ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
172.67.73.58301 Moved Permanently 0 B URL HTTP/1.1 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
IP 172.67.73.58:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Huntington Bank
NIDS Severity Alert suricata medium ET PHISHING Possible Compromised Wordpress - Generic Phishing Landing 2018-01-22
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3 HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2023 18:34:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 05 Feb 2023 19:34:54 GMT
Location: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifUR30cET71MTjM0TGQ4a6xmC9k0ik1%2Fsx3OlN4J8aeqNeGFWf6T5KQu8dhzFuXKiZwXU4CAZ7WP%2ByZ%2FqEBB3Cw6Xwvg4Tc%2Fey%2B634OvFG%2FQIL%2BR%2Fab%2F1QUriPINh11I"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794dbe29cb11b4f7-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3108
Expires: Sun, 05 Feb 2023 19:26:42 GMT
Date: Sun, 05 Feb 2023 18:34:54 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6605
Expires: Sun, 05 Feb 2023 20:24:59 GMT
Date: Sun, 05 Feb 2023 18:34:54 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 17:36:21 GMT
content-type: application/json
age: 3513
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14197
Expires: Sun, 05 Feb 2023 22:31:31 GMT
Date: Sun, 05 Feb 2023 18:34:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: M6j7E36Xc8O+pabSKZgliLD3fVqfxtbK/IT+XOI4tTWF+SZ9ws4oANStQzE67chTLUzpUv5sp2w=
x-amz-request-id: NN53YZX9WNXWW4Q6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 17:53:22 GMT
age: 2492
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 18:34:54 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/aJ5_o_MKP7Y
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/aJ5_o_MKP7Y
IP 142.250.74.131:0
Hash 61dc6feb03e0a1965014c14f52993fa4
11f92c73d015e9ab2d30767e3777b410cf8b7e69
1e6581665c7ed22ea5d23b4cec237c2844bc2b116086bab49c414c9911ec0ce1
POST /s/gts1p5/aJ5_o_MKP7Y HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:54 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 18:07:20 GMT
age: 1655
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3628
Expires: Sun, 05 Feb 2023 19:35:23 GMT
Date: Sun, 05 Feb 2023 18:34:55 GMT
Connection: keep-alive
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/6d6e5a4b50313176614c77414143627a.gif
172.67.73.58200 OK 43 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/6d6e5a4b50313176614c77414143627a.gif
IP 172.67.73.58:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fc94fb0c3ed8a8f909dbc7630a0987ff
56d45f8a17f5078a20af9962c992ca4678450765
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/6d6e5a4b50313176614c77414143627a.gif HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: image/gif
content-length: 43
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "63df4aac-2b"
expires: Tue, 07 Mar 2023 07:47:54 GMT
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 20681
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b72Spqz0mLYDhLMxV8KQA6DPl0JEaLcTzoprifOJg%2BS5MrQPtPLkjBogj4LujFICCj0TIkaboiY4arT3cTXOmOjAoG5K%2BaNEOdvq82acy8pHOoA85DvLu%2FD7FhDDgm%2F0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dbe3008a6b4fd-OSL
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/event.gif
172.67.73.58200 OK 42 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/event.gif
IP 172.67.73.58:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/event.gif HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: image/gif
content-length: 42
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "63df4aac-2a"
expires: Tue, 07 Mar 2023 07:47:56 GMT
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 20682
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fzWt1IU%2BKkuclSykDIP1wBLuroAegk8H%2F5EEo9LZUvhhlk8hXGZ86uA56%2BHvE8TnHBL%2BuDgmqjL2VR48g0fggSY5BIQJJzmpKNsEQij5g3BylYiAZIjIAkRnMShxq9f9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dbe3018adb4fd-OSL
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/u.gif
172.67.73.58200 OK 42 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/u.gif
IP 172.67.73.58:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/u.gif HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: image/gif
content-length: 42
cache-control: max-age=2592000
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "63df4aac-2a"
expires: Tue, 07 Mar 2023 07:47:56 GMT
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 20681
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R3h1hPuOi%2BGC5c5KmDESN2OUNCdwOssrDxdAryCJxur0mkIYot2TB0IWP9QrhC5RJxsPoDHa3QTQDrkaAznga1jetjPmlUTB8iYVHaAYTqeOnxvpdp8Jtnq1FlO4oJpU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dbe3008acb4fd-OSL
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/vm-login-form-ad.js
172.67.73.58200 OK 2.9 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/vm-login-form-ad.js
IP 172.67.73.58:0
Hash 852d257378d666a49a3e7e8a570121a2
e6f58eae04b5bc5da3cac61801de048670d4ada4
03c998243399cdc64790c1e436d9aa57a807020505411d486fb009663973e853
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/vm-login-form-ad.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-2247"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20681
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pzl4Uxvlv3sT0AMyxvXqG1X0c3rUwiioDf7kZeHx2A%2FlB6Uav8mKHIRbGQpMLPtqbe8L1apJT6okrJrwpab6pJawJAW1YYINYdxkzQUqtlG32dvu9mN2TzGPhLC7OknY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe30089cb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js
