r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12302
Expires: Sat, 28 Jan 2023 22:17:18 GMT
Date: Sat, 28 Jan 2023 18:52:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5045
Expires: Sat, 28 Jan 2023 20:16:21 GMT
Date: Sat, 28 Jan 2023 18:52:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 18:35:31 GMT
content-type: application/json
age: 1005
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
saffronus.com/
198.54.126.25301 Moved Permanently 707 B IP 198.54.126.25:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sat, 28 Jan 2023 18:52:16 GMT
server: LiteSpeed
location: https://saffronus.com/
x-turbo-charged-by: LiteSpeed
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7371
Expires: Sat, 28 Jan 2023 20:55:07 GMT
Date: Sat, 28 Jan 2023 18:52:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bFFv+1BVQ6Snet7sbQ4EoxtE7tzSiF5iL4pHh1GE4VlENSlHEO/p6tFKykuSqLhY5EzDYcnQapk=
x-amz-request-id: 0GFD5GD38D0YGTZQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 18:50:01 GMT
age: 135
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 18:52:16 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 18:41:40 GMT
age: 637
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d78e9648836d2a5a9a3d3f9a4ae715c3
5690020b4fab70f15d78203d4a222888e8880a00
d217f7160c05e49e72fea585d2baa328266b3c1da60af6b95543b1a75b044355
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 18:52:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 01:43:03 GMT
Expires: Thu, 02 Feb 2023 01:43:02 GMT
Etag: "5690020b4fab70f15d78203d4a222888e8880a00"
Cache-Control: max-age=369644,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 790bec9f39280b69-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13470
Expires: Sat, 28 Jan 2023 22:36:47 GMT
Date: Sat, 28 Jan 2023 18:52:17 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:52:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
54.189.85.130101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.85.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yes40w8lKxGUzZDSainhHg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xDSeFPJL/nGnZTa3ASJdCVjtT8A=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7da8f9a23d8c05f64f248e4e3427c76e
e2d001c2909cd9403173cbb0e288d55fbc8e4d0a
db8790004124a0eeb0676860170ad9c37250b2ba697a27dee62c99b64c67b4b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:52:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
saffronus.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
198.54.126.25200 OK 2.4 kB URL HTTP/2 saffronus.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP 198.54.126.25:0
File type ASCII text, with very long lines (11256), with no line terminators
Hash ce94f62588d05264ac0148712111cb11
518bcd922f54169aeb199c0ccbc5877165ac218e
84ab658a69c39f424be0b27f61d612447d01606fce33beb962cbea53627d8c81
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Sun, 02 Oct 2022 09:26:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2394
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-includes/js/mediaelement/wp-mediaelement.min.css
198.54.126.25200 OK 982 B URL HTTP/2 saffronus.com/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP 198.54.126.25:0
File type ASCII text, with very long lines (4186), with no line terminators
Hash 24f4d7f425e792ab35adaab50816e54a
9e25bf79b674ddb7ba09ad7f118c50ec473c02c8
1c78bfb4d523785a4ebd37bb1f79f214f9bdb16673f7cc50805f7f1a26ad7f83
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Sun, 02 Oct 2022 09:26:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 982
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-includes/css/classic-themes.min.css
198.54.126.25200 OK 217 B URL HTTP/2 saffronus.com/wp-includes/css/classic-themes.min.css
IP 198.54.126.25:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
GET /wp-includes/css/classic-themes.min.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2022 01:30:29 GMT
accept-ranges: bytes
content-length: 217
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css
198.54.126.25200 OK 1.8 kB URL HTTP/2 saffronus.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css
IP 198.54.126.25:0
File type ASCII text, with very long lines (10435), with no line terminators
Hash f7237084ac82ea6a4f5bf1448c3a2148
60457635a5e809ee1199c61090d8e33b91e8e1f2
18a1cb7f08c1ace52a79f46d73461ed03bf8cf5c9e8a3687eacc3e04f08e7a09
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Fri, 13 Jan 2023 10:05:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1754
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/plugins/contact-form-7/includes/css/styles.css
