r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d27590a1d3cbe1e9632b8ae92aaae3f4
202b34e8a0c3b88c8826fd56c6227b34f2cd6f46
6bcfa518476658128c1fb4ea2435c4e58531454cf97138dce7ece9def589aead
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BCFA518476658128C1FB4EA2435C4E58531454CF97138DCE7ECE9DEF589AEAD"
Last-Modified: Wed, 16 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8257
Expires: Thu, 17 Nov 2022 02:45:34 GMT
Date: Thu, 17 Nov 2022 00:27:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4e84f361a3c81abc5d665a5f441452a8
7aa4b9cb0a7ba1daa514dbb48fe8e74fdf09b60d
04d64920cc8e6b096841938b0c1140889f5d7a04eabd440934a31f1c7ab90352
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "04D64920CC8E6B096841938B0C1140889F5D7A04EABD440934A31F1C7AB90352"
Last-Modified: Wed, 16 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8240
Expires: Thu, 17 Nov 2022 02:45:17 GMT
Date: Thu, 17 Nov 2022 00:27:57 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9b4e6c72233070ef185ff980135e9555
2f14523a3f6f9532df3b872984fd23e156d2c465
5040e340e60b331b1569d52d66afcd5649a4121e2841d38cca0974e2a4c0af75
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 223
Cache-Control: max-age=122823
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:27:57 GMT
Etag: "6374bbf5-1d7"
Expires: Fri, 18 Nov 2022 10:35:00 GMT
Last-Modified: Wed, 16 Nov 2022 10:31:17 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LZBiH3ToXuTTwZCdJklsbcOhOQ0INvsWWY6Z9mc7L1Sh6M6z6gkzh9zH3zukq9lzqosZgLFAzM4=
x-amz-request-id: TR5QFRD9X774T7AA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 16 Nov 2022 23:52:13 GMT
age: 2144
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 16 Nov 2022 23:44:37 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 17 Nov 2022 00:27:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 16 Nov 2022 23:44:49 GMT
cache-control: public,max-age=3600
age: 2588
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8345d8a2ca46c3b181a81d8626d0425f
5d9d088c5dca072bbc9ad23a15450e7af7829400
663b0e6c239177f35b5b48d4203ce95aabc0e5bab7911f5b1d9fb7624cac2e25
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2730
Cache-Control: max-age=120280
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:27:57 GMT
Etag: "6374a83b-1d7"
Expires: Fri, 18 Nov 2022 09:52:37 GMT
Last-Modified: Wed, 16 Nov 2022 09:07:07 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
heypressto.com/tuso/index.php?qbot.zip
109.203.109.22301 Moved Permanently 0 B URL HTTP/1.1 heypressto.com/tuso/index.php?qbot.zip
IP 109.203.109.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /tuso/index.php?qbot.zip HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Date: Thu, 17 Nov 2022 00:27:57 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://heypressto.com/tuso/?qbot.zip
Vary: User-Agent
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
54.191.210.155101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.210.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2h6Msze7EihK935AtZXhPA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mu3x1d4G72WLVY/SRcgX70e/OWQ=
heypressto.com/tuso/?qbot.zip
109.203.109.22404 Not Found 6.3 kB URL HTTP/1.1 heypressto.com/tuso/?qbot.zip
IP 109.203.109.22:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2403), with CRLF, LF line terminators
Hash c6effc28cf93e39e0ace27f618a414fe
d2265ad09a68e95817b4cba3c77850071d5678ef
bfa12425e8c83ce39fb98037c5d31a72d2e5ca5c843ea6b6ecfb5926fa1089ed
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /tuso/?qbot.zip HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Date: Thu, 17 Nov 2022 00:27:58 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://heypressto.com/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 6262
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heypressto.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.6
109.203.109.22200 OK 10 kB URL HTTP/1.1 heypressto.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.6
IP 109.203.109.22:0
File type Unicode text, UTF-8 text, with very long lines (33376)
Hash 2a3cc81919349cb551f504b077791457
1d9393824b33b80513dbb9b2c8db48b6719d5d46
13a8d762ef70a9a18c89c226c4671f986401ccb7dae1c20be18c3db1eabbb62c
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.8.6 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 23:07:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 10523
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
heypressto.com/wp-includes/js/jquery/jquery-migrate.min.js?v=2.1.3
109.203.109.22200 OK 4.2 kB URL HTTP/1.1 heypressto.com/wp-includes/js/jquery/jquery-migrate.min.js?v=2.1.3
IP 109.203.109.22:0
File type ASCII text, with very long lines (11126)
Hash 98a6a88a0e1577804eb98b8de29b459a
d97e067d01fc47938068b515c6f8c8ed41ce8170
284b66389a42495c2519d015713a1bf22afcf4c0d79fa8e8fe1a809889316cb4
