715064819997c15e8f6f4bdd98d71f30b914e5a5b22cf
GET /glows-57455/src/images/ship.png HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/png
content-length: 118869
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: "96794bb792180f78a843e58ae828251e"
x-amz-request-id: tx00000000000000011c605-0063775650-1ce8cb68-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc13
accept-ranges: bytes
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/images/commander.png
92.223.97.97200 OK 112 kB URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/images/commander.png
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 112 kB (111723 bytes)
Hash 7f15202a86454b2316d69684c833ad0b
0dea22fe2e331507926d4208373176046c139204
98536c7fbac01cfc5e88e41c5d0bc7cb5f95cf8809c94e533c966796ac95055b
GET /glows-57455/src/images/commander.png HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/png
content-length: 111723
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: "7f15202a86454b2316d69684c833ad0b"
x-amz-request-id: tx0000000000000000a4b4f-0063775650-1ce993ea-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc10
accept-ranges: bytes
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/images/doubloons.png
92.223.97.97200 OK 247 kB URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/images/doubloons.png
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 247 kB (246605 bytes)
Hash 8b06662f4fc6ab9c26a3ffd7da5feb42
69e221f633c5a6c341183e5c20742ea7e0836329
de4a2d84facc74b4701a4b3b12114ee85250cd0d1eec2d933e6f6b31f655e719
GET /glows-57455/src/images/doubloons.png HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/png
content-length: 246605
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: "8b06662f4fc6ab9c26a3ffd7da5feb42"
x-amz-request-id: tx000000000000004fa51b3-0063775650-1c6c35db-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc10
accept-ranges: bytes
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/images/credits.png
92.223.97.97200 OK 272 kB URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/images/credits.png
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 272 kB (272289 bytes)
Hash 6be9952d14195e111719c70b58e788f5
3283434ff68fb3a5e2af2428a8be0c0f85acddb5
0419700cbd7cdaa3a0db8c90885d3e2164aed3df91e533188065323a88235e0f
GET /glows-57455/src/images/credits.png HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/png
content-length: 272289
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: "6be9952d14195e111719c70b58e788f5"
x-amz-request-id: tx000000000000000008425-0063775650-1ce9b882-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc13
accept-ranges: bytes
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/images/prem.png
92.223.97.97200 OK 354 kB URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/images/prem.png
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 354 kB (353929 bytes)
Hash 609e9f8297dcfd17f8fca08bc1ed5f20
9266b315ef4fb0303aabc0734065eecad314ec8c
00181d0401aa5c40a1f9383098c81be283d807174c04d01028ce48114cb01554
GET /glows-57455/src/images/prem.png HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/png
content-length: 353929
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: "609e9f8297dcfd17f8fca08bc1ed5f20"
x-amz-request-id: tx0000000000000000a4b50-0063775650-1ce993ea-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc10
accept-ranges: bytes
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=6ea45b81e47c58269b68289d05535e19
194.233.68.84200 OK 0 B URL HTTP/2 lalangmanis.com/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=6ea45b81e47c58269b68289d05535e19
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=6ea45b81e47c58269b68289d05535e19 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/css
last-modified: Sun, 15 May 2022 10:27:16 GMT
etag: W/"6280d584-92ec"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