198.54.126.25200 OK 870 B URL HTTP/2 saffronus.com/wp-content/plugins/contact-form-7/includes/css/styles.css
IP 198.54.126.25:0
Hash db1891276028bf4b41d1e27e86517147
00b1fb3f26fd4b31d4ea0bf6ef5fb87e7a643d74
9351dbbea3e724e73cde04476a06a98a726c0b341c4cbe4a40354c4752494e5d
GET /wp-content/plugins/contact-form-7/includes/css/styles.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Thu, 26 Jan 2023 10:15:45 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 870
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-includes/css/dist/block-library/style.min.css
198.54.126.25200 OK 12 kB URL HTTP/2 saffronus.com/wp-includes/css/dist/block-library/style.min.css
IP 198.54.126.25:0
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
GET /wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Tue, 15 Nov 2022 22:03:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11616
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css
198.54.126.25200 OK 23 kB URL HTTP/2 saffronus.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css
IP 198.54.126.25:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Hash 7764ef0866edd9e19f3bae0b3774154c
2a8091abd24aa9434f9c4374a34a584af19106c8
47c6e34db110643e3578fa035f62d990d69575305f466756efc84527fb0fa604
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Fri, 13 Jan 2023 10:05:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 23279
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/themes/mts_coupon/css/owl.carousel.css
198.54.126.25200 OK 1.8 kB URL HTTP/2 saffronus.com/wp-content/themes/mts_coupon/css/owl.carousel.css
IP 198.54.126.25:0
Hash c4cc01407220a3265141a3b0564b75e4
3b8aeb062231bd8de00043dc3358e30ebfa0d278
988a1d0f3ee21ab3328e9f1e8b7ffa0ba5474b76e68c2aa2fb927dbb9743d5ca
GET /wp-content/themes/mts_coupon/css/owl.carousel.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Fri, 09 Jul 2021 01:25:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1764
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/themes/mts_coupon/css/responsive.css
198.54.126.25200 OK 3.5 kB URL HTTP/2 saffronus.com/wp-content/themes/mts_coupon/css/responsive.css
IP 198.54.126.25:0
File type assembler source, ASCII text
Hash a79c9bf0b4528d42fdd5cc1f165b966a
988892204828d8f9782275ff84c09a617ce345e1
dc3809f6ae4c3b5a22c1b6aa952ae6bbd5ba8f09e358e142b7cc324d9c020c87
GET /wp-content/themes/mts_coupon/css/responsive.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Fri, 09 Jul 2021 01:25:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3518
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/themes/mts_coupon/style.css
198.54.126.25200 OK 16 kB URL HTTP/2 saffronus.com/wp-content/themes/mts_coupon/style.css
IP 198.54.126.25:0
File type ASCII text, with very long lines (492)
Hash 29cb96cb5eb6c20928bf703c54e64fd7
cee1f6cbf0353d7099cc51e4bd218ade9b141bea
ad0c07de52ed1dddcef2c6493da334354fea24f83b603c21c768f9a5687f8290
GET /wp-content/themes/mts_coupon/style.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Fri, 09 Jul 2021 01:25:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 15538
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-includes/js/jquery/jquery-migrate.min.js
198.54.126.25200 OK 4.0 kB URL HTTP/2 saffronus.com/wp-includes/js/jquery/jquery-migrate.min.js
IP 198.54.126.25:0
File type ASCII text, with very long lines (11126)
Hash 7e058b51f939eacfa31cdface14dded5
9d732e5afdeb42edef9e1b9631b7e95e054787cc
4ece5b00423755d8f4121ce382c8ea4dc44c241f28f150abe19caa85d0b0acc1
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Sun, 02 Oct 2022 09:26:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3995
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/plugins/affiliate-egg/res/js/price_alert.js
198.54.126.25200 OK 385 B URL HTTP/2 saffronus.com/wp-content/plugins/affiliate-egg/res/js/price_alert.js
IP 198.54.126.25:0
Hash 8075704b730e83fb1fd29f88fdcc2900
81fd08249b2d0d39ffa24ac9b55def153e1843f8
5bfa576cad4da3b47c7bf198c00d27bd9d7a52f3e32d990ee3f634e5df933cae
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/affiliate-egg/res/js/price_alert.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Sun, 25 Dec 2022 09:16:55 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 385
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/plugins/content-egg/res/js/price_alert.js
198.54.126.25200 OK 477 B URL HTTP/2 saffronus.com/wp-content/plugins/content-egg/res/js/price_alert.js
IP 198.54.126.25:0
Hash 2aa84da42940895c1e434eaa5bdad718
6dee6ca53834de06be948d2084779d8285039af4
80a3b64446378cf09da2bad8018d173b987c062e3a44edd98663e203dc4f93f4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/content-egg/res/js/price_alert.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Sat, 28 Jan 2023 09:22:27 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 477