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery-migrate.min.js?v=2.1.3 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 14:01:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4167
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
heypressto.com/wp-content/themes/rise/style.css?ver=5.8.6
109.203.109.22200 OK 209 B URL HTTP/1.1 heypressto.com/wp-content/themes/rise/style.css?ver=5.8.6
IP 109.203.109.22:0
Hash 6fc98e4c2d4954307c8868fb303bf658
b011f43d09ebca86411ba68488bab09f08f359a7
3794ecabc87507f95e6862d5821f3f8268d3b15ca2c2964026206c065d69ae31
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/rise/style.css?ver=5.8.6 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 23:08:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 209
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
heypressto.com/wp-content/themes/rise/js/masonry.pkgd.min.js?ver=5.8.6
109.203.109.22200 OK 8.6 kB URL HTTP/1.1 heypressto.com/wp-content/themes/rise/js/masonry.pkgd.min.js?ver=5.8.6
IP 109.203.109.22:0
File type ASCII text, with very long lines (354)
Hash 05c8241674099862a0f35a5cfc8816b8
0e30dd5380049ca5e0fe3cbb40629bfea292cb88
831c44ed2fcf5b986f579129f5f98ebcc251732f6b34e7efcff6cd97c03f9415
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/rise/js/masonry.pkgd.min.js?ver=5.8.6 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 14:00:21 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 8621
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
heypressto.com/wp-content/themes/rise/css/reset.css?v=2.1.3
109.203.109.22200 OK 768 B URL HTTP/1.1 heypressto.com/wp-content/themes/rise/css/reset.css?v=2.1.3
IP 109.203.109.22:0
Hash 5de3bf0579ffe3a547cbfc4d7b1e9ec0
d30acec09c2e146145070e7ae3c03198d2ffc715
803631286ab0357865a3a2524a734f461b1b7c5e9ed48a8ee565fd0170766cda
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/rise/css/reset.css?v=2.1.3 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 23:08:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 768
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
heypressto.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.6
109.203.109.22200 OK 4.9 kB URL HTTP/1.1 heypressto.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.6
IP 109.203.109.22:0
File type ASCII text, with very long lines (15224)
Hash 3179794486ec4ca8f59329ccd67ae3e1
4b9c6e22ee7966479ef9844259f39f19d584f4a4
6e616b83910943042f683d5d21691f7e15aca8e2d8d154ff8f35bf09c612297a
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.8.6 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 14:02:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 4930
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
heypressto.com/wp-includes/js/jquery/jquery.min.js?v=2.1.3
109.203.109.22200 OK 31 kB URL HTTP/1.1 heypressto.com/wp-includes/js/jquery/jquery.min.js?v=2.1.3
IP 109.203.109.22:0
File type ASCII text, with very long lines (65447)
Hash 9640915738503451aa21181699feab5b
c053eaf36ef0da96619706b3abda326305063bd6
f8834e669ad1f4039442c26aaa373ec39c35a233b9786d374fc3f670f16b0adc
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/jquery/jquery.min.js?v=2.1.3 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 14:01:58 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 30908
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
heypressto.com/wp-content/themes/rise/js/script.js?v=2.1.3
109.203.109.22200 OK 10 kB URL HTTP/1.1 heypressto.com/wp-content/themes/rise/js/script.js?v=2.1.3
IP 109.203.109.22:0
Hash f226ea66d5ace37dab4c21215a011045
29d0256b08192acc2a4244dd28fe510a899852bd
7f9e85a343bd00fb14813570b662e7f1fa1ffa35d11f31fc0dcdebcc7a373792
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/rise/js/script.js?v=2.1.3 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 14:00:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 10037
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
heypressto.com/wp-includes/js/wp-embed.min.js?ver=5.8.6
109.203.109.22200 OK 765 B URL HTTP/1.1 heypressto.com/wp-includes/js/wp-embed.min.js?ver=5.8.6
IP 109.203.109.22:0
File type ASCII text, with very long lines (1391)
Hash fe875afb236ee8f0d50040fe58d848d4
e6b1b67093b429c95d5b9db07a7eba39e02cf0e5
328a6a072b91134f2802ae25e070f38ff156ceee2c6ec6a6253ae4b27af73b49
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-includes/js/wp-embed.min.js?ver=5.8.6 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 14:02:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 765
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
heypressto.com/wp-content/plugins/thrive-visual-editor/thrive-dashboard/js/dist/frontend.min.js?ver=3.5.1
109.203.109.22200 OK 1.3 kB URL HTTP/1.1 heypressto.com/wp-content/plugins/thrive-visual-editor/thrive-dashboard/js/dist/frontend.min.js?ver=3.5.1
IP 109.203.109.22:0
File type HTML document, ASCII text, with very long lines (2954), with no line terminators