lalangmanis.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
194.233.68.84200 OK 0 B URL HTTP/2 lalangmanis.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: application/javascript
last-modified: Sun, 15 May 2022 06:13:28 GMT
etag: W/"62809a08-2bd8"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/images/logo-main.svg
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/images/logo-main.svg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/images/logo-main.svg HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/svg+xml
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"3205035293624ac8f4502ce6c888db9e"
x-amz-request-id: tx00000000000000011c604-0063775650-1ce8cb68-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc11
content-encoding: gzip
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/styles/style.css
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/styles/style.css
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/styles/style.css HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"27c3d596e8fb86e8cae8fb1aecb9233f"
x-amz-request-id: tx000000000000001cfaeda-00637f6eef-1bfc3e68-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-24T13:17:35+00:00
x-id: sto5-up-gc11
content-encoding: gzip
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/libs/aos.css
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/libs/aos.css
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/libs/aos.css HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"1691966fad1799cece5fedf5bbd55bfc"
x-amz-request-id: tx0000000000000004b6c38-00637f6eef-1cf95248-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-24T13:17:35+00:00
x-id: sto5-up-gc11
content-encoding: gzip
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pack_main.css?ver=32b0396dacab6790bdbb765eba5d6338
194.233.68.84200 OK 0 B URL HTTP/2 lalangmanis.com/wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pack_main.css?ver=32b0396dacab6790bdbb765eba5d6338
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
GET /wp-content/plugins/td-standard-pack/Newspaper/assets/css/td_standard_pack_main.css?ver=32b0396dacab6790bdbb765eba5d6338 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/css
last-modified: Sun, 15 May 2022 10:30:35 GMT
etag: W/"6280d64b-b2ccc"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/global_static/age_ratings/v2/pegi_rating.svg
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/global_static/age_ratings/v2/pegi_rating.svg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /global_static/age_ratings/v2/pegi_rating.svg HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/svg+xml
last-modified: Mon, 14 Feb 2022 22:01:21 GMT
etag: W/"207ef7e145ba483b342b96f8c2fbf72a"
x-amz-request-id: tx0000000000000002a85f1-00633fe0c3-1c4459fa-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-24T08:22:35+00:00
x-id: sto5-up-gc13
content-encoding: gzip
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/libs/jquery.fullpage.js
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/libs/jquery.fullpage.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/libs/jquery.fullpage.js HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"9a854eed59d24b9252aa7e8ff082eda8"
x-amz-request-id: tx000000000000004fa51b2-0063775650-1c6c35db-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc13
content-encoding: gzip
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/scripts/script.js
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/scripts/script.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/scripts/script.js HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"c72b29ff788a7779aadcaaf8157c099c"
x-amz-request-id: tx000000000000000ba258a-0063775650-1bfc3e68-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc13
content-encoding: gzip
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/images/logo-hor.svg