172.67.73.58200 OK 41 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js
IP 172.67.73.58:0
File type ASCII text, with very long lines (32748)
Hash f2e5710f6736f1e02cee3694803c8ec5
fd3bcc0dc024ff52e6d2a068e35443a62823a361
06b7602992186bb98ee1bef558a55d96e2507db5799981ba327295f6c5dec86c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/satelliteLib-531bc4f46256650a84099973f0ed331f809ea5f4.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-1f820"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20682
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWCiMNOE1fJjSpVqzNgZRqQu32gKad8qkXhtU46RzS%2Fcg10HkvTEJ59TpfTm07nN1qg4u7YjfTCvJVQydzowpPYgtYMpzpT9d484mW%2BRV8SCiqwHjSjanzZoTzKSZAWy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe30088cb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.35.120.215101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.35.120.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5apTOMOCe6w7JbuZnx+Afw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qFtZLmaHOFy0TFrc4W/o19voKCo=
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-aws.js
172.67.73.58200 OK 28 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-aws.js
IP 172.67.73.58:0
File type ASCII text, with very long lines (2546), with no line terminators
Hash 4dae6c511b6d3b42195d235f189acfaa
314316775e6dc21e0e1456e2be39bf2cf0bb9d91
da546efae66a9a60f92903ca507b10f59883e1b48801bc60bf6b74762bf5f21a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-aws.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-9f2"
expires: Sun, 05 Feb 2023 19:47:54 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20681
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NyYHj8ds48%2FljY2eXQ%2FJ7xRaD5F0iymtJIY%2FY%2FfQhsfL8KfS9gj67V4LGXpxpIDW%2FsN3XU%2FIym36HZL3W%2BkQo9GvezPA2Y5srfy4ML4IplZ6s1An1Q9HNTbay9c6msWo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe300886b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bbcaa4373be095c40b07b7d54e50e2c0
e3ac29f367d797d41f61d6db73a12d6b6e5782ba
5e102e27cfd183592b160e62e77aeb92769b4793d8e4cf2f868b03c1285f9a08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6278
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:55 GMT
Last-Modified: Sun, 05 Feb 2023 16:50:17 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
comcastcom.d1.sc.omtrdc.net/id?d_visid_ver=2.5.0&d_fieldgroup=A&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&mid=56396671916110302760621101777145457698&ts=1675622137029
15.236.117.205200 OK 2 B URL HTTP/2 comcastcom.d1.sc.omtrdc.net/id?d_visid_ver=2.5.0&d_fieldgroup=A&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&mid=56396671916110302760621101777145457698&ts=1675622137029
IP 15.236.117.205:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=2.5.0&d_fieldgroup=A&mcorgid=DA11332E5321D0550A490D45%40AdobeOrg&mid=56396671916110302760621101777145457698&ts=1675622137029 HTTP/1.1
Host: comcastcom.d1.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://ntutdc1995.com
access-control-allow-credentials: true
date: Sun, 05 Feb 2023 18:34:55 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
172.67.73.58200 OK 7.4 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
IP 172.67.73.58:0
File type HTML document, ASCII text, with very long lines (7387), with no line terminators
Hash 89cf9988d16c15d5919e2efdeb341003
6554b529e37e27af64a11b0d3507073ca05fb822
0f108c7122c218a486594e6ddd029c00844979992aa9d7b00ea9d3816a3e5be5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/octet-stream
content-length: 7387
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: "63df4aac-1cdb"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2Fs9vxyFTAdjbORHe4hpaa8Xqm1LLuRDBPkx3J7bZBEm4dWVureDbtIoysw%2Bq49o9SYiZD7qWS0%2BruwJsMEK5tmej%2FhCGPg0mzFK5%2BxOwrvp8T1HDmDhCKXgVjumRJIC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe3008a3b4fd-OSL
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/styles-light.css
172.67.73.58200 OK 14 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/styles-light.css
IP 172.67.73.58:0
File type ASCII text, with very long lines (45103), with no line terminators
Hash 796a2855d7f5525df356630080b33152
4289d96975e48bbc0c7b3f35f4b9504add1b54a6
809b8c83a22c98a405cd781a70676d3467a3bffb6ed87a9f7dcdcac8f8f6b374
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/styles-light.css HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: text/css
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-b02f"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20681
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nkEIafCtsVj2OE%2B12P%2FBeeyeLUFJiHgH%2FmauTz0D5BNQOG5PK8mCfglz5uSVGHkahrnSwAm0%2FJCCu3SYAI%2Fw%2F2WwLnANUcjIagbu5RqadQuhwfolxB4Z5lWGhgnTILUY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe300893b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
z.moatads.com/comcastapn56341864860/moatad.js
2.18.173.140200 OK 0 B URL HTTP/2 z.moatads.com/comcastapn56341864860/moatad.js
IP 2.18.173.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /comcastapn56341864860/moatad.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iNOl1G7caF+4F0KjCYi8LROSIJDzen5qwVKxO9qb70np0Ib7E8xnZvs9UYc5c1RxmbTyX0e7zg8=
x-amz-request-id: 011D4RFHBA3563FE
last-modified: Mon, 11 May 2020 15:59:42 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
accept-ranges: bytes
content-type: application/x-javascript
server: AmazonS3
content-length: 0
cache-control: max-age=5183
date: Sun, 05 Feb 2023 18:34:56 GMT
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/lodash-slim.js