Hash bc076100261baed1f078db2eab399ded
4a87bc3a6ab95a251876807836fa26e5d8d575d0
00969c8a62634a68a694b8bb4cef81bbc28593dcd2b02b93a1261120cf734891
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/plugins/thrive-visual-editor/thrive-dashboard/js/dist/frontend.min.js?ver=3.5.1 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Sat, 29 Oct 2022 13:56:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1300
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
heypressto.com/wp-content/themes/rise/css/main_green.css?v=2.1.3
109.203.109.22200 OK 29 kB URL HTTP/1.1 heypressto.com/wp-content/themes/rise/css/main_green.css?v=2.1.3
IP 109.203.109.22:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 32ebe716ce0f3471f2f8e67778787e58
8f4c8bb7823b4a59cce48de2a377d3e28e85f59e
51b3ab8b2f8a28f291c7ff570cc8b605ab7d8ad441b4a5b94ff6206bb2edd4ce
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/rise/css/main_green.css?v=2.1.3 HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 23:08:14 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 28827
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
heypressto.com/wp-content/uploads/2019/01/site_logo_3.png
109.203.109.22200 OK 2.7 kB URL HTTP/1.1 heypressto.com/wp-content/uploads/2019/01/site_logo_3.png
IP 109.203.109.22:0
File type PNG image data, 200 x 65, 8-bit colormap, non-interlaced\012- data
Hash 6878464c96db6a3d6808776d4e6dd7a8
15e71a2abd6af6cb59e0293401c0a28f40b902f0
44c7dd20fa86621483a95fc4929c35c9344946f966b95632fc74479c0c944c56
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/01/site_logo_3.png HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 23:08:22 GMT
Accept-Ranges: bytes
Content-Length: 2699
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
heypressto.com/wp-content/themes/rise/fonts/rise-icomoon.woff?6xplcw
109.203.109.22200 OK 11 kB URL HTTP/1.1 heypressto.com/wp-content/themes/rise/fonts/rise-icomoon.woff?6xplcw
IP 109.203.109.22:0
File type Web Open Font Format, TrueType, length 10884, version 1.0\012- data
Hash 7fa39b7cde4128f0c3c094930b4cbf2e
e45e07103c0e8b5d5dbfed807c87c761d5cfab63
830998305182fa43321deeff76e8a81bdc5fd8e5ba009de9dc499935b90ce369
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/rise/fonts/rise-icomoon.woff?6xplcw HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://heypressto.com/wp-content/themes/rise/css/main_green.css?v=2.1.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 23:08:14 GMT
Accept-Ranges: bytes
Content-Length: 10884
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff
heypressto.com/wp-content/themes/rise/thrive-dashboard/css/font/Roboto.ttf
109.203.109.22200 OK 91 kB URL HTTP/1.1 heypressto.com/wp-content/themes/rise/thrive-dashboard/css/font/Roboto.ttf
IP 109.203.109.22:0
File type TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob\012- data
Hash 8ba80bf72e7d56103c24a70f66afe6f5
a7f3f08408a98004195c77d2182e31d8c5c2abf6
eb655381ce5524b26cdb3277d9a6d5e51883d48f468a8b7d4526cb1627487ee0
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/themes/rise/thrive-dashboard/css/font/Roboto.ttf HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/wp-content/themes/rise/css/main_green.css?v=2.1.3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 23:08:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: font/ttf
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c37604a6880f4afb12af019efeadc20e
9197dfad083403cc25e1a16f5c4953727e97f14e
a03a41326606ebf074cfa18fd8f8311bd78c3292afd1817f6bbd98f99e102e8f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2299
Cache-Control: max-age=119839
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:27:59 GMT
Etag: "6374a833-1d7"
Expires: Fri, 18 Nov 2022 09:45:18 GMT
Last-Modified: Wed, 16 Nov 2022 09:06:59 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11722
Expires: Thu, 17 Nov 2022 03:43:21 GMT
Date: Thu, 17 Nov 2022 00:27:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11722
Expires: Thu, 17 Nov 2022 03:43:21 GMT
Date: Thu, 17 Nov 2022 00:27:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11722
Expires: Thu, 17 Nov 2022 03:43:21 GMT
Date: Thu, 17 Nov 2022 00:27:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F341e5945-39b4-44e2-a1dc-be4e70577262.jpeg
34.120.237.76200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F341e5945-39b4-44e2-a1dc-be4e70577262.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3afa84bffe8905e9191085d281a89637
0c7ae87051649d5fc46578e59484600c9184b59b
7a7e00b0359058de64cb45fbb7e54b279dab70ba81d23c267697fda0e157f2f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F341e5945-39b4-44e2-a1dc-be4e70577262.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4055
x-amzn-requestid: 1b786b76-b4bf-480f-ad87-f024bffa73b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOUE8wIAMFi_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-4524317071a87c374d0884c3;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: o1r-ZlYD51CedvMlPKbKDwX-qsFjVy9s-KatKheGFiGOz8dYbYmKyg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:34:18 GMT
