r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3800
Expires: Sun, 04 Dec 2022 14:55:56 GMT
Date: Sun, 04 Dec 2022 13:52:36 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3636
Cache-Control: max-age=164357
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 13:52:36 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:31:53 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
triumphinvestigativeservicesllc.com/
162.213.255.27301 Moved Permanently 707 B URL HTTP/1.1 triumphinvestigativeservicesllc.com/
IP 162.213.255.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 04 Dec 2022 13:52:36 GMT
server: LiteSpeed
location: https://triumphinvestigativeservicesllc.com/
x-turbo-charged-by: LiteSpeed
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 13:20:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1949
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2222
Expires: Sun, 04 Dec 2022 14:29:38 GMT
Date: Sun, 04 Dec 2022 13:52:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: BvXeh6lOQLrIWBevc/RpyMagNcVE1CvjxzuvTOFaqddZMxx6w1Htfi5v9IgMjzO1IFeDNVg4T20=
x-amz-request-id: XTV8XAP8ZFY709EY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 13:47:00 GMT
age: 336
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 13:52:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 13:08:58 GMT
cache-control: public,max-age=3600
age: 2618
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 770a3bd3b1afb155c0e5cc8b15102d6b
3098dbc7a62ab2193afb2a74abdcae610ed11358
4520e90e241011a812a389e4fad5ac30070bffc0ed8478e6fafb6387a968b609
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 13:52:37 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 05:26:22 GMT
Expires: Thu, 08 Dec 2022 05:26:21 GMT
Etag: "3098dbc7a62ab2193afb2a74abdcae610ed11358"
Cache-Control: max-age=314624,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774506064f7bb4f7-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3639
Cache-Control: max-age=159293
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 13:52:37 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:07:30 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.186.169.128101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.169.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WX4btGd/MhSxM0MKjeT2zw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lvKjrjT3jnwdc6iWem1t9m8qTTk=
cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.min.css?ver=6.1.1
104.17.25.14200 OK 394 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.1/slick.min.css?ver=6.1.1
IP 104.17.25.14:0
File type ASCII text, with very long lines (1327)
Hash 50d05d35119a9bd8cf777402bb4789a0
fd03f42f191f21580b72dc3e474e9b7503a82555
a8daf82dae80ef2b347046c449acf73de160cc273a70cb74ed4cb71597a69bfc
GET /ajax/libs/slick-carousel/1.8.1/slick.min.css?ver=6.1.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 13:52:37 GMT
content-type: text/css; charset=utf-8
content-length: 394
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fd5-559"
last-modified: Mon, 04 May 2020 16:16:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15602385
expires: Fri, 24 Nov 2023 13:52:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkRQRP7H15S9DtA1G3KvJbrZADVZ2qs94zc0pK29zsQ%2BVCWFgH4tmxORi%2FAgy8DygFDjkzLcrlsKpeAl60%2BScs7p%2BZBD%2Bubj1LFGWukZNdcMaf2JEj0W2aASF9W62XmM8vQBs7zE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7745060b0b460b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 13:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
triumphinvestigativeservicesllc.com/
162.213.255.27200 OK 34 kB URL HTTP/2 triumphinvestigativeservicesllc.com/
IP 162.213.255.27:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9381), with CRLF, LF line terminators
Hash c99d05210107c2a7d7dc810a7922a6b4
cc8f3073457b2c96df2b4a0c8404e068cc1ba91d
fb43c18fbe37408729889cd865b82f636fa97a787cfc99f2ce4e6adb450d3991
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
set-cookie: vchideactivationmsg_vc11=12.0; secure
content-type: text/html; charset=UTF-8
link: <https://triumphinvestigativeservicesllc.com/wp-json/>; rel="https://api.w.org/", <https://triumphinvestigativeservicesllc.com/wp-json/wp/v2/pages/549>; rel="alternate"; type="application/json", <https://triumphinvestigativeservicesllc.com/>; rel=shortlink
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 13:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
triumphinvestigativeservicesllc.com/wp-includes/css/dashicons.min.css?ver=6.1.1
162.213.255.27200 OK 35 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-includes/css/dashicons.min.css?ver=6.1.1
IP 162.213.255.27:0
File type ASCII text, with very long lines (58981)
Hash 54c5bfb8a890d87139d9abfe01662c83
f9eddf5b8a3269e6d6fa40b4f13083705e6267c6
9685e5cabe4efc8c85e986725af8009b306416aad3ecc9086ca5bb12b84ce4ef