172.67.73.58200 OK 8.6 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/lodash-slim.js
IP 172.67.73.58:0
File type ASCII text, with very long lines (1486)
Hash 7500e174ee86c526b687e407172e71f5
15db7462a94dd5f32b3b8f57c4841855681024d2
fda8e0a68d30237bf1debb77ae37a8d953ac19f4042212b96023d6f4a927bc6f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/lodash-slim.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-5b32"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20682
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mYFw6jxyqmTn3x%2FsnxbJ9IlU%2BvrQy7X067B8Vkn4fJJbCSDMQNVDHaJWoWEebQae6%2FJsXNj%2BPIFxJPwM03qyDyc98LtNg3g9ndcvPcHdG9EnF0XrhYDFRgvlkLElWtbT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe2ff884b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17422
Expires: Sun, 05 Feb 2023 23:25:18 GMT
Date: Sun, 05 Feb 2023 18:34:56 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17422
Expires: Sun, 05 Feb 2023 23:25:18 GMT
Date: Sun, 05 Feb 2023 18:34:56 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17422
Expires: Sun, 05 Feb 2023 23:25:18 GMT
Date: Sun, 05 Feb 2023 18:34:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:30:31 GMT
age: 25465
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 53517
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0
68.67.160.24200 OK 2.9 kB URL HTTP/1.1 ib.adnxs.com/bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0
IP 68.67.160.24:0
File type HTML document, ASCII text, with very long lines (7400), with no line terminators
Hash ccd25be2a2c0d9f90c9e3f3358a0e587
38844d2f0da9a5d0095081166a037134faeaae97
79b44357dcea76a5864a188aa9296e4f00cc4a41cb5b9106e7021881f9470cb7
GET /bounce?%2Fttj%3Fid%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%2C300x250%26psa%3D0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntutdc1995.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 18:34:56 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 5c3136b9-2062-43a6-acc3-88e5b4657d79
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:05:45 GMT
age: 73751
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:51:26 GMT
age: 74610
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3e7140400336984afc6093c1246f863
59e0b21cdf4cfdac3f1ea05badd007727939ac42
4d927e74922159db5d07b9947fa1021cff74bb7b55759960cb3941d05c1e8f11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9579
x-amzn-requestid: c474008d-a6a9-409b-88e2-c55062044575
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzQtnFGhoAMF5Zw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddfb23-54dd67257ba25ad24e977a9c;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 06:28:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0Of3BK3VqVMGQGDIODQthVmi7BC8Ney4zgGCpVuzYc1j6D8RRP-AxA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 14:15:34 GMT
age: 15562
etag: "59e0b21cdf4cfdac3f1ea05badd007727939ac42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:24:01 GMT
age: 25855
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ib.adnxs.com/ttj?ttjb=1&bdc=1675622096&bdh=U3D7ZTyS3m2PVz-RNh5Cu32PEPs.&&bdref=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&bdtop=true&bdifs=0&bstk=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&&id=15000574&size=1400x800&promo_sizes=300x600%2C300x250&psa=0
68.67.160.24307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/ttj?ttjb=1&bdc=1675622096&bdh=U3D7ZTyS3m2PVz-RNh5Cu32PEPs.&&bdref=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&bdtop=true&bdifs=0&bstk=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&&id=15000574&size=1400x800&promo_sizes=300x600%2C300x250&psa=0
IP 68.67.160.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ttj?ttjb=1&bdc=1675622096&bdh=U3D7ZTyS3m2PVz-RNh5Cu32PEPs.&&bdref=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&bdtop=true&bdifs=0&bstk=https%3A%2F%2Fntutdc1995.com%2Fwp-content%2Fplugins%2Fadvanced-floating-content%2Flanguages%2Fee9952ed3d1841fa40f6b84d3b80a5b2%2Fmail%2Fspectrum%2Flogin.html%3Fcmd%3Dlogin_submit%26id%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26session%3D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&&id=15000574&size=1400x800&promo_sizes=300x600%2C300x250&psa=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 18:34:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675622096%26bdh%3DU3D7ZTyS3m2PVz-RNh5Cu32PEPs.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0
AN-X-Request-Uuid: da18a219-beeb-438d-bb8c-4249dfa8c7fd
Set-Cookie: uuid2=7376444279625746583; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2023 18:34:56 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675622096%26bdh%3DU3D7ZTyS3m2PVz-RNh5Cu32PEPs.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0
68.67.160.24200 OK 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675622096%26bdh%3DU3D7ZTyS3m2PVz-RNh5Cu32PEPs.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0
IP 68.67.160.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1675622096%26bdh%3DU3D7ZTyS3m2PVz-RNh5Cu32PEPs.%26%26bdref%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26bdtop%3Dtrue%26bdifs%3D0%26bstk%3Dhttps%253A%252F%252Fntutdc1995.com%252Fwp-content%252Fplugins%252Fadvanced-floating-content%252Flanguages%252Fee9952ed3d1841fa40f6b84d3b80a5b2%252Fmail%252Fspectrum%252Flogin.html%253Fcmd%253Dlogin_submit%2526id%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%2526session%253D2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3%26%26id%3D15000574%26size%3D1400x800%26promo_sizes%3D300x600%252C300x250%26psa%3D0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntutdc1995.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 05 Feb 2023 18:34:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 1a30ef8e-43f0-462b-b573-b84b2481bbf1