age: 10421
etag: "0c7ae87051649d5fc46578e59484600c9184b59b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee2cedc4-bd6c-4494-bc78-ba14a0b3a572.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee2cedc4-bd6c-4494-bc78-ba14a0b3a572.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d4da2a7ed4e9274282b10738f66857a
62efe751a0385ee47843d73ea530547784a16b9f
8f0e8166ab62270e1ce662ebf7a070b876954c70228c41baf764b7d4b2a0310e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee2cedc4-bd6c-4494-bc78-ba14a0b3a572.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 15246
x-amzn-requestid: 6a611bf2-7509-4438-ab86-c6f66851e304
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdeo-HDiIAMFqGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ede39-4ef8f6ec54bc7c97155b6277;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 23:43:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bcIm1F2NS0oFk9MpJv6EJPJHEOCYY5k4bNHZHip3LNdtwtIQBCQuLg==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 17:02:10 GMT
age: 26749
etag: "62efe751a0385ee47843d73ea530547784a16b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d32fa3866dd741de610a61a93ad893
4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e
4492338de536cfae6fb42fd37170c60f4fbc281a2a924efe6d2b5af352cd102c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1b43b0-5ba1-4c6c-9a53-bfae9befdd7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6344
x-amzn-requestid: cac35b04-be3b-4ae1-bb5e-8cedcd7a7db4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: btqOVFCXIAMFcOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63755728-45c28fa333b748520be29b57;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 21:33:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: mhgNSp1_LsVmn00ULm116flMHpnfE6G6JABrJwXH5i4q-isv_W1-Ig==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 21:34:18 GMT
age: 10421
etag: "4cb2141b1ef1e5bf19a3b355995dcd8fa36f695e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b2dd353-ed33-475b-bbea-0866ae79e89d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b2dd353-ed33-475b-bbea-0866ae79e89d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c6864a5b9da3a00e25d3db8112bf0c0
71274834c30ed4432ef2115df976ea83f3dc64ff
b75f151bc9e28677fba7265effc8af2f85afe1e36b8fcaae7659b6d3ff25332c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b2dd353-ed33-475b-bbea-0866ae79e89d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11511
x-amzn-requestid: 2e5984b3-54a6-4aa0-9761-7aad857ec77b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bt3ezGlhIAMFWWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63756c5e-5cbdb8b949d8a4354554a55a;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 23:03:58 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: lfO5ybfFTgMHRq2KCt5XkhzXyyOraYOpqKg7bkPYwLhAMlICUd1C7g==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 23:14:39 GMT
etag: "71274834c30ed4432ef2115df976ea83f3dc64ff"
content-type: image/jpeg
age: 4400
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd5bdc050716bb76afe8090fc81617e7
5109c156b180727767fc03c411190ccc0d3fb5fc
9b13e7838946c6654dda17886c2ca8d42de934acb93f4bddb1008dfa1bd1ea99
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZLWa-RphwZqiAmeqffmEE8Mmfsfs9ZYz0bmANBEc5Ru1--VKDL4Fsw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 15:50:08 GMT
age: 31071
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3274e328-97d1-436f-aba8-e3e4edf54678.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3274e328-97d1-436f-aba8-e3e4edf54678.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6ecd5b004151480ceaefba3d6e1caf7b
326d0b4fb411eba0010cd792d8a414994e7fb0e6
1ad70a0ff83168d95c9ce5f0554370977a744a83d708646370541f793c9df756
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3274e328-97d1-436f-aba8-e3e4edf54678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8051
x-amzn-requestid: bae03776-8be7-4eb0-872e-eb5eef224c05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bn2pWH7sIAMF75Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637304a2-68128ac72ea1101169bbc3e1;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 03:16:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dJuN7cHGMh0QUfQhiAOJx1z6nYb5BwPYtLSfnMH5ckgpsFnJ1PZNxQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Wed, 16 Nov 2022 12:16:46 GMT
age: 43873
etag: "326d0b4fb411eba0010cd792d8a414994e7fb0e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3343d106acee3c360eadd289cf838ec2
bfab23b7851802648575536c131995a757501f8a
f3c58de82d1fd092e18dc483b7399dc7bdf287e8de336b9772c6ce6ffc213861
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2355
Cache-Control: max-age=131068