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dashicons.min.css?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 35110
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/widget-areas/css/widget_areas.css?ver=1
162.213.255.27200 OK 398 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/widget-areas/css/widget_areas.css?ver=1
IP 162.213.255.27:0
Hash 3bb6f24d5cde232ea5bacb387c5d8497
bd3aa5ce595b703ecda7d9de00e384b4f6109bac
e20822b8110464fea430b1ef6418376d006c70e5fea54e1cb9071fa41f31c78d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/widget-areas/css/widget_areas.css?ver=1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:58:39 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 398
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/alicoBold.css?ver=6.1.1
162.213.255.27200 OK 769 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/alicoBold.css?ver=6.1.1
IP 162.213.255.27:0
File type ASCII text, with CRLF line terminators
Hash 26f917a5deccf1531b346579d31797bf
499f6fb6557272361624aedaa0bfb5e310ad8792
0eecdeec7d37c03115739205d244519682e921837f38def185245abdb7009d93
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/the-guard/css/alicoBold.css?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:55:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 769
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/security.css?ver=6.1.1
162.213.255.27200 OK 914 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/security.css?ver=6.1.1
IP 162.213.255.27:0
File type ASCII text, with CRLF line terminators
Hash dbd96baac7504fbb1b6a4a371d8732a5
ec734d0dc841648f5a44fa05316af532e831ea02
edfa0fab19c5509790dde6c4da6c19c925aab2f81d58a071df1bf6a52999ee3d
GET /wp-content/themes/the-guard/css/security.css?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:55:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 914
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/dynamic.css?ver=6.1.1
162.213.255.27200 OK 45 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/dynamic.css?ver=6.1.1
IP 162.213.255.27:0
File type ASCII text, with very long lines (573), with CRLF line terminators
Hash 85f5f25b2408a8d15da2eb58795c9e50
de7dfda6a38f98793d8a14e6754f35717973857a
48dbb40e79bb54b0b887151e99c6d4951c4a45e58af755eb9689233874dd89d7
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/the-guard/css/dynamic.css?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Mon, 10 Jan 2022 20:58:29 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 45122
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/font-awesome.min.css?ver=6.1.1
162.213.255.27200 OK 5.9 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/font-awesome.min.css?ver=6.1.1
IP 162.213.255.27:0
File type ASCII text, with very long lines (27303), with CRLF line terminators
Hash 3b79bb5d0d459d64902a51f4df5a0ab4
68dc515f97caa7971d7a0e5155a80e9ad3c3cb49
af3dd89879ebc5fdd6c89730239f7e120958df1743cf030c2f11dcbc5779d238
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/the-guard/css/font-awesome.min.css?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:55:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5881
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/style.css?ver=6.1.1
162.213.255.27200 OK 277 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/style.css?ver=6.1.1
IP 162.213.255.27:0
Hash 01309bf1cf9303197bc9a0e9b30b0141
d3fce63a1924b2533fca7d0694562b7297ec9f4c
0945d9633719c3c3efdd917a564d718796b50d9548c4cf66c955219bb726989c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/the-guard/style.css?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 27 Jan 2022 17:59:39 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 277
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
162.213.255.27200 OK 12 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 162.213.255.27:0
File type ASCII text, with very long lines (47826)
Hash c4d7cc056b49b00e05cc29cc59aa3d5a
48c426bec60099d2a8628df430ed682c72aab42a
8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 06:53:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11616
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1
162.213.255.27200 OK 1.2 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1
IP 162.213.255.27:0
File type ASCII text, with very long lines (5305), with no line terminators
Hash 8869d434cd2a3350017c5dddb6b6c624
218f6b304da36e0e5c1212e2b8afd934f2801a93
80727ae14af6bf4636a9455f87ce0e83429bacb577965aee4d0ce980759bf7e9
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 10 Mar 2022 20:02:47 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1207
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1
162.213.255.27200 OK 19 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1
IP 162.213.255.27:0
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Hash f1d5e220cfbd09e06b389c10979694e3