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/uploads/2019/04/Logo-saffronus.png
198.54.126.25200 OK 6.5 kB URL HTTP/2 saffronus.com/wp-content/uploads/2019/04/Logo-saffronus.png
IP 198.54.126.25:0
File type PNG image data, 180 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 06e4066acb0da7e9ea17c43a017506b0
0a307899242a72399529c1065add13598e9fbd99
ae81e2d6ff5ef6579b18c9557bf8f149c27395a449550735decd9692a0cb59dd
GET /wp-content/uploads/2019/04/Logo-saffronus.png HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: image/png
last-modified: Wed, 17 Apr 2019 16:22:37 GMT
accept-ranges: bytes
content-length: 6460
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js
198.54.126.25200 OK 2.9 kB URL HTTP/2 saffronus.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js
IP 198.54.126.25:0
File type ASCII text, with very long lines (10565), with no line terminators
Hash 70f3b9dd6a51a766210411d4ed0752de
5507f795072da10842897292e32c24b8cbf7827d
8ad70d44d761d4e24fdcdd496c7d529c52c68a7c7dce2471104d4efa2d01ca89
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 10:15:45 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2911
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/plugins/contact-form-7/includes/js/index.js
198.54.126.25200 OK 3.9 kB URL HTTP/2 saffronus.com/wp-content/plugins/contact-form-7/includes/js/index.js
IP 198.54.126.25:0
File type HTML document, ASCII text, with very long lines (12761), with no line terminators
Hash 15650873a686136e7436d22dc1fd1113
d5dcae162c6e16d522f3fb829d69e098b9314c74
9648e9d80b4e797e35d03315f648a2e6f58e6d5c2efb662d3c89e2ab1ed52416
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/index.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 10:15:45 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3876
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/themes/mts_coupon/css/font-awesome.min.css
198.54.126.25200 OK 6.6 kB URL HTTP/2 saffronus.com/wp-content/themes/mts_coupon/css/font-awesome.min.css
IP 198.54.126.25:0
File type ASCII text, with very long lines (30770)
Hash 52a481143cf5a26745dda7e5387a818e
f88f49586ad849084d9a6c1ce361f4c3fe8afe7c
c5602d51bb7891da8ec22c0228f3cad27579cde08086c21a4381f4e1da9538c8
GET /wp-content/themes/mts_coupon/css/font-awesome.min.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Fri, 09 Jul 2021 01:25:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6636
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.css
198.54.126.25200 OK 7.8 kB URL HTTP/2 saffronus.com/wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.css
IP 198.54.126.25:0
File type ASCII text, with very long lines (12105)
Hash 9eb74d6046300023686419f6305d4d8c
c4dbb5662f53ced3d0df73c1e2ff63cf1a19c060
02a590bc43301c6b37705d9d778644d6c885dfa367f0f9bad85915042c78f9e3
GET /wp-content/plugins/jetpack/_inc/social-logos/social-logos.min.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Mon, 16 Jan 2023 22:08:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7765
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/plugins/jetpack/css/jetpack.css
198.54.126.25200 OK 16 kB URL HTTP/2 saffronus.com/wp-content/plugins/jetpack/css/jetpack.css
IP 198.54.126.25:0
File type Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Hash 4128d337c26c3a99038deb6bc5a7bc47
86b59c97f52149c2912ffb703e1a0b0f0cc6abe3
3533364c1722032e5d6e3935b08cd20211a6ef5b421a295e3ca65b0f36427b4e
GET /wp-content/plugins/jetpack/css/jetpack.css HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: text/css
last-modified: Mon, 16 Jan 2023 22:08:23 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 15688
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-includes/js/jquery/jquery.min.js
198.54.126.25200 OK 30 kB URL HTTP/2 saffronus.com/wp-includes/js/jquery/jquery.min.js
IP 198.54.126.25:0
File type ASCII text, with very long lines (65447)
Hash 3a1740685bd5c0bbd5f2b812e1eb7fb4
488e07695da787fed18361c50292aef35abb5e81
4a07aed2d8cf88afdec0b56b365b951c76d387db3459166b5a0d25e2e6cc95ef
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 01:30:29 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30324
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/themes/mts_coupon/js/owl.carousel.min.js
198.54.126.25200 OK 14 kB URL HTTP/2 saffronus.com/wp-content/themes/mts_coupon/js/owl.carousel.min.js
IP 198.54.126.25:0
File type ASCII text, with very long lines (32068)
Hash 1a3adcd405c630448479c2190e5a8183
50763affd6ce831f20612d79604be628d2188343