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:27:59 GMT
Etag: "6374d3d8-1d7"
Expires: Fri, 18 Nov 2022 12:52:27 GMT
Last-Modified: Wed, 16 Nov 2022 12:13:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
heypressto.com/wp-content/uploads/2019/01/cropped-logo_green-on-green_512-32x32.jpg
109.203.109.22200 OK 1.0 kB URL HTTP/1.1 heypressto.com/wp-content/uploads/2019/01/cropped-logo_green-on-green_512-32x32.jpg
IP 109.203.109.22:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 32x32, components 3\012- data
Hash f1183e1c9defff93bc8797023589368b
6bb44bc64018053daab9706763692a9e9b669963
c5f8596a59d4361a0e24e0ecdd98375cb89b5d5671458c54225d0ad3fd416b5e
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/01/cropped-logo_green-on-green_512-32x32.jpg HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 23:08:22 GMT
Accept-Ranges: bytes
Content-Length: 1004
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/jpeg
heypressto.com/wp-content/uploads/2019/01/cropped-logo_green-on-green_512-192x192.jpg
109.203.109.22200 OK 4.5 kB URL HTTP/1.1 heypressto.com/wp-content/uploads/2019/01/cropped-logo_green-on-green_512-192x192.jpg
IP 109.203.109.22:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 192x192, components 3\012- data
Hash b6db6b8285afe8fe4988c8979a37a825
e429b3ac582ec56f94bcf80260474620ef8debe6
946921a00570f9a4f18e2de5a309dfc7b96c931bab322e845a7a26c6cf9fac19
Analyzer Verdict Alert mnemonic_dns Sinkholed
quad9 Sinkholed
GET /wp-content/uploads/2019/01/cropped-logo_green-on-green_512-192x192.jpg HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Last-Modified: Thu, 21 Oct 2021 23:08:22 GMT
Accept-Ranges: bytes
Content-Length: 4509
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3343d106acee3c360eadd289cf838ec2
bfab23b7851802648575536c131995a757501f8a
f3c58de82d1fd092e18dc483b7399dc7bdf287e8de336b9772c6ce6ffc213861
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2355
Cache-Control: max-age=131068
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:27:59 GMT
Etag: "6374d3d8-1d7"
Expires: Fri, 18 Nov 2022 12:52:27 GMT
Last-Modified: Wed, 16 Nov 2022 12:13:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c37604a6880f4afb12af019efeadc20e
9197dfad083403cc25e1a16f5c4953727e97f14e
a03a41326606ebf074cfa18fd8f8311bd78c3292afd1817f6bbd98f99e102e8f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2299
Cache-Control: max-age=119839
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:27:59 GMT
Etag: "6374a833-1d7"
Expires: Fri, 18 Nov 2022 09:45:18 GMT
Last-Modified: Wed, 16 Nov 2022 09:06:59 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
badges.instagram.com/static/images/ig-badge-view-24.png
31.13.72.53404 Not Found 21 kB URL HTTP/2 badges.instagram.com/static/images/ig-badge-view-24.png
IP 31.13.72.53:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8012)
Hash 8f4ecb58c60af8ec8bf6816d511c55cb
a5f0a6939be71ffab23c92f7f0fe99c04cc124dd
1e193fce991893191d9c9087ba8f8d0343cd7a244511e31460c2141c2f79c436
GET /static/images/ig-badge-view-24.png HTTP/1.1
Host: badges.instagram.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
date: Thu, 17 Nov 2022 00:27:59 GMT
vary: Accept-Language
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-frame-options: SAMEORIGIN
content-security-policy: report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.fbsbx.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://i.instagram.com/graphql_www https://graphql.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com https://*.i.instagram.com https://*.od.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com https://*.fbsbx.com; object-src 'none'; upgrade-insecure-requests
cross-origin-embedder-policy-report-only: require-corp;report-to="coep"
report-to: {"group": "coep", "max_age": 86400, "endpoints": [{"url": "/security/coep_report/"}]},{"group": "coop", "max_age": 86400, "endpoints": [{"url": "/security/coop_report/"}]}
origin-trial: AuqWincgAuXeuu3KypEMnrrFEJHySaesyJS3EaIH40zvafzrU0Irhb7+5QwZpOqMZrPTjgvFl7Z5jJgy1dNAcQMAAAB6eyJvcmlnaW4iOiJodHRwczovL2luc3RhZ3JhbS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjEzNDExNjYyLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop"
x-content-type-options: nosniff
x-xss-protection: 0
x-ig-push-state: c2
x-aed: 73
access-control-expose-headers: X-IG-Set-WWW-Claim
x-ig-request-elapsed-time-ms: 21
x-ig-peak-time: 1
content-length: 20955
x-ig-origin-region: odn
x-fb-trip-id: 1512268381
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
badges.instagram.com/static/images/ig-badge-view-sprite-24.png
31.13.72.53404 Not Found 21 kB URL HTTP/2 badges.instagram.com/static/images/ig-badge-view-sprite-24.png
IP 31.13.72.53:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8012)
Hash 8f4ecb58c60af8ec8bf6816d511c55cb
a5f0a6939be71ffab23c92f7f0fe99c04cc124dd
1e193fce991893191d9c9087ba8f8d0343cd7a244511e31460c2141c2f79c436