da093396b6e2edd29850a89d064fa1dbe81de37a
7c9fcb7425f600f500db87902ebccc00e0f4b2f918a801b3c39cb416628d64bf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 10 Mar 2022 20:02:47 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 19387
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-includes/css/classic-themes.min.css?ver=1
162.213.255.27200 OK 217 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-includes/css/classic-themes.min.css?ver=1
IP 162.213.255.27:0
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Fri, 04 Nov 2022 04:57:03 GMT
accept-ranges: bytes
content-length: 217
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.4.5
162.213.255.27200 OK 42 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.4.5
IP 162.213.255.27:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9bd9929677372c465402cd09cde550fc
f133e6a51598db35af53c8f36cb78cea42bda800
da693db958dd537bcb1d8002ac63f9e357b587c8218f2d849ab559938074d8e8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.4.5 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:57:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 41475
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1
162.213.255.27200 OK 848 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1
IP 162.213.255.27:0
Hash c962ba8e7d42ff9da18392b41dad5151
7b89bc5e6ad161df2e6d7f7fb3ad894aa04b827f
322a4949c5bdd82eb80c13bbbd407ce30a7ad226685c54270d246cb6960e524e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 19:13:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 848
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/responsive-lightbox/assets/swipebox/swipebox.min.css?ver=2.3.3
162.213.255.27200 OK 996 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/responsive-lightbox/assets/swipebox/swipebox.min.css?ver=2.3.3
IP 162.213.255.27:0
File type ASCII text, with very long lines (4224), with no line terminators
Hash 2f786324d141c7293bdd07aed333968f
a803f868da0756bbf1d2c1d0655262df96a6b19c
c8c307319b0b75a7c358307b354e3de33b53bde355e3b8f38ae1b04630a3a7e7
GET /wp-content/plugins/responsive-lightbox/assets/swipebox/swipebox.min.css?ver=2.3.3 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 19:01:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 996
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.6.3.1
162.213.255.27200 OK 6.9 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.6.3.1
IP 162.213.255.27:0
File type ASCII text, with very long lines (29701), with CRLF line terminators
Hash 1adf583a268e30aaaed46550b156467c
6a785895330c86950708fe91b507a2e7803eb8be
25dde0693ac14abf231374b31feb6f7a8e4e7687640d1c013e3336ad03d1283f
GET /wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.6.3.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:56:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6856
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=6.1.1
162.213.255.27200 OK 4.5 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=6.1.1
IP 162.213.255.27:0
File type ASCII text, with very long lines (27639), with no line terminators
Hash 9a93ae1de173786cb8670757ce07ed80
170b12a94a2ca458187d9f25c707c3f870bec587
b260eed4f4b87de1f3bbdbf96abfb9c75eba4ae837e75cf089bf52e2ef26108d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:58:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4453
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/style.min.css?ver=3.16.20
162.213.255.27200 OK 2.6 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/style.min.css?ver=3.16.20
IP 162.213.255.27:0
File type ASCII text, with very long lines (13120), with no line terminators
Hash 59b798d32f197ea7d262142759028880
7692ac7ae52b6b3157eae18315d5564977319fe3
74f0e6b4b95c0664cec0ede4f3bab4220795ccc4ff2969ee999eb33a51f15040
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/style.min.css?ver=3.16.20 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2589
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/animate.min.css?ver=3.16.20
162.213.255.27200 OK 5.3 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/animate.min.css?ver=3.16.20
IP 162.213.255.27:0
File type ASCII text, with very long lines (64385), with CRLF line terminators
Hash e7523a2ac28478012d103baf4a862383
3c38a1429969faba810fcb9d10d5b65ecdca6522
02cf680e235017a8f7995e20f36a01e2ed8adf91bc1a9ae8b925e3a763e85276
GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/animate.min.css?ver=3.16.20 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5315
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/info-box.min.css?ver=3.16.20
162.213.255.27200 OK 726 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/info-box.min.css?ver=3.16.20
IP 162.213.255.27:0
File type ASCII text, with very long lines (4226), with no line terminators
Hash cccfc375a4b7c23c0b71a987977211fb