d34d1f9654ba2c2deed0958c44028b215b6a8ecf0af9332651fa80af3478bf96
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/mts_coupon/js/owl.carousel.min.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Fri, 09 Jul 2021 01:25:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14315
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:52:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:52:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/rubik/v23/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2
216.58.207.227200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/rubik/v23/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17424, version 1.0\012- data
Hash ae296b25384237514e540501a98ce4b2
f031046681848999f489f0585db7a5fc42270c42
69d2e3ffdee3731bdd06ac65ddd73d847cf46e42884cf21412960f376f411251
GET /s/rubik/v23/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFV0U1.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://saffronus.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17424
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 10:05:31 GMT
expires: Sat, 27 Jan 2024 10:05:31 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 07 Dec 2022 18:11:52 GMT
content-type: font/woff2
age: 118007
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/rubik/v23/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1Z4Y.woff2
216.58.207.227200 OK 8.9 kB URL HTTP/2 fonts.gstatic.com/s/rubik/v23/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1Z4Y.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 8932, version 1.0\012- data
Hash e7e41c727e24bc57cbde289610bc47f8
83de661160dbdd2753a1eba876ef15b16e9e645c
497d075e57983754beb4314bc891e4862968af310350c3efef10540ac6cb217e
GET /s/rubik/v23/iJWZBXyIfDnIV5PNhY1KTN7Z-Yh-B4iFWUU1Z4Y.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://saffronus.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8932
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 19:37:46 GMT
expires: Thu, 25 Jan 2024 19:37:46 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 07 Dec 2022 18:44:41 GMT
content-type: font/woff2
age: 256472
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
saffronus.com/wp-includes/js/wp-emoji-release.min.js
198.54.126.25200 OK 4.6 kB URL HTTP/2 saffronus.com/wp-includes/js/wp-emoji-release.min.js
IP 198.54.126.25:0
File type ASCII text, with very long lines (15660)
Hash 0232689bd203f330529b36a437f41a68
9046583f7469ad38297969f10a9513eb895d5316
feea9f30a6e454579bbeabf236b7abdb0c7de84dd2852422555ad67348c5e886
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Sun, 02 Oct 2022 09:26:44 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4619
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/themes/mts_coupon/js/customscript.js
198.54.126.25200 OK 5.3 kB URL HTTP/2 saffronus.com/wp-content/themes/mts_coupon/js/customscript.js
IP 198.54.126.25:0
Hash b8c2c2f2cdf39f34a97e99501110b373
4b5f210a6bd19fe2f37febd25458b1769c060699
5a6a4c88a8c5163923d0ca655960e867c43964f22c21e73d79ad39f2803bc439
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/mts_coupon/js/customscript.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Fri, 09 Jul 2021 01:25:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5317
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/themes/mts_coupon/js/clipboard.min.js
198.54.126.25200 OK 4.4 kB URL HTTP/2 saffronus.com/wp-content/themes/mts_coupon/js/clipboard.min.js
IP 198.54.126.25:0
File type Unicode text, UTF-8 text, with very long lines (10199)
Hash fc1cc94fd89bcdd74746fc4fd5a56ad8
f0b7d98a5c3e55e6f5b4f69dd5db92c9190867f2
fb3971cbc3472820fc79d2fa55b049c6ed4cf080eca25c6b1ab2f2a36ea6cd5f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/mts_coupon/js/clipboard.min.js HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:17 GMT
content-type: application/javascript
last-modified: Fri, 09 Jul 2021 01:25:57 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4419
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:52:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pixel.wp.com/g.gif?v=ext&blog=161365897&post=0&tz=7&srv=saffronus.com&j=1%3A11.7.1&host=saffronus.com&ref=&fcp=2035&rand=0.41521686057439333
192.0.76.3200 OK 50 B URL HTTP/2 pixel.wp.com/g.gif?v=ext&blog=161365897&post=0&tz=7&srv=saffronus.com&j=1%3A11.7.1&host=saffronus.com&ref=&fcp=2035&rand=0.41521686057439333
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&blog=161365897&post=0&tz=7&srv=saffronus.com&j=1%3A11.7.1&host=saffronus.com&ref=&fcp=2035&rand=0.41521686057439333 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 18:52:18 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