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/images/logo-hor.svg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/images/logo-hor.svg HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/svg+xml
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"f37677b980c03bd3f2537e0ab36aa703"
x-amz-request-id: tx0000000000000007e7048-0063775650-1cdf9313-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc14
content-encoding: gzip
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/libs/oneTrustBanner.js
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/libs/oneTrustBanner.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/libs/oneTrustBanner.js HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"756187d7b894fafd3191e6683d92af26"
x-amz-request-id: tx0000000000000007e7049-0063775650-1cdf9313-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc10
content-encoding: gzip
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/libs/jquery.min.js
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/libs/jquery.min.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/libs/jquery.min.js HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"4f252523d4af0b478c810c2547a63e19"
x-amz-request-id: tx000000000000000008424-0063775650-1ce9b882-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc14
content-encoding: gzip
X-Firefox-Spdy: h2
lalangmanis.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
194.233.68.84200 OK 0 B URL HTTP/2 lalangmanis.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/css
last-modified: Tue, 15 Nov 2022 20:15:42 GMT
etag: W/"6373f36e-172a9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
lalangmanis.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
194.233.68.84200 OK 0 B URL HTTP/2 lalangmanis.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: application/javascript
last-modified: Tue, 22 Nov 2022 08:43:34 GMT
etag: W/"637c8bb6-16835"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/libs/jquery.fullpage.min.css
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/libs/jquery.fullpage.min.css
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/libs/jquery.fullpage.min.css HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"c397710fd5227e7e53b0c95cbc6b9d61"
x-amz-request-id: tx000000000000000786d8e-0063775650-1cdfff90-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc10
content-encoding: gzip
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/glows-57455/src/libs/aos.js
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/glows-57455/src/libs/aos.js
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/src/libs/aos.js HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"7ee92212a3ecbc19d9d71fa3818508af"
x-amz-request-id: tx0000000000000007e704a-0063775650-1cdf9313-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-26T09:54:55+00:00
x-id: sto5-up-gc12
content-encoding: gzip
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=6ea45b81e47c58269b68289d05535e19
194.233.68.84200 OK 0 B URL HTTP/2 lalangmanis.com/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=6ea45b81e47c58269b68289d05535e19
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=6ea45b81e47c58269b68289d05535e19 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/css
last-modified: Sun, 15 May 2022 10:27:19 GMT
etag: W/"6280d587-27b2d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/plugins/td-newsletter/style.css?ver=11.5
194.233.68.84200 OK 0 B URL HTTP/2 lalangmanis.com/wp-content/plugins/td-newsletter/style.css?ver=11.5
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/td-newsletter/style.css?ver=11.5 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/css
last-modified: Sun, 15 May 2022 10:29:15 GMT
etag: W/"6280d5fb-1558"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/global_static/age_ratings/v2/pegi_ext-in-game-purchases.svg