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 8942dac2c3b84167c8c1c36c8c5dbc24
3202c79b026ed05cd1568065cfba03cffe066637
998bc79f4dc7577f16aa29eea707a9f74380352848fae678f2f9e1a5a5ea42c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3812
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:58 GMT
Last-Modified: Sun, 05 Feb 2023 17:31:26 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 8942dac2c3b84167c8c1c36c8c5dbc24
3202c79b026ed05cd1568065cfba03cffe066637
998bc79f4dc7577f16aa29eea707a9f74380352848fae678f2f9e1a5a5ea42c5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3812
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:58 GMT
Last-Modified: Sun, 05 Feb 2023 17:31:26 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 312
rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=13227837163&varName=crtg_content
178.250.0.166204 No Content 0 B URL HTTP/2 rtax.criteo.com/delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=13227837163&varName=crtg_content
IP 178.250.0.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /delivery/rta/rta.js?netId=2528&cookieName=crtg_comcast&rnd=13227837163&varName=crtg_content HTTP/1.1
Host: rtax.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sun, 05 Feb 2023 18:34:58 GMT
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
172.67.73.58200 OK 7.4 kB URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj
IP 172.67.73.58:0
File type HTML document, ASCII text, with very long lines (7387), with no line terminators
Hash 89cf9988d16c15d5919e2efdeb341003
6554b529e37e27af64a11b0d3507073ca05fb822
0f108c7122c218a486594e6ddd029c00844979992aa9d7b00ea9d3816a3e5be5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/ttj HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Cookie: AMCV_DA11332E5321D0550A490D45%40AdobeOrg=1406116232%7CMCIDTS%7C19394%7CMCMID%7C56396671916110302760621101777145457698%7CMCAAMLH-1676226937%7C6%7CMCAAMB-1676226937%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675629337s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.5.0; AMCVS_DA11332E5321D0550A490D45%40AdobeOrg=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:58 GMT
content-type: application/octet-stream
content-length: 7387
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: "63df4aac-1cdb"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ovrLQzybsGpQiej5WAmX%2ByOexEBPDj0PaANlNQwMOyRQCjbv%2BVlNFlUTQ6ZKyfWq3hkyAfH5%2BQ3b2f%2F6L6PH9%2BLIdSywSR3Hppbwf0wY9IKZBTGW5EjmrNfF9dc6cPti"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe39b815b4fd-OSL
X-Firefox-Spdy: h2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
104.110.1.60200 OK 27 kB URL HTTP/2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
IP 104.110.1.60:0
File type Web Open Font Format (Version 2), TrueType, length 27420, version 0.0\012- data
Hash f05d3ebe80809d82ab14d62a79da544e
bf08410286fbadd57335dc63dbdd8169cd4e6d1e
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a
GET /fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 HTTP/1.1
Host: sdx.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 27420
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
etag: "f05d3ebe80809d82ab14d62a79da544e"
x-amz-version-id: wnCwOacXycelzt78IMkr55wWB9WkMd2W
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _vpkqBlLETw4T6oH2cSnkktI4BxeLxas20IZvW788el8Nomx3bJ5ug==
cache-control: max-age=845612
date: Sun, 05 Feb 2023 18:34:58 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
104.110.1.60200 OK 27 kB URL HTTP/2 sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
IP 104.110.1.60:0
File type Web Open Font Format (Version 2), TrueType, length 27152, version 0.0\012- data
Hash 13709eac065721ba8cd0e2d1b6fa8026
2fa86f3c0fbc94711d6c0ed32e3e03add756ba18
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228
GET /fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2 HTTP/1.1
Host: sdx.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
content-length: 27152
last-modified: Fri, 24 Jan 2020 21:23:01 GMT
etag: "13709eac065721ba8cd0e2d1b6fa8026"
x-amz-version-id: 6t4RA2DS89tdf_2IK5vrc9JAOKCy9A40
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IzOfbbv8gz8w_604kyRw0cTtS-ry2VNjzzr5bNN0H7WL2BOGYFlCng==
cache-control: max-age=1624852
date: Sun, 05 Feb 2023 18:34:58 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js
23.38.200.237200 OK 34 kB URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (557)
Hash 953eadbd32b8680b37511cc683781aff
8ea7a5fb3bd5f727f3ec3366bc1d91b3a104043b
14dd417150683ce056827225bbf94a0f26e95a820b604f815021be49eb8c707b
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/s-code-contents-4a9ebf08bffa74f717ff121b2c55a295112122b4.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "7c44e613d67e21f6a1c3afd5985988da:1581368005.559228"
last-modified: Mon, 10 Feb 2020 20:53:25 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 19:34:58 GMT
date: Sun, 05 Feb 2023 18:34:58 GMT
content-length: 34525
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fc62264746d0ba500dd83.js
23.38.200.237200 OK 134 B URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fc62264746d0ba500dd83.js
IP 23.38.200.237:0
Hash 26720501c4260c7cc5833d9e06f0af87
26ce9fe2fa65dcd91b1ff050a238892a70eaad6c
e23487c8456f551b44229fd881dd8c524922e7c4c68682028c245bf706820e62