saffronus.com/wp-content/themes/mts_coupon/images/nobg.png
198.54.126.25200 OK 68 B URL HTTP/2 saffronus.com/wp-content/themes/mts_coupon/images/nobg.png
IP 198.54.126.25:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 73031b554fd75a3df2b54c9fc5d2d654
447a248347bf2e003df3dd1750403068575ee019
01fc92b7704c3e3baaefd2ce87ce17e2ea266a1bb4244f032da25931e9c6fb92
GET /wp-content/themes/mts_coupon/images/nobg.png HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:18 GMT
content-type: image/png
last-modified: Fri, 09 Jul 2021 01:25:57 GMT
accept-ranges: bytes
content-length: 68
date: Sat, 28 Jan 2023 18:52:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/themes/mts_coupon/fonts/fontawesome-webfont.woff2
198.54.126.25200 OK 77 kB URL HTTP/2 saffronus.com/wp-content/themes/mts_coupon/fonts/fontawesome-webfont.woff2
IP 198.54.126.25:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/mts_coupon/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://saffronus.com/wp-content/themes/mts_coupon/css/font-awesome.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:18 GMT
content-type: font/woff2
last-modified: Fri, 09 Jul 2021 01:25:57 GMT
accept-ranges: bytes
content-length: 77160
date: Sat, 28 Jan 2023 18:52:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/uploads/2019/04/cropped-icon-saffronus-32x32.jpg
198.54.126.25200 OK 845 B URL HTTP/2 saffronus.com/wp-content/uploads/2019/04/cropped-icon-saffronus-32x32.jpg
IP 198.54.126.25:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 32x32, components 3\012- data
Hash 3a300fdd15cd7ead640718ff14df285b
4f9d1599838f8b5ea45c1c18865c9377b1295bfc
9315ef8b97e4a63752fe359449dff43d343af14b8dbb9721c9af698578b218aa
GET /wp-content/uploads/2019/04/cropped-icon-saffronus-32x32.jpg HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Cookie: tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:18 GMT
content-type: image/jpeg
last-modified: Wed, 17 Apr 2019 16:31:23 GMT
accept-ranges: bytes
content-length: 845
date: Sat, 28 Jan 2023 18:52:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
stats.wp.com/e-202304.js
192.0.76.3200 OK 9.4 kB IP 192.0.76.3:0
File type ASCII text, with very long lines (2690)
Hash d114afbd6ca1fe68b2161805e9b7d9fe
90b2cc218e2ee666db86f4858a6250ec3bee3ea7
89706aeff59ca2538f2e67d5f9be8f138dec14596f6e463b237d8deaf64f89bb
GET /e-202304.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 18:52:17 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 11 Dec 2023 21:09:59 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
saffronus.com/wp-content/uploads/2020/02/logo-klook-coupon.jpg
198.54.126.25200 OK 9.5 kB URL HTTP/2 saffronus.com/wp-content/uploads/2020/02/logo-klook-coupon.jpg
IP 198.54.126.25:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5], baseline, precision 8, 300x90, components 3\012- data
Hash 78d6c32e838d0847aa3b2cd318214890
0face37019613eec68b04a5d144f8b4d575d2fbf
8d56f995b9753072c65932740224ef9398452a215bb2fcbb2f26d430da4b9eb0
GET /wp-content/uploads/2020/02/logo-klook-coupon.jpg HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Cookie: tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:18 GMT
content-type: image/jpeg
last-modified: Thu, 27 Feb 2020 03:07:56 GMT
accept-ranges: bytes
content-length: 9460
date: Sat, 28 Jan 2023 18:52:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/uploads/2020/02/logo-mytour-coupon.jpg
198.54.126.25200 OK 6.7 kB URL HTTP/2 saffronus.com/wp-content/uploads/2020/02/logo-mytour-coupon.jpg
IP 198.54.126.25:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, orientation=upper-left], baseline, precision 8, 300x90, components 3\012- data
Hash db83eb4a668cfc6919a7daafd1f31383
d2a481091929a35a5a50db2ca5a1063dff0c4851
b50251b780b32996331ecfffa29aaac6bab0f324f6b437fef0fb893915d283ac
GET /wp-content/uploads/2020/02/logo-mytour-coupon.jpg HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Cookie: tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:18 GMT
content-type: image/jpeg
last-modified: Thu, 27 Feb 2020 03:06:59 GMT
accept-ranges: bytes
content-length: 6687
date: Sat, 28 Jan 2023 18:52:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/uploads/2020/02/logo-divui-coupon.jpg
198.54.126.25200 OK 8.0 kB URL HTTP/2 saffronus.com/wp-content/uploads/2020/02/logo-divui-coupon.jpg
IP 198.54.126.25:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6, software=PhotoScape], baseline, precision 8, 308x90, components 3\012- data
Hash 816b57595b2bd2f930a708a1c123c2f0
32b925637cbead470022136971ab9dd584090716
04de9e166403dba67469397ed8948f45d6b78f32008f6d9999e945b915264d97