1fc21746e1a1859abf1f6edcb47d6e78662c554f
54c1a866ee8cb7d5eec36d5e990e63eb476550da00d9e01a1ff6946ae11c6290
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/info-box.min.css?ver=3.16.20 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 726
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/tooltip.min.css?ver=3.16.20
162.213.255.27200 OK 355 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/tooltip.min.css?ver=3.16.20
IP 162.213.255.27:0
File type ASCII text, with very long lines (1722), with no line terminators
Hash 8b21080f21d849ab9195b6d9b0fcb2c0
8b64cf542df285e1e8d9b63809709c9800b74e23
14df78e66e879afd052f2a7bc8e44eb8696f6669fff23489bbbb92288504a423
GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/tooltip.min.css?ver=3.16.20 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 355
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/pricing.min.css?ver=3.16.20
162.213.255.27200 OK 2.1 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/assets/min-css/pricing.min.css?ver=3.16.20
IP 162.213.255.27:0
File type ASCII text, with very long lines (19727), with no line terminators
Hash f4e58bea72fb6492b3a8b4dba3bf7196
bc3083ca8fb8dc08cc4c72ea28ffb1bdcf6ba6a1
e108b37164778bb7d7435c7c8c2ca9a610ddfe86897a96f47590b436a8558d0d
GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/pricing.min.css?ver=3.16.20 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: text/css
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2140
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
162.213.255.27200 OK 5.3 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 162.213.255.27:0
File type ASCII text, with very long lines (11126)
Hash 27caf644710e18abaa6e9a6f9f69a153
65b5863671e5f02eea7ba47a872e2c35fb9de86a
4ec315ca9e66bf8925f0a7da38cf19a5bd7375ccd98befb14940dacb88e77d93
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: application/javascript
last-modified: Fri, 04 Nov 2022 04:57:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5329
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/js/modernizr.custom.57510.js?ver=6.1.1
162.213.255.27200 OK 6.4 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/js/modernizr.custom.57510.js?ver=6.1.1
IP 162.213.255.27:0
File type HTML document, ASCII text, with very long lines (12015), with CRLF, LF line terminators
Hash 83a28b1843349f93ba64f39bf6dd37f2
4e7ec87aa99ac0185f2b80f40c0e218a97c61e62
6c039853b43bc764af691d55da05fb9e4e7293c9c59516a3f1fcaec14ffa844d
GET /wp-content/themes/the-guard/js/modernizr.custom.57510.js?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: application/javascript
last-modified: Thu, 14 Oct 2021 18:55:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6368
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/responsive-lightbox/assets/swipebox/jquery.swipebox.min.js?ver=2.3.3
162.213.255.27200 OK 4.9 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/responsive-lightbox/assets/swipebox/jquery.swipebox.min.js?ver=2.3.3
IP 162.213.255.27:0
File type ASCII text, with very long lines (12939)
Hash f4ecc7ee8d0efc1a96a42fe720e92bc6
ffa79362a0b85af53e98959104f8d73792e4950e
f4d21437bed9492d3aaa0e4bf0e06dc7454af6252a0c73b0dfe4dcc06af16191
GET /wp-content/plugins/responsive-lightbox/assets/swipebox/jquery.swipebox.min.js?ver=2.3.3 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: application/javascript
last-modified: Thu, 14 Oct 2021 19:01:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4928
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-includes/js/underscore.min.js?ver=1.13.4
162.213.255.27200 OK 8.5 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-includes/js/underscore.min.js?ver=1.13.4
IP 162.213.255.27:0
File type ASCII text, with very long lines (18820)
Hash 2567317f433be2a1a4fbadfd978315a0
7c039fee4862e5946f8eb03436d57cde26d4dea6
6b62e4aeb3100e67d506c6c9c7d9b403500e0d7f20effc50595b52fbc4c236c5
GET /wp-includes/js/underscore.min.js?ver=1.13.4 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: application/javascript
last-modified: Fri, 04 Nov 2022 04:57:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8519
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=6.1.1
162.213.255.27200 OK 8.1 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=6.1.1
IP 162.213.255.27:0
File type ASCII text, with very long lines (25603), with CRLF, LF line terminators
Hash d5729e40d87fb8a3c2c74a7384a66d47
4ded62726c04644a27f63d2023d3547a1dedb6cf
2363ebb650106922f6077bcc3fab0c15ae4afaa5ae30d012c9c6f2a822a7e8b5
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=6.1.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: application/javascript
last-modified: Thu, 14 Oct 2021 19:01:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8127
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/responsive-lightbox/js/front.js?ver=2.3.3