GET /static/images/ig-badge-view-sprite-24.png HTTP/1.1
Host: badges.instagram.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
content-type: text/html; charset=utf-8
date: Thu, 17 Nov 2022 00:27:59 GMT
vary: Accept-Language
strict-transport-security: max-age=31536000
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-frame-options: SAMEORIGIN
content-security-policy: report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.fbsbx.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://i.instagram.com/graphql_www https://graphql.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com https://*.i.instagram.com https://*.od.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com https://*.fbsbx.com; object-src 'none'; upgrade-insecure-requests
cross-origin-embedder-policy-report-only: require-corp;report-to="coep"
report-to: {"group": "coep", "max_age": 86400, "endpoints": [{"url": "/security/coep_report/"}]},{"group": "coop", "max_age": 86400, "endpoints": [{"url": "/security/coop_report/"}]}
origin-trial: AuqWincgAuXeuu3KypEMnrrFEJHySaesyJS3EaIH40zvafzrU0Irhb7+5QwZpOqMZrPTjgvFl7Z5jJgy1dNAcQMAAAB6eyJvcmlnaW4iOiJodHRwczovL2luc3RhZ3JhbS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjEzNDExNjYyLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop"
x-content-type-options: nosniff
x-xss-protection: 0
x-ig-push-state: c2
x-aed: 73
access-control-expose-headers: X-IG-Set-WWW-Claim
x-ig-request-elapsed-time-ms: 17
x-ig-peak-time: 1
content-length: 20955
x-ig-origin-region: odn
x-fb-trip-id: 1512268381
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yt/l/en_US/JGSM2yXjSKh.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 24 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3iEpO4/yt/l/en_US/JGSM2yXjSKh.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (42048)
Hash 3051900d03a657ddbbc9afa8ac11cdbd
557f26734897e137a6678f6d2a81672fc6a34ad2
038035ce01be57324c7e251c8834229b4910f27e3a042912fd7276947e5750df
GET /rsrc.php/v3iEpO4/yt/l/en_US/JGSM2yXjSKh.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 12 Nov 2023 16:50:26 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: MFGQDQOmV927ya+orBHNvQ==
x-fb-debug: c7nrDkNnSaCX61EBkOtSa+HjucdRYczp6U7FAC2Gu39GjNPNa9sFiOfPZypMbH8ldGb7YZGXIONxTo3WpH8qmg==
priority: u=3,i
content-length: 23455
x-fb-trip-id: 1904183273
date: Thu, 17 Nov 2022 00:27:59 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/btaDQ5Gdk3p.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 5.2 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yg/l/0,cross/btaDQ5Gdk3p.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (4431)
Hash d791c3274e3625c59fe6d2e22ea8a09b
b4261de246785716750ba7693e62d029c3eadc09
fdfd106c42f16d93caf2f35a13f5bb007fe219695c86633630a641c1afcf0993
GET /rsrc.php/v3/yg/l/0,cross/btaDQ5Gdk3p.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 16 Nov 2023 16:24:36 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 15HDJ042JcWf5tLiLqigmw==
x-fb-debug: 3zXFLu2j/TKwYh2J5vIRshejOFrz1cI+e4+ot/V+T4LPwvTrKgernagnHFi1TcDnK4m2k+ek3ztAUB1iDp24Ag==
content-length: 5243
x-fb-trip-id: 1904183273
date: Thu, 17 Nov 2022 00:27:59 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 827 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (724)
Hash 29973cf3b0ef9f16fe31ed981b2f6573
f22eb80b89b5e0ae9ace854aab6676d56eaef6a1
476822c80e0a0ee078edb7a74db59378f8b1d43d2de844e28a9e9c2f68a4c8d8
GET /rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 03 Nov 2023 20:06:17 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KZc887Dvnxb+Me2YGy9lcw==
x-fb-debug: U8RJgKUtHGLUiQk9HHpA+IRcULT5qX+DuwPkFrA1TVl4/mz6+76fzZ9YDejeZlR7UxuiL1amRZ0p3hU19KekzQ==
priority: u=3,i
content-length: 827
x-fb-trip-id: 1904183273
date: Thu, 17 Nov 2022 00:27:59 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yS/r/DEaHQMKxWBP.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 91 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yS/r/DEaHQMKxWBP.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (18622)
Hash e939eadda5d7c9dd60450eb6fd816eb0
fd1b642357823cb1b21ae46e5c61a7488e203c1c
4c96ac797fe700732ccba8775a5a630eaafa1f03d81b2a2d48700fb29c3083a6
GET /rsrc.php/v3/yS/r/DEaHQMKxWBP.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 13 Nov 2023 00:40:06 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 6Tnq3aXXyd1gRQ62/YFusA==
x-fb-debug: ZGkiPC9htvbQfN9ZFpsYXVtS4qzygxZqQ+3H9theQUhSPGMb7wKCJwLwA8PQrk945Ih2wstteMKC4Lo8uTTCjQ==
content-length: 91128
x-fb-trip-id: 1904183273
date: Thu, 17 Nov 2022 00:27:59 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3343d106acee3c360eadd289cf838ec2
bfab23b7851802648575536c131995a757501f8a
f3c58de82d1fd092e18dc483b7399dc7bdf287e8de336b9772c6ce6ffc213861
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2355
Cache-Control: max-age=131068
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:27:59 GMT