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fc62264746d0ba500dd83.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "16dfb4bd56a82d8f8018ab2fa164856c:1581368006.307249"
last-modified: Mon, 10 Feb 2020 20:53:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 134
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 19:34:58 GMT
date: Sun, 05 Feb 2023 18:34:58 GMT
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa36064746d7e580013b4.js
23.38.200.237200 OK 187 B URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa36064746d7e580013b4.js
IP 23.38.200.237:0
Hash 100e6bd0333d51a01c9e2bf4130cd5c9
b03e6b94b4c163de582e217f6e148f3b12df8f1f
481a6bc427ce8b7601db07e2387f5265db27e59a9a54abcb88f0e2497387912a
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa36064746d7e580013b4.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "b5834499509b419a0926487143b3976d:1581368006.388159"
last-modified: Mon, 10 Feb 2020 20:53:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 187
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 19:34:58 GMT
date: Sun, 05 Feb 2023 18:34:58 GMT
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-5971021b64746d663b00202b.js
23.38.200.237200 OK 15 kB URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-5971021b64746d663b00202b.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (563)
Hash 4da5a7f7e67cf8d72d1238efbd4dac31
e8bf676f06b42529aa475c3d292acfa0f5b4a6b7
2c68577dc9e4226daf46cbcf1650a0e91a1841c67ecf5e4ecea749cbea7ed973
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-5971021b64746d663b00202b.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "dbef438e3fcd49bdc0ee4d74b97df080:1581368005.888342"
last-modified: Mon, 10 Feb 2020 20:53:25 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 19:34:58 GMT
date: Sun, 05 Feb 2023 18:34:58 GMT
content-length: 14684
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa34764746d6ae001a760.js
23.38.200.237200 OK 681 B URL HTTP/2 assets.adobedtm.com/43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa34764746d6ae001a760.js
IP 23.38.200.237:0
Hash 238e9ac366afc5ccb8ab193af21a3bdd
ccbe4cf829625b32aa2ecb714bc68c05c53de703
2f27f96e790c01c88b87af6a72d3d635b9bfc630d13bd43bd46a8be4ac5fac9f
GET /43896e740dcedef854392e0be6ea80deb8eb2ba5/scripts/satellite-596fa34764746d6ae001a760.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "1cf26e862d696e4a210b77e9f506e652:1581368006.039768"
last-modified: Mon, 10 Feb 2020 20:53:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 05 Feb 2023 19:34:58 GMT
date: Sun, 05 Feb 2023 18:34:58 GMT
content-length: 681
access-control-allow-origin: https://ntutdc1995.com
timing-allow-origin: *
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=1&ts=1675622139940
34.241.134.251200 OK 215 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=1&ts=1675622139940
IP 34.241.134.251:0
File type JSON data\012- , ASCII text, with no line terminators
Hash fc6ce26133d349f868adcb00446a595b
4d7379390e0cee626edd1a79b12dd3149221378d
6ea80aaf08782e990cebca97f2e69989accf9bb2abe3f0517f8c6cfae4949a1f
GET /id?d_visid_ver=2.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=723C39F756ABCD0B7F000101%40AdobeOrg&d_nsid=1&ts=1675622139940 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ntutdc1995.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f3ed56cf.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=41975490943868116770516732858717658654; Max-Age=15552000; Expires=Fri, 04 Aug 2023 18:34:58 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: LI2AWIanQc4=
Content-Length: 215
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash b23324d6f4d0e667817fe82657ea263e
d82916373ee96db4ec3f53ce1c45be33335eb5d2
591a0efe0ebb8eeda4679ee09e9bfe90d09af104f101724781bac817a2902cae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2324
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:58 GMT
Last-Modified: Sun, 05 Feb 2023 17:56:14 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:58 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=m_lXVF80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3ozdVlxS1I5c09PelNvN0d2UlJ4dWJ5UVFIYjl2M1FSVXZEYkdhbjR2Q0U; expires=Fri, 01 Mar 2024 18:34:58 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 314972
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 77c548ed6dbee7a04321102c3d93db5c
3f4a20119d052c6c8e5f4224a2948ffd559f96b3
5d553cadff959602e40d007c876a01e0dd4540640c64bbb2679300d43326c603
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2226
Cache-Control: max-age=124039
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:58 GMT
Etag: "63df2fa7-139"
Expires: Tue, 07 Feb 2023 05:02:17 GMT
Last-Modified: Sun, 05 Feb 2023 04:25:11 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 77c548ed6dbee7a04321102c3d93db5c
3f4a20119d052c6c8e5f4224a2948ffd559f96b3
5d553cadff959602e40d007c876a01e0dd4540640c64bbb2679300d43326c603
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2216
Cache-Control: max-age=124029
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:58 GMT
Etag: "63df2fa7-139"
Expires: Tue, 07 Feb 2023 05:02:07 GMT
Last-Modified: Sun, 05 Feb 2023 04:25:11 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
login.xfinity.com/static/images/favicon/android-icon-192x192.png
23.36.79.11200 OK 2.6 kB URL HTTP/2 login.xfinity.com/static/images/favicon/android-icon-192x192.png
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type PNG image data, 192 x 192, 8-bit grayscale, non-interlaced\012- data
Hash 4d5a72cfafe8a0e67a3a4e3684ae379f
2140780ff72470e5a9d63fdf950d7b816ce804be