GET /wp-content/uploads/2020/02/logo-divui-coupon.jpg HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Cookie: tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:18 GMT
content-type: image/jpeg
last-modified: Thu, 27 Feb 2020 03:07:17 GMT
accept-ranges: bytes
content-length: 8012
date: Sat, 28 Jan 2023 18:52:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/uploads/2020/02/vntrip-logo-coupon.jpg
198.54.126.25200 OK 7.9 kB URL HTTP/2 saffronus.com/wp-content/uploads/2020/02/vntrip-logo-coupon.jpg
IP 198.54.126.25:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 300x90, components 3\012- data
Hash 2d2f2ee50c752e2de4d5b51765d958f2
5d72c5232c2bb31a56b838cf175a666306fc816d
b377646db2081e0487e27f5d90617d692a167ac540a9bad39572d16b8e504abe
GET /wp-content/uploads/2020/02/vntrip-logo-coupon.jpg HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Cookie: tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:18 GMT
content-type: image/jpeg
last-modified: Thu, 27 Feb 2020 03:06:14 GMT
accept-ranges: bytes
content-length: 7937
date: Sat, 28 Jan 2023 18:52:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/uploads/2020/02/dichungtaxi-logo-coupon.jpg
198.54.126.25200 OK 8.0 kB URL HTTP/2 saffronus.com/wp-content/uploads/2020/02/dichungtaxi-logo-coupon.jpg
IP 198.54.126.25:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, software=PhotoScape], baseline, precision 8, 300x90, components 3\012- data
Hash 4aa89f12fbbd1db072ab1196cca0e3a1
14d0996690cda9fd77c46a4bf65a11681efb3235
a9239564977c3de63a04dd60d1bb99dc4d6628e4ff4c61bdeb61788683824705
GET /wp-content/uploads/2020/02/dichungtaxi-logo-coupon.jpg HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Cookie: tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:18 GMT
content-type: image/jpeg
last-modified: Thu, 27 Feb 2020 03:09:55 GMT
accept-ranges: bytes
content-length: 8022
date: Sat, 28 Jan 2023 18:52:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
saffronus.com/wp-content/uploads/2020/03/traveloka-magiamgia-logo.jpg
198.54.126.25200 OK 7.2 kB URL HTTP/2 saffronus.com/wp-content/uploads/2020/03/traveloka-magiamgia-logo.jpg
IP 198.54.126.25:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 300x90, components 3\012- data
Hash 1b484832dd4efb6b073f57235fc558e4
f03f15103e022c3c4f639702aa2992c311bb37ba
7d599b3c78a1f62a005faafbfa9c87a0ba85aa54512c2504d547179a72889505
GET /wp-content/uploads/2020/03/traveloka-magiamgia-logo.jpg HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Cookie: tk_or=%22%22; tk_r3d=%22%22; tk_lr=%22%22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:52:18 GMT
content-type: image/jpeg
last-modified: Wed, 11 Mar 2020 07:17:16 GMT
accept-ranges: bytes
content-length: 7240
date: Sat, 28 Jan 2023 18:52:18 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4744
Expires: Sat, 28 Jan 2023 20:11:22 GMT
Date: Sat, 28 Jan 2023 18:52:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4744
Expires: Sat, 28 Jan 2023 20:11:22 GMT
Date: Sat, 28 Jan 2023 18:52:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c982569d070f24dba1259603091c22e3
0f93acb5bee53670cc4ef486922f7333d96a2f4e
9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4975
x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EBGuaoAMFbSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XRAeWdoEkbnzXKOs_EdgQ1r9BGOeDNh4FRXm-fv0KiCz4juqk8UKIw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:59:35 GMT
age: 75163
etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yEFlWGi3J14JLA0l2h02VlIqV8opHesKP6GOvfoP5Tp0m7dOYDxIGA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:59:32 GMT
age: 75166
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1WE1zQwrCGVy8HLT9_BFkAr6rQE_ROyttMOByR32KeT0w2Hd_ylvYQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:16:00 GMT
age: 74178
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 75332
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
age: 75341
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 18:36:06 GMT
age: 972
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fab886d35a27f1ea89e95d08408e131c
ca2e7c94fa954aa477f1756d61ac9f94349bdc55
102b20858c47034b67115fcee25eb9c702e5a10119a3ee38bb1a6f1fe7cb5947
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6414
Cache-Control: max-age=88683
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:52:19 GMT
Etag: "63d40d40-1d7"
Expires: Sun, 29 Jan 2023 19:30:22 GMT
Last-Modified: Fri, 27 Jan 2023 17:43:28 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/all.js
157.240.200.14200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/all.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1957)