Etag: "6374d3d8-1d7"
Expires: Fri, 18 Nov 2022 12:52:27 GMT
Last-Modified: Wed, 16 Nov 2022 12:13:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2FHeypressto&width=292&height=32&colorscheme=light&show_faces=false&header=false&stream=false&show_border=false
31.13.72.36200 OK 14 kB URL HTTP/2 www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2FHeypressto&width=292&height=32&colorscheme=light&show_faces=false&header=false&stream=false&show_border=false
IP 31.13.72.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (17239)
Hash 5cacb0aa00f467715d535df8c7fad176
19f1fff49699912a766a6f926dde4ab86034449a
d581a534dccbbc0ee393c4af51f7baabcd758d8a60febed8a2c3882e935d4a6d
GET /plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2FHeypressto&width=292&height=32&colorscheme=light&show_faces=false&header=false&stream=false&show_border=false HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 9Az80TBjHP+tE0Tnjd9UWLQoFHdzkVPlccZB9J/SwcC3OoYCq/sEIrBQXNiuLDxe0J+ugIZ/awzzeih9UQmIfg==
date: Thu, 17 Nov 2022 00:27:59 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
platform.linkedin.com/in.js?_=1668644878317
23.36.76.121200 OK 163 kB URL HTTP/2 platform.linkedin.com/in.js?_=1668644878317
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (41594)
Size 163 kB (163354 bytes)
Hash 56acbbd23835162d92b97b7a4b221579
d3d8696aa8daa30da5cef06b612f3ed06ad1da07
83fae66d7056b7f2bcdad83ca390a90d8409ca9610f844d2fc54d128f5273a2d
GET /in.js?_=1668644878317 HTTP/1.1
Host: platform.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Play
expires: Thu, 17 Nov 2022 00:41:56 GMT
cache-control: public, max-age=3600
content-encoding: gzip
content-type: text/javascript; charset=UTF-8
content-length: 163354
x-li-fabric: prod-lor1
x-li-pop: prod-lor1-x
x-li-proto: http/1.1
x-li-uuid: AAXtnwSjhoA9tWui/D2idA==
date: Thu, 17 Nov 2022 00:28:00 GMT
vary: Accept-Encoding
x-cdn-client-ip-version: IPV4
x-cdn: AKAM
X-Firefox-Spdy: h2
platform.twitter.com/widgets.js?_=1668644878316
151.101.84.157200 OK 29 kB URL HTTP/2 platform.twitter.com/widgets.js?_=1668644878316
IP 151.101.84.157:0
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 2df2f01e0c50f93a363cd2121f336b8e
f2c4d94859575123d0b1056f0338982eb094c60f
2cf6d15fc44a8c4387114a5a20174ae75515d43840cde361e64bf1a75e676585
GET /widgets.js?_=1668644878316 HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 19:43:37 GMT
cache-control: public, max-age=1800
content-type: application/javascript; charset=utf-8
etag: "6633f9603c759c40d9b200995454f17c+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 17 Nov 2022 00:28:00 GMT
x-served-by: cache-iad-kcgs7200106-IAD, cache-bma1657-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 29221
X-Firefox-Spdy: h2
assets.pinterest.com/js/pinit.js
151.101.84.84200 OK 203 B URL HTTP/2 assets.pinterest.com/js/pinit.js
IP 151.101.84.84:0
File type ASCII text, with very long lines (361), with no line terminators
Hash 62d32c28f14783b94192cd8d35bc010d
78c1ba11e104bbd01a07225d0f8c41d7712094d4
e823b68f75484d37c74ebb652e2a5b183a1b65c43f1592985e519a8cabc44b2e
GET /js/pinit.js HTTP/1.1
Host: assets.pinterest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "62d32c28f14783b94192cd8d35bc010d"
content-encoding: br
content-type: application/javascript; charset=utf-8
x-cdn: fastly
alt-svc: h3=":443";ma=600,h3-29=":443";ma=600,h3-27=":443";ma=600
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 86400
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=300
date: Thu, 17 Nov 2022 00:28:00 GMT
content-length: 203
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 939f6551db2c6cde7754abfdd69e966e
3595cf0ad37dc6b82b86a3dd1df616399b2f1b06
4db09cda4b193500d7274115e9bacba46e5ebcb51273ea9ea3def44c017117f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:28:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/js/plusone.js?onload=onLoadCallback&_=1668644878318
142.250.74.174200 OK 21 kB URL HTTP/2 apis.google.com/js/plusone.js?onload=onLoadCallback&_=1668644878318
IP 142.250.74.174:0
File type ASCII text, with very long lines (1279)
Hash 725431e43487bfbd212987827321fd27
a3d0d83a569b1b87d15c1d1f37ecb18674a0dde2
1b1cc4dd84fd2bc2745c0eee7771853d33dee1ec13ed9f836db4c52fb08c46e7
GET /js/plusone.js?onload=onLoadCallback&_=1668644878318 HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 20990
date: Thu, 17 Nov 2022 00:28:00 GMT
expires: Thu, 17 Nov 2022 00:28:00 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "476fae9eaad70322"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fheypressto.com
151.101.84.157200 OK 105 kB URL HTTP/2 platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fheypressto.com
IP 151.101.84.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash 2c908e4df66c813c91eb41dd02376079
29df916bd525b6e273f6a62adb7d6df80789edfb
767b670476dae60cf2ddfda9bf3695fd9be641e1a338564b0d23b80cedaed567