b8bbda2990b5611317f747bf13de3a78e1de77fd7d864a27d845194988490375
GET /static/images/favicon/android-icon-192x192.png HTTP/1.1
Host: login.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Tue, 11 Jan 2022 16:05:32 GMT
accept-ranges: bytes
content-length: 2569
content-type: image/png
cache-control: max-age=789
expires: Sun, 05 Feb 2023 18:48:07 GMT
date: Sun, 05 Feb 2023 18:34:58 GMT
X-Firefox-Spdy: h2
login.xfinity.com/static/images/favicon/favicon-16x16.png
23.36.79.11200 OK 184 B URL HTTP/2 login.xfinity.com/static/images/favicon/favicon-16x16.png
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
File type PNG image data, 16 x 16, 8-bit grayscale, non-interlaced\012- data
Hash db142cad60d6acbf015835843f35071f
56261a4d35ff1ad9c210376f025f8762e608494f
1a819ccf88edbedbdce80f8f48844260c685edf389ba39ba92e42c7291522801
GET /static/images/favicon/favicon-16x16.png HTTP/1.1
Host: login.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Tue, 11 Jan 2022 16:05:32 GMT
accept-ranges: bytes
content-length: 184
content-type: image/png
cache-control: max-age=1400
expires: Sun, 05 Feb 2023 18:58:18 GMT
date: Sun, 05 Feb 2023 18:34:58 GMT
X-Firefox-Spdy: h2
comcastathena.demdex.net/event?_ts=1675622139968
34.250.33.236200 OK 118 B URL HTTP/1.1 comcastathena.demdex.net/event?_ts=1675622139968
IP 34.250.33.236:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 42106b0cc43d5874710403bfb1f0de06
5e3b6e399bffcd47af55dfb6b58c1781bfa86b19
4025b0ae94899126af1f93d9b9790cf18987bae2e9cb58c0faed101c23c53204
POST /event?_ts=1675622139968 HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 637
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ntutdc1995.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-048420acf.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=41975490943868116770516732858717658654; Max-Age=15552000; Expires=Fri, 04 Aug 2023 18:34:58 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: +EME+RHbRoc=
Content-Length: 118
Connection: keep-alive
ag.gbc.criteo.com/newidsd
185.235.84.7200 OK 4.2 kB URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.7:0
Hash 20f982806287e5fe1420fe8948d3ef19
83f68a0ae6fe72a1b1cd9c17e9ab86e6a178a849
1bfc06062ed522a1c38b6ac45a304b6836384e2fdb2212db5b8e033d55eead16
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:58 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 120616
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
comcastathena.demdex.net/dest5.html?d_nsid=1
34.250.33.236200 OK 2.8 kB URL HTTP/1.1 comcastathena.demdex.net/dest5.html?d_nsid=1
IP 34.250.33.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=1 HTTP/1.1
Host: comcastathena.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sun, 5 Feb 2023 18:34:58 GMT
DCS: dcs-prod-irl1-1-v045-0333db6ef.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:07:23 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: HnOkVFKTTmc=
Content-Length: 2791
Connection: keep-alive
gum.criteo.com/syncframe?origin=rtus&topUrl=ntutdc1995.com
178.250.0.157200 OK 5.2 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=ntutdc1995.com
IP 178.250.0.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash 17bbd2d720c8f213a322548481f9965c
1bb7e9c26f7486888cde66c8e2caa62807c156b7
9802907f91f77c7b92a526ae67c6d95b13e11adb11fabb868729c0d34e31ab9e
GET /syncframe?origin=rtus&topUrl=ntutdc1995.com HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:57 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=846b10be-f582-404b-874b-7659d7c5e3a6; expires=Fri, 01 Mar 2024 18:34:58 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 648834
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/1023869955/?label=cYj3CPPGqqsBEIOInOgD&guid=ON&script=0
142.250.74.98302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1023869955/?label=cYj3CPPGqqsBEIOInOgD&guid=ON&script=0
IP 142.250.74.98:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1023869955/?label=cYj3CPPGqqsBEIOInOgD&guid=ON&script=0 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://comcast.demdex.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 18:34:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=1031993833
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 05-Feb-2023 18:49:58 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a78b06ca527ce7542b24b349e0485d8b
6f5e5126c1c9d40c9ba09d58e1755d2ca39d02ab
bc7dc156ab8b2b33422fff0922e219246eb1d12469d10ac8007416fed41ac473
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=1031993833
216.58.211.4302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=1031993833
IP 216.58.211.4:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=1031993833 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://comcast.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 18:34:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=1031993833&ipr=y
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c7d887fc3e3b7a68b7872c76802085c0
eb26f820776e7d87a00489eb14f918e5f6945835
915e873e95d8f0276f4763e5596b03cac487f6f8a36c65577c6622fc8560d929
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=1031993833&ipr=y
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=1031993833&ipr=y
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1023869955/?label=cYj3CPPGqqsBEIOInOgD&is_vtc=1&random=1031993833&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://comcast.demdex.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 05 Feb 2023 18:34:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8077210062c315b98902cb06c74d485b