162.213.255.27200 OK 6.6 kB URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/responsive-lightbox/js/front.js?ver=2.3.3
IP 162.213.255.27:0
File type Unicode text, UTF-8 text, with very long lines (641), with CRLF, LF line terminators
Hash edb09a5b05154c49dcca74eaa64b9929
9fc70ce188c3f5e3ad0bca46daacfe67aff533a4
340bcdf028ec146517b78de921121cc335c2c5aa955c4b941b79377933d89211
GET /wp-content/plugins/responsive-lightbox/js/front.js?ver=2.3.3 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: application/javascript
last-modified: Thu, 14 Oct 2021 19:01:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6614
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive
new.weatherplllatform.com/stick.js?v=9.00
91.211.91.114200 OK 17 kB URL HTTP/2 new.weatherplllatform.com/stick.js?v=9.00
IP 91.211.91.114:0
ASN #206638 PE Brezhnev Daniil
Hash 79d05cd02038bb248d24d4af4fe73c8a
2780c99d5649960cc2df3ee149d75e000afb7948
880eb6b85d6be5c631e7c9e35112b679a99611f0e47e3fa4bb5463251b6286cb
Analyzer Verdict Alert fortinet Malware
GET /stick.js?v=9.00 HTTP/1.1
Host: new.weatherplllatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 13:52:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 06 Nov 2022 00:27:12 GMT
vary: Accept-Encoding
etag: W/"6366ff60-a40"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 58117
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 57757
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6UQ_BhPmpVpe9w6gsExB-EpNq_syeCCK6fr4Y1FFK1jDJh_n1Sd0Eg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:47 GMT
age: 57591
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 57600
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 027480c06cd67621f373c6765dafee4d
9f80bb7ca6f699d88eaec2248dec508c589fe994
f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ztC4S0WeA3ft_9JafrL6fInXo4jwkb0cTWUx4Z8L2uz3EWQS-d6F5A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:02:47 GMT
age: 56991
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
away.cdnbestplatform.com/go.php?id=9677-22-5680954-11
91.211.91.104200 OK 410 B URL HTTP/2 away.cdnbestplatform.com/go.php?id=9677-22-5680954-11
IP 91.211.91.104:0
ASN #206638 PE Brezhnev Daniil
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 872cdcc5c755ea55143788a9c61cf136
492c2c91952914f0cedaa22d410981b8fb9b27f6
63af39d037d9663149d6e820ec45cede1f26406260b35a4ed8dfcce6a95ebf20
Analyzer Verdict Alert fortinet Malware
GET /go.php?id=9677-22-5680954-11 HTTP/1.1
Host: away.cdnbestplatform.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 13:52:39 GMT
content-type: text/html; charset=UTF-8
content-length: 410
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5d8b9dfd23e34883fd2a3ed93823106
5a69f6e06e9a7723b6da3d46285790c792c07edf
29ba772027d2eca99c13463843102c1ec88f5a724da8129084819f0d36974b29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "29BA772027D2ECA99C13463843102C1EC88F5A724DA8129084819F0D36974B29"
Last-Modified: Sun, 04 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16494
Expires: Sun, 04 Dec 2022 18:27:33 GMT
Date: Sun, 04 Dec 2022 13:52:39 GMT
Connection: keep-alive
greenskymotions.com/b91698fd2.js
185.177.94.152200 OK 56 B URL HTTP/2 greenskymotions.com/b91698fd2.js
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 01fedb484c76c86eb5bafcc15b97bddc
aa3d7fba2de0e16f69798d6dc6e77d2765a90455
93f23f64c6e14a7778241254ad90d49a38dfe406afdd5e0e223064613572d40f
Analyzer Verdict Alert fortinet Phishing
GET /b91698fd2.js HTTP/1.1
Host: greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 13:52:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 56
last-modified: Thu, 13 Oct 2022 01:01:02 GMT
etag: "6347634e-38"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
greenskymotions.com/favicon.ico
185.177.94.152204 No Content 0 B URL HTTP/2 greenskymotions.com/favicon.ico
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed15
Cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 04 Dec 2022 13:52:39 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 286ae5ed06f51c79f4f801868cf06cac
a32245ae4f671d8a4cf0dcb34012fa8f7206555b
6cb8fdb3f519b71ea5b3059fb001d9fd05c1d1e1f563262880e72ef7cf447602
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6CB8FDB3F519B71EA5B3059FB001D9FD05C1D1E1F563262880E72EF7CF447602"
Last-Modified: Fri, 02 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5385
Expires: Sun, 04 Dec 2022 15:22:25 GMT
Date: Sun, 04 Dec 2022 13:52:40 GMT
Connection: keep-alive
0.greenskymotions.com/b91698fd2.js
185.177.94.152200 OK 56 B URL HTTP/2 0.greenskymotions.com/b91698fd2.js
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 01fedb484c76c86eb5bafcc15b97bddc
aa3d7fba2de0e16f69798d6dc6e77d2765a90455
93f23f64c6e14a7778241254ad90d49a38dfe406afdd5e0e223064613572d40f
Analyzer Verdict Alert fortinet Phishing