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/global_static/age_ratings/v2/pegi_ext-in-game-purchases.svg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /global_static/age_ratings/v2/pegi_ext-in-game-purchases.svg HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/svg+xml
last-modified: Mon, 14 Feb 2022 22:01:20 GMT
etag: W/"635ea99325f08d75fd8f09201f998f50"
x-amz-request-id: tx0000000000000002a85b2-00633fe0c3-1c445a09-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-24T08:21:48+00:00
x-id: sto5-up-gc11
content-encoding: gzip
X-Firefox-Spdy: h2
promo-cdn.worldofwarships.com/global_static/age_ratings/v2/pegi_ext-violence.svg
92.223.97.97200 OK 0 B URL HTTP/2 promo-cdn.worldofwarships.com/global_static/age_ratings/v2/pegi_ext-violence.svg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /global_static/age_ratings/v2/pegi_ext-violence.svg HTTP/1.1
Host: promo-cdn.worldofwarships.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promo.worldofwarships.eu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: image/svg+xml
last-modified: Mon, 14 Feb 2022 22:01:20 GMT
etag: W/"9a3e2c35d77bd8b96138310eeb6b7f7b"
x-amz-request-id: tx00000000000000080ab06-00633fe0c3-1c4c0c09-ed1
access-control-allow-origin: *
cache: HIT
x-cached-since: 2022-11-24T08:21:48+00:00
x-id: sto5-up-gc11
content-encoding: gzip
X-Firefox-Spdy: h2
lalangmanis.com/wp-content/themes/Newspaper/style.css?ver=11.5
194.233.68.84200 OK 0 B URL HTTP/2 lalangmanis.com/wp-content/themes/Newspaper/style.css?ver=11.5
IP 194.233.68.84:0
ASN #141995 Contabo Asia Private Limited
GET /wp-content/themes/Newspaper/style.css?ver=11.5 HTTP/1.1
Host: lalangmanis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/css
last-modified: Sat, 14 May 2022 22:45:46 GMT
etag: W/"6280311a-26566"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%2C800%7CRoboto%3A400%2C500%2C700%2C800%7CRoboto+Condensed%3A700%2C400%7CMontserrat%3A800%2C700%2C400%2C600%7CVolkhov%3A400&display=swap&ver=11.5
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A400%2C600%2C700%2C800%7CRoboto%3A400%2C500%2C700%2C800%7CRoboto+Condensed%3A700%2C400%7CMontserrat%3A800%2C700%2C400%2C600%7CVolkhov%3A400&display=swap&ver=11.5
IP 142.250.74.10:0
GET /css?family=Open+Sans%3A400%2C600%2C700%2C800%7CRoboto%3A400%2C500%2C700%2C800%7CRoboto+Condensed%3A700%2C400%7CMontserrat%3A800%2C700%2C400%2C600%7CVolkhov%3A400&display=swap&ver=11.5 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 03:56:38 GMT
date: Sun, 27 Nov 2022 03:56:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jsc.mgid.com/l/a/lalangmanis.com.1168211.js
104.19.132.78200 OK 0 B URL HTTP/2 jsc.mgid.com/l/a/lalangmanis.com.1168211.js
IP 104.19.132.78:0
GET /l/a/lalangmanis.com.1168211.js HTTP/1.1
Host: jsc.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lalangmanis.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 03:56:38 GMT
content-type: text/javascript
cf-bgj: minify
cf-polished: origSize=2348
etag: W/"ceaa192d76dd016dba4f1df2cd05f396"
last-modified: Wed, 23 Nov 2022 11:46:57 GMT
x-amz-id-2: 8IQwTbpi/GXd2+TN+NslzmOztAFU9VwfDS7qRGejwaDIMbPWfqPxQ2m8cxMsD3LR6XnGsedJB7Y=
x-amz-request-id: SAP4KJWGXQXH6JBD
x-amz-version-id: vmB1hPYmPMJdl5HjNZ5ulFmwxuPoD9NS
cf-cache-status: HIT
expires: Sun, 27 Nov 2022 06:56:38 GMT
cache-control: public, max-age=10800
set-cookie: __cf_bm=Hq6870ctv68XEfcAorR3IcG44.84RoDDyqgqcFWnF7I-1669521398-0-AbIgiV1Ry1Tn/n1IQ9vwb2XY2xL0T7ZPlB7ra+ciTjh0S/fgvRqvy6X2pAsZsBE0tEoSj3w6NnZWFAP6wspcioo=; path=/; expires=Sun, 27-Nov-22 04:26:38 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7707ef6758cbb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thirawogla.com/bm3iVx0.Pj3upevvb/m/V_JqZ-DG0v0/NqTJcEylMqjNApwjLVTsQA1wNJzGIgy/MbDOEu
88.85.94.246200 OK 0 B URL HTTP/2 thirawogla.com/bm3iVx0.Pj3upevvb/m/V_JqZ-DG0v0/NqTJcEylMqjNApwjLVTsQA1wNJzGIgy/MbDOEu
IP 88.85.94.246:0
GET /bm3iVx0.Pj3upevvb/m/V_JqZ-DG0v0/NqTJcEylMqjNApwjLVTsQA1wNJzGIgy/MbDOEu HTTP/1.1