808e94ac31f1b45185103ce25c1bc2afd056b17a
78871f45de0c58bffa6a86b50f6bd0db61932bf6a2b7d8191dba0f0eaab628b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dl.cws.xfinity.com/event/
184.86.58.27200 OK 0 B URL HTTP/2 dl.cws.xfinity.com/event/
IP 184.86.58.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event/ HTTP/1.1
Host: dl.cws.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type
Referer: https://ntutdc1995.com/
Origin: https://ntutdc1995.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 0
x-amzn-requestid: 2c5105ea-773d-4ff5-af76-5799ba2d6212
access-control-allow-origin: *
access-control-allow-headers: Content-Type
x-amz-apigw-id: f4OBBEhTIAMF8Fg=
access-control-allow-methods: HEAD,OPTIONS,PUT
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: a09TSusj2WTTBJF5TTd9sE8QOka6b2LCMoVTvwhvG0oOfqgVECgk-Q==
date: Sun, 05 Feb 2023 18:34:59 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash f26d5481a18bcf64b0421f80f30c35ab
4962f67774adcba3a20cf9c4d26d4d45bcb0d2ea
d02eda5fdcd7f8918c3753054923061885b07155764140d32349b55acd998f94
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3074
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 18:34:59 GMT
Last-Modified: Sun, 05 Feb 2023 17:43:45 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 314
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.30.Events.StartInit~1&entry=c~Idfs.Rtus.30.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.30.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.30.Headers.Bundle~1&entry=c~Idfs.Rtus.30.Events.InitiateFetch~1
178.250.0.162200 OK 43 B URL HTTP/2 csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.30.Events.StartInit~1&entry=c~Idfs.Rtus.30.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.30.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.30.Headers.Bundle~1&entry=c~Idfs.Rtus.30.Events.InitiateFetch~1
IP 178.250.0.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.30.Events.StartInit~1&entry=c~Idfs.Rtus.30.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.30.Origin.FromSyncframeBundle~1&entry=c~Idfs.Rtus.30.Headers.Bundle~1&entry=c~Idfs.Rtus.30.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:58 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
dl.cws.xfinity.com/event/
184.86.58.27200 OK 110 B URL HTTP/2 dl.cws.xfinity.com/event/
IP 184.86.58.27:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 89a7098326fec35627765d2b2bc193b5
df8ea6ab58feb0a137ab91bb4c4e37009b433d00
056ee4385f521db176af598d95e0f81643c8493e77a0b0f73fc7b6f3e3875632
PUT /event/ HTTP/1.1
Host: dl.cws.xfinity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 3895
Origin: https://ntutdc1995.com
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 110
x-amzn-requestid: 5368577d-c07d-46ec-bb38-269c3e4f7786
x-amz-apigw-id: f4OBEHb9IAMFivg=
x-amzn-trace-id: Root=1-63dff6d3-1cad7fca389c0a7464f7585f
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: LnHYMZ0qjMs1AUhYjC91QMbvS_hNCLRMBEfGOYb12evmu_oQcGYgZw==
date: Sun, 05 Feb 2023 18:34:59 GMT
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST,PUT,HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-DTM.js
172.67.73.58200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-DTM.js
IP 172.67.73.58:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking-DTM.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-658"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20680
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8UTJ2KzDNn%2BtuYJdyr8eOcewHIxl1vWb2NGFT7l3BNcrIfcWqq7mLHFGczqJ51YJt3%2FPqN8fD9HBAlvlfvS6lx7TfYDMmW1zw3YjnIkX%2F0e2JTFVjvyXjw5z16xO4cv1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe300889b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
IP 178.250.0.157:0
GET /sync?c=30&r=2&j=cr_handle_data_a HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ntutdc1995.com/
x-crto-bundle: EErTxF9NY2JpN24lMkZqcDhBTjFid1EyNkRaNWgzdlFJT1BLVlhtZzluRkJWcW1ZVk4xRzBQbGdVd0o5N0NyMXJxamElMkZZTWZiaGV5ZUElMkJWbzgwWU5xdGxXd0RXU1RQYjNZMjE2Y09xZWtFT3BYTnJ3QWNiZ3dnNEhWUGV2OXlKWHU5JTJGN0FNM3hnWHAlMkZRT2VmQlpGdzgwb0NyNmJ3JTNEJTNE
Origin: https://ntutdc1995.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:58 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://ntutdc1995.com
server-processing-duration-in-ticks: 21459741
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/scripts-responsive.js
172.67.73.58200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/scripts-responsive.js
IP 172.67.73.58:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/scripts-responsive.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-1c87"
expires: Sun, 05 Feb 2023 19:47:56 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20682
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eyZ3ZBqDTy7AuFileVTkrfAGQ%2BtSmeDd8xoxGEdAt94ZkjXaIPX5SQmS%2FIaSiOiNN5AlaJR3cQWG1e1qqJ65zAmjlKqjHCm5UjwBHsV9Lc9gmEzcSe8SeHV%2Bk04YXc6x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe3018b4b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/jquery-3.js
172.67.73.58200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/jquery-3.js
IP 172.67.73.58:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/jquery-3.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-1538f"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20681
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hz8kcMbGlt2jc9TOUURzYUUdunmUraSR%2BIrTHLB2dCqfKR8MXVoh0XU20o4nN5898vpHyD4lkcULCs02f%2FXlRgUHsljd6XGLncmUUXK7G0TpOyCr2xlUjSUb4M2sl9sf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe3018b0b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