Hash 7318bdd53be3259563f14b2f5d9b8d80
e7906f1deb8703d07558c340f4b74ef489803e36
213e20571117bbf30918894b80490eca837fdefa0a5a3e9d38d95ad870214a58
GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: ea5c85d503682ec9a2fcf3b8d3eb55ae
etag: "88c80f93644570b211db1ec48cd50c43"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 28 Jan 2023 19:12:15 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: cxi91TvjJZVj8UsvXZuNgA==
x-fb-debug: /+ENRN4H7XkikmFUTTn2ArEpQr4pVjZENVcREW6YBbB0hAOhoPuZJ/eSnm9N1m52/DQu97b/+pp/qwHmxfrvzw==
priority: u=3,i
content-length: 1687
x-fb-trip-id: 1679558926
date: Sat, 28 Jan 2023 18:52:19 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fab886d35a27f1ea89e95d08408e131c
ca2e7c94fa954aa477f1756d61ac9f94349bdc55
102b20858c47034b67115fcee25eb9c702e5a10119a3ee38bb1a6f1fe7cb5947
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6414
Cache-Control: max-age=88683
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:52:19 GMT
Etag: "63d40d40-1d7"
Expires: Sun, 29 Jan 2023 19:30:22 GMT
Last-Modified: Fri, 27 Jan 2023 17:43:28 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/all.js?hash=792f1c9c676661d10958c96f15baebe9
157.240.200.14200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/all.js?hash=792f1c9c676661d10958c96f15baebe9
IP 157.240.200.14:0
File type ASCII text, with very long lines (18605)
Hash 00ae4d9f002d71a9bf431ea2c4463430
3354c516d9a9199b87b838c9b95d1c27f6f59222
aab69bb4c0548596fe7b0815eaae21c2e9535ecdc19de7b3fadaef7f45cfc3e9
GET /en_US/all.js?hash=792f1c9c676661d10958c96f15baebe9 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://saffronus.com
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: d523489784d3c331bedb339c57da3905
etag: "2263498db0eb79135f9ff6650eab1bd7"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sun, 28 Jan 2024 17:21:20 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: AK5NnwAtcam/Qx6ixEY0MA==
x-fb-debug: moYak+Q3+cBUltMhaL0AeYVYQGaaY8TheCi8eeHwosF+X3zvelgKC1AMIDFQTtN+fFXldHsMynjjFkxEU3yupw==
priority: u=3,i
content-length: 88277
x-fb-trip-id: 1679558926
date: Sat, 28 Jan 2023 18:52:19 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 830 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (724)
Hash d63a02ce87c07ffcfa869fef7fc5f233
cae745fef84088abe3525bb77f75c55cd1d4cc2c
bf9d4d71541a0a1f31b10be351add847ee935da6de355756314c8ca96512444d
GET /rsrc.php/v3/yn/l/0,cross/-HGPTKcj37t.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 25 Jan 2024 20:29:21 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 1joCzofAf/z6hp/vf8XyMw==
x-fb-debug: g9O5pz92hRWJzVSojtGGSkznSKwJ4KH+ixMyubHnb5uU1/2G06QNv94mx+kWtIwIc1uVatnhF9kqbTRHqLwb/w==
content-length: 830
x-fb-trip-id: 1679558926
date: Sat, 28 Jan 2023 18:52:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/CkP_OEW420e.css?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 5.4 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yN/l/0,cross/CkP_OEW420e.css?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (4431)
Hash f427045673a5be09c2fd0dfff8b26b6c
44b1ffb67f66e8780094653079f4b23b6633a401
9247b311ee64286607ece3147e920dd3297343538cc9b2c030891b7b4a92fda3
GET /rsrc.php/v3/yN/l/0,cross/CkP_OEW420e.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 27 Jan 2024 18:02:55 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 9CcEVnOlvgnC/Q3/+LJrbA==
x-fb-debug: kwDS3GwHmjDKgD/G87lq0GLvKcPQtVNxIKiUq5OwJ42cCYc14OL/TJr76u4QmO8CjavTdNFZ34XCTH2vmYPO5g==
priority: u=2
content-length: 5350
x-fb-trip-id: 1679558926
date: Sat, 28 Jan 2023 18:52:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yJ/r/6A3gWPe90QC.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 1.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yJ/r/6A3gWPe90QC.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (1984)
Hash e02981a8f7b00c3f3c4be66a969aecbc
2f8040095d5f8d2cc3c78a96ed6cb9d7dc5c8f79
a12ea55726cdca7e197e6a0790bea3e5f90893b7fea59541340556566ccbf93d
GET /rsrc.php/v3/yJ/r/6A3gWPe90QC.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 25 Jan 2024 19:31:14 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 4CmBqPewDD88S+ZqlprsvA==
x-fb-debug: /4LwG+C4j6DzVnzWmdvwYtnjRKywZ+OiDQJ9rmYd8UJw0sDHcLvGC8RNrRojfJ+eu5U+TjGvRSdj7DrYSaBymw==
content-length: 1738
x-fb-trip-id: 1679558926
date: Sat, 28 Jan 2023 18:52:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yO/r/2ihP3NA43zp.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 85 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yO/r/2ihP3NA43zp.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (18622)
Hash 9290ac0bd9b4ab609f16d7e4285c267c
ee56180ad884dab1dbee0c4aa0fb3cb87c9fefe0