Host: thirawogla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://long.interestmoments.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:43 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-frame-options: DENY
referrer-policy: no-referrer
p3p: CP="CUR ADM OUR NOR STA NID"
last-modified: Sun, 27 Nov 2022 03:56:43 GMT
set-cookie: kadCCap=219484:1:1667715065;199455:1:1668245056;194136:1:1669413157;218693:1:1669515516;219652:1:1669330335;79610:1:1669272875;221398:1:1669325799;219047:1:1667194435;220790:1:1668460505;212269:1:1667199062;220335:1:1669231427; max-age=1701057403; path=/
kadACap=449523:1:1669519460;383700:1:1669473413;410252:1:1669443062;419295:1:1669362714;446013:1:1668228435;419323:1:1669432178;419293:1:1669439385;407100:1:1668246232;424441:1:1669449948;445735:1:1669286676;419297:1:1669465197;445506:1:1669286676;451724:1:1669474978;190964:1:1669272875;451139:1:1669521403;419303:1:1669446827;401659:1:1669300061;453831:1:1669298989;446531:1:1669270846;419301:1:1669283271;419299:1:1669432259;442019:1:1669447425;419291:1:1669443279;419321:1:1669463839;346327:1:1669504325; max-age=1701057403; path=/
kadCSCap=218693:1:1669515516; path=/
kadASCap=383700:1:1669473413;451139:1:1669521403;410252:1:1669443062;442019:1:1669447425;449523:1:1669519460;419293:1:1669439385;419291:1:1669443279;419297:1:1669465197;451724:1:1669474978;346327:1:1669504325;419303:1:1669446827;419321:1:1669463839;424441:1:1669449948; path=/
kadRPixJ=bnVsbA==; max-age=1701057403; path=/
kadUnP3=CAcQxJ+KnAYaDQjQ6pcCEAEYq/mGnAYaDQjgoogCEAEY7YiInAYaDQioiJcCEAUYhcmInAYaDQjMyZcCEAEYya2KnAYaDQicnpQCEAEYz92GnAYaDQj66pcCEAEYgf6GnAYaDQjE7JcCEAEY+YWInAYaDQi+8JcCEAEYxJ+KnAYaDQjzwZkBEAEYxbqKnAYaDQjrxaQBEAEY/JGLnAYaDQiEyJMCEAEY9tuGnAYiCggDEAcYxJ+KnAYqDAj19CcQARir+YacBioMCPmgKBABGPmFiJwGKgwIhKclEAEY9tuGnAYqDAjCriUQARjP3YacBioMCIyVJhABGO2IiJwGKgwIpJMoEAUYhcmInAYqDAiSnCgQARjJrYqcBioMCN+gKBABGIH+hpwGKgwIjL0SEAEYxbqKnAYqDAix/xMQARj8kYucBioMCPT0JxABGMSfipwG; max-age=1701057403; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
promo.worldofwarships.eu/glows-57455/eu-en/?t=1&pub_id=1287&xid=6382dffdcbd356000123a1a7&xid_param1=EZ46KGBJ6R&xid_param_2=&sid=SIDBbHKuFHuFRaK-JeXiYC-Je8d5d64zxBAjwvVbhZYbxvNPWUmv4GPASH629ufhO9si4kLfMJ5jAcN8MMsaqEYtZzY3w06MvxduIkd46cqoy2WKvbxGL-r3TLU1nmpIU6epdgGwRPy7hYBaw&enctid=comry1hcw6oc&lpsn=WOWS+WLAP+LP+Submarines+code+WOLFPACK&foris=1&teclient=1669521405290924063&utm_source=wlap&utm_medium=affiliate&utm_campaign=l533wk2q&utm_content=1287
92.223.97.97200 OK 0 B URL HTTP/2 promo.worldofwarships.eu/glows-57455/eu-en/?t=1&pub_id=1287&xid=6382dffdcbd356000123a1a7&xid_param1=EZ46KGBJ6R&xid_param_2=&sid=SIDBbHKuFHuFRaK-JeXiYC-Je8d5d64zxBAjwvVbhZYbxvNPWUmv4GPASH629ufhO9si4kLfMJ5jAcN8MMsaqEYtZzY3w06MvxduIkd46cqoy2WKvbxGL-r3TLU1nmpIU6epdgGwRPy7hYBaw&enctid=comry1hcw6oc&lpsn=WOWS+WLAP+LP+Submarines+code+WOLFPACK&foris=1&teclient=1669521405290924063&utm_source=wlap&utm_medium=affiliate&utm_campaign=l533wk2q&utm_content=1287
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
GET /glows-57455/eu-en/?t=1&pub_id=1287&xid=6382dffdcbd356000123a1a7&xid_param1=EZ46KGBJ6R&xid_param_2=&sid=SIDBbHKuFHuFRaK-JeXiYC-Je8d5d64zxBAjwvVbhZYbxvNPWUmv4GPASH629ufhO9si4kLfMJ5jAcN8MMsaqEYtZzY3w06MvxduIkd46cqoy2WKvbxGL-r3TLU1nmpIU6epdgGwRPy7hYBaw&enctid=comry1hcw6oc&lpsn=WOWS+WLAP+LP+Submarines+code+WOLFPACK&foris=1&teclient=1669521405290924063&utm_source=wlap&utm_medium=affiliate&utm_campaign=l533wk2q&utm_content=1287 HTTP/1.1
Host: promo.worldofwarships.eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 03:56:45 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
last-modified: Fri, 18 Nov 2022 09:51:26 GMT
etag: W/"f38be4fe58e75042887e6ff48723896e"
x-amz-request-id: tx000000000000000a36d5c-00637b7980-1ce8cb68-ed1
cache: HIT
x-cached-since: 2022-11-25T13:13:46+00:00
x-id: sto5-up-gc10
content-encoding: gzip
X-Firefox-Spdy: h2