GET /b91698fd2.js HTTP/1.1
Host: 0.greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656; uuid=7d6873aa-840c-4786-92e7-c992d53d5656
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 13:52:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 56
last-modified: Thu, 13 Oct 2022 01:01:02 GMT
etag: "6347634e-38"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed15
185.177.94.152200 OK 53 kB URL HTTP/2 0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed15
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334)
Hash 783554dd86dab3f3d3285d9476c0b2cb
9bb4b4baa7bd6607dc334509651182a877627688
966550e6a5f6664a616f54ccbc88d5806c03b133974acbacedad3b5507de5437
GET /index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed15 HTTP/1.1
Host: 0.greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.com/
Cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 13:52:40 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656; expires=Tue, 03-Jan-2023 13:52:40 GMT; Max-Age=2592000; path=/; domain=0.greenskymotions.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d3e115c45ed22471e7811442df8077e5
a64b7877168e4b37b27be30f6e0f38c16e4c7604
25253026eda6a5f18bc94eb9b840f7231e0234578de06651addb296c80b69e8e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25253026EDA6A5F18BC94EB9B840F7231E0234578DE06651ADDB296C80B69E8E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8059
Expires: Sun, 04 Dec 2022 16:06:59 GMT
Date: Sun, 04 Dec 2022 13:52:40 GMT
Connection: keep-alive
greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed15
185.177.94.152200 OK 18 kB URL HTTP/2 greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed15
IP 185.177.94.152:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7734)
Hash e0a7c65966c02ff5464fe93e6ca3aab6
9bd4b706969fa8413f408704c5ad51318b58cd31
3147bdbd0a86eff046f06fd21ec65ae2a62fbe90e8f51eb9cf539c7002e87ac7
Analyzer Verdict Alert fortinet Phishing
GET /go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed15 HTTP/1.1
Host: greenskymotions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.cdnbestplatform.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 13:52:39 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656; expires=Tue, 03-Jan-2023 13:52:39 GMT; Max-Age=2592000; path=/; domain=greenskymotions.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Ubuntu:400%2C500%7CPlay:700
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Ubuntu:400%2C500%7CPlay:700
IP 142.250.74.74:0
GET /css?family=Ubuntu:400%2C500%7CPlay:700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 13:52:37 GMT
date: Sun, 04 Dec 2022 13:52:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.6.3.1
162.213.255.27200 OK 0 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.6.3.1
IP 162.213.255.27:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.6.3.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
content-type: application/javascript
last-modified: Sat, 19 Nov 2022 18:21:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 39054
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
broworker4s.com/sw/bro.js
51.15.18.159200 OK 0 B URL HTTP/2 broworker4s.com/sw/bro.js
IP 51.15.18.159:0
GET /sw/bro.js HTTP/1.1
Host: broworker4s.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 13:52:40 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 04 Dec 2023 13:52:40 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
broworker4s.com/sw/bro.js
51.15.18.159200 OK 0 B URL HTTP/2 broworker4s.com/sw/bro.js
IP 51.15.18.159:0
GET /sw/bro.js HTTP/1.1
Host: broworker4s.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.greenskymotions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 13:52:40 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Mon, 04 Dec 2023 13:52:40 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
triumphinvestigativeservicesllc.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
162.213.255.27200 OK 0 B URL HTTP/2 triumphinvestigativeservicesllc.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 162.213.255.27:0
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: triumphinvestigativeservicesllc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:33 GMT
content-type: application/javascript
last-modified: Fri, 04 Nov 2022 18:25:28 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 37123
date: Sun, 04 Dec 2022 13:52:33 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Ubuntu:400%7CPlay:700&display=swap&ver=1641848309
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Ubuntu:400%7CPlay:700&display=swap&ver=1641848309
IP 142.250.74.74:0
GET /css?family=Ubuntu:400%7CPlay:700&display=swap&ver=1641848309 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 13:52:37 GMT
date: Sun, 04 Dec 2022 13:52:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2