ce4e2c0fd3dd90d7e20ca4f70cf5488fc84a6b46f3953a4e7186fa0c82c1ea36
GET /rsrc.php/v3/yO/r/2ihP3NA43zp.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 25 Jan 2024 20:17:25 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: kpCsC9m0q2CfFtfkKFwmfA==
x-fb-debug: B/R5/US140wTiVAaEeaUuRkxwFIrUGygv5Ymk4zdi7DLG7UQvfFfPS7yyYlRvE/DHL6CyqprsL4DsugOmsiwlg==
content-length: 85074
x-fb-trip-id: 1679558926
date: Sat, 28 Jan 2023 18:52:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 12 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (5542)
Hash 1ad15afc034f310427c81b0759603a2b
e5efd1d029dccf5fa8128c84aadb6544a4ab60e0
fedf63f655f9eef24c517c3d6762fb07b142213ba623d4a0b06614fb5d9754bd
GET /rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 18 Jan 2024 23:12:27 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: GtFa/ANPMQQnyBsHWWA6Kw==
x-fb-debug: 4n3wHNRSMi6kreY6gUDKrwAejVV7s7IbnyP/3dxKJBFD3Wd8ovz0Zf1dm7NLI518n+gGZ1KROnr2B+7L6k6/pg==
priority: u=3,i
content-length: 12334
x-fb-trip-id: 1679558926
date: Sat, 28 Jan 2023 18:52:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yN/l/en_US/jF56mpSoBYl.js?_nc_x=Ij3Wp8lg5Kz
157.240.200.14200 OK 24 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yN/l/en_US/jF56mpSoBYl.js?_nc_x=Ij3Wp8lg5Kz
IP 157.240.200.14:0
File type ASCII text, with very long lines (42114)
Hash f8ca3ab8395af8fbd25391b445bb6670
12da1e04b1e26a8c7710ac93a66ab4fbbbc5026d
2f11cd57e135482fab0eb7606f056110bfd99d3a5afb47732cc4bab681fb54ed
GET /rsrc.php/v3iEpO4/yN/l/en_US/jF56mpSoBYl.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 25 Jan 2024 16:30:30 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
content-md5: +Mo6uDla+PvSU5G0RbtmcA==
x-fb-debug: TZ8qhvc8tnVla/QAZN8xseYFZBk86TB485RMcYKxIlcJNCh1fVcxGc1Ot2Tiw96nAYqhprzQd2FcO7058SBnsQ==
priority: u=3,i
content-length: 23510
x-fb-trip-id: 1679558926
date: Sat, 28 Jan 2023 18:52:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.facebook.com/plugins/page.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df10d499e4234bf2%26domain%3Dsaffronus.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsaffronus.com%252Ffab7720b7a536a%26relation%3Dparent.parent&container_width=374&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2FSaffronusOfficial%2F&locale=en_US&sdk=joey&show_facepile=false&show_posts=false&width=275
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/plugins/page.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df10d499e4234bf2%26domain%3Dsaffronus.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsaffronus.com%252Ffab7720b7a536a%26relation%3Dparent.parent&container_width=374&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2FSaffronusOfficial%2F&locale=en_US&sdk=joey&show_facepile=false&show_posts=false&width=275
IP 157.240.200.35:0
GET /plugins/page.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df10d499e4234bf2%26domain%3Dsaffronus.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsaffronus.com%252Ffab7720b7a536a%26relation%3Dparent.parent&container_width=374&hide_cover=false&href=https%3A%2F%2Fwww.facebook.com%2FSaffronusOfficial%2F&locale=en_US&sdk=joey&show_facepile=false&show_posts=false&width=275 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: J8yWjvqBRqXBUYm9sqthRaSByYmoiMVdH1mez3ZprsbUwS8FxPKeA9Gg8Ldd/vvASQBy7fPzrtKJxGfEFss4HA==
date: Sat, 28 Jan 2023 18:52:19 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Rubik:normal&subset=latin&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Rubik:normal&subset=latin&display=swap
IP 142.250.74.106:0
GET /css?family=Rubik:normal&subset=latin&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 18:52:17 GMT
date: Sat, 28 Jan 2023 18:52:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
saffronus.com/
198.54.126.25200 OK 0 B IP 198.54.126.25:0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: saffronus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/8.1.13
content-type: text/html; charset=UTF-8
link: <https://saffronus.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/aV4DL>; rel=shortlink
etag: "18211-1674913010;br"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 18:52:17 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
stats.wp.com/s-202304.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /s-202304.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://saffronus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 18:52:17 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"62f6b688-2494"
content-encoding: br
expires: Mon, 22 Jan 2024 15:38:27 GMT
cache-control: max-age=31536000
x-nc: HIT arn
X-Firefox-Spdy: h2