172.67.73.58200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
IP 172.67.73.58:0
Analyzer Verdict Alert openphish Huntington Bank
NIDS Severity Alert suricata medium ET PHISHING Possible Compromised Wordpress - Generic Phishing Landing 2018-01-22
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3 HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: text/html; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BA8oEsKp2t4aDk%2F4z2vLFD3S3rmgcnlq8ZO8dfULt5PqivFEVrPdx8I5klhZPythEQkfhq3fO1tayj%2By5wJIG2pKp5JVf7jqG4zh%2F1oXZWuOXRrPzIer5q9SX5ByzDXV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe2c8a00b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.98200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.98:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:58 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 101928
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json
172.67.73.58200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json
IP 172.67.73.58:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/data.json HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/json
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
etag: W/"63df4aac-a9"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BE6oe3g8on5YGDYJ5iNXmnCH2iFYj6OCOSF0LxtLXesyUDATwLMB4BE%2FNX2NVDwm5CcLZMZwigHhpfAbUoOMRw%2FH%2BrM3Z46Y46NGFi47szDIxN0WYI7tMJwfDKwFlsJr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe30089eb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/1011719316x32.js
172.67.73.58200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/1011719316x32.js
IP 172.67.73.58:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/1011719316x32.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-6bb"
expires: Sun, 05 Feb 2023 19:47:54 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20680
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=84%2BzB9mu8SQCGzmGkVpcXwbpxhsiuGHYgSKUCapyklhovVpDYx0wBcLe%2FULvSa%2FYxZK1EBbEjqR0wofyUaXj4aU8w1TbotYguVUS9s1DPWF9j07vO34ftV9tNK6oY%2FeS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe30089fb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/fonts-remote.css
172.67.73.58200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/fonts-remote.css
IP 172.67.73.58:0
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/fonts-remote.css HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: text/css
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-cab"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20680
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Km6i0IJITCl0SEO9Gv9iGCq7lijzRMNQ7uSVqlgirG%2FyyKSG66dLRpyj7MEFBsuTHvklDL%2FblQDEDlOj%2BP0AJw1%2FPWOwwk3ted1vXBDqCk5GnR5JMSU8uI9zi3g0k1Dl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe30088fb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js
172.67.73.58404 Not Found 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js
IP 172.67.73.58:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/rta.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 05 Feb 2023 18:34:56 GMT
content-type: text/html; charset=utf-8
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yw2kIpgtOKpSY3IaR9%2FKiIvwIw5HNDaOfp28fg6yqCM4e79U8uR33glrbvFaWtQnr%2BGQ7SDtXod5UTjMfhabHfV7pZwkQyTRMR5AzQhEJAGsEROAUZJGSXMx1awclF%2B5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794dbe300898b4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
IP 178.250.0.157:0
GET /sync?c=30&r=2&j=cr_handle_data_a HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:57 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 584074
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking.js
172.67.73.58200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking.js
IP 172.67.73.58:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/tracking.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-3a74"
expires: Sun, 05 Feb 2023 19:47:55 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20681
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZXBCP7A0jll8BIGIf453Kdu4AG7Am1cKfAh9em5GlZBAjNajocr3CILr%2Fx6KcdYgEBd9RAAJwcopMx85RRS%2BVRejOhzSk9%2BwNqydbD5cyHRuA0u2dOsTID9FTEAAbj0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe30088bb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/moatad.js
172.67.73.58200 OK 0 B URL HTTP/2 ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/moatad.js
IP 172.67.73.58:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/index_files/moatad.js HTTP/1.1
Host: ntutdc1995.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ntutdc1995.com/wp-content/plugins/advanced-floating-content/languages/ee9952ed3d1841fa40f6b84d3b80a5b2/mail/spectrum/login.html?cmd=login_submit&id=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3&session=2eb5b08d09005a167e038a62c938ccd32eb5b08d09005a167e038a62c938ccd3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 18:34:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 05 Feb 2023 06:20:28 GMT
vary: Accept-Encoding
etag: W/"63df4aac-435ef"
expires: Sun, 05 Feb 2023 19:47:56 GMT
cache-control: max-age=43200
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000
cf-cache-status: HIT
age: 20682
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xi5nKPk993PMip7ZuDEdxqN2%2FPoxKU4fswhMnbJ5gf%2FXrRVP%2BUFiZ39aWVytcL6pC0l%2Bbn%2BhK6HaE9kRYUg4nFT7PrfI%2BjIeCGmRxEQ3S3a%2BD299kX4hI46u3Yw24583"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794dbe3008aab4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2