GET /widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fheypressto.com HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 19:36:59 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 17 Nov 2022 00:28:00 GMT
x-served-by: cache-iad-kiad7000167-IAD, cache-bma1657-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 105445
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 1b43631817b375ad10d08b6fd9ff9249
ca2988f207b07f60e4204c701e127f84a69a5446
d61ac811e9c087f7fe5a9baeaf3065ac313c1e777f169cf91516ef4b83304f1f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:28:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
apis.google.com/u/0/_/widget/render/person?usegapi=1&width=273&href=https%3A%2F%2Fplus.google.com%2F104610199245640687546&layout=landscape&rel=author&origin=https%3A%2F%2Fheypressto.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
142.250.74.174301 Moved Permanently 226 B URL HTTP/2 apis.google.com/u/0/_/widget/render/person?usegapi=1&width=273&href=https%3A%2F%2Fplus.google.com%2F104610199245640687546&layout=landscape&rel=author&origin=https%3A%2F%2Fheypressto.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
IP 142.250.74.174:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4df07581948280a6e769a24c5d99d775
843a2c95362347eb8894a6acb607f139be65ded4
3561b93a48d81fac116ccd6e60163bd382abb1d594c81240f5718feb1f197f73
GET /u/0/_/widget/render/person?usegapi=1&width=273&href=https%3A%2F%2Fplus.google.com%2F104610199245640687546&layout=landscape&rel=author&origin=https%3A%2F%2Fheypressto.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__ HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
location: http://developers.google.com/
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 17 Nov 2022 00:28:00 GMT
expires: Thu, 17 Nov 2022 00:58:00 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash f323ee2feeecb607e49e928c6c27e62e
bd107107e27917029982c69267284dde6e741e12
dd088d893c1b1165ffdfa0cd2915338750c3231453d81ea1852f14e052381e8e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1660
Cache-Control: max-age=104769
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:28:00 GMT
Etag: "63746fd5-13a"
Expires: Fri, 18 Nov 2022 05:34:09 GMT
Last-Modified: Wed, 16 Nov 2022 05:06:29 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 314
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash b8b0259899cf8becd5c5e23e5ee49e90
0ad8799541d4416d893c89c72113ee113709fea4
bb5d7111e0bb601fc3842e20ddf8465c84fb5ee2eb034f85c8c538022366f279
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:28:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
heypressto.com/wp-admin/admin-ajax.php
109.203.109.22200 OK 1.0 kB URL HTTP/1.1 heypressto.com/wp-admin/admin-ajax.php
IP 109.203.109.22:0
File type JSON data\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4136), with no line terminators
Hash f83666fcd9b8871ad645536ec506ad3b
139fcee31cc7c3cd397abbafa15ebe5227d3b431
43a43e5cd309773a500346b3411bce0cc1a261bf07b4f058a0b047e8e4bfc527
Analyzer Verdict Alert fortinet Malware
mnemonic_dns Sinkholed
quad9 Sinkholed
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: heypressto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 210
Origin: https://heypressto.com
Connection: keep-alive
Referer: https://heypressto.com/tuso/?qbot.zip
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 17 Nov 2022 00:27:59 GMT
Server: Apache
Access-Control-Allow-Origin: https://heypressto.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex
X-Content-Type-Options: nosniff
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1015
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8
syndication.twitter.com/settings?session_id=9c71b7f16eb2c30bc9d4fc3049f8bfb9c60aed15
104.244.42.200200 OK 374 B URL HTTP/2 syndication.twitter.com/settings?session_id=9c71b7f16eb2c30bc9d4fc3049f8bfb9c60aed15
IP 104.244.42.200:0
File type JSON data\012- , ASCII text, with very long lines (913), with no line terminators
Hash 925c2a7587f39436ea29513221652474
695b7f2f3d99f407bcdfd0b372db0e28193cc60c
62e36e14e5c219119cb51c3cdf43a2005512a1bd6ebf2d68d0c610a2e6e3ef0f
GET /settings?session_id=9c71b7f16eb2c30bc9d4fc3049f8bfb9c60aed15 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 17 Nov 2022 00:27:59 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Thu, 17 Nov 2022 00:28:00 GMT
content-length: 374
content-encoding: gzip
x-transaction-id: 3dadb09c7e180120
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 105
x-connection-hash: e18d2e106bc831a0396585edf5b51c0b42be0ca15b3fdf4653cf82e749a63d60
X-Firefox-Spdy: h2
platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
151.101.84.157200 OK 2.4 kB URL HTTP/2 platform.twitter.com/js/button.d2f864f87f544dc0c11d7d712a191c1f.js
IP 151.101.84.157:0
File type ASCII text, with very long lines (7017), with no line terminators
Hash dd0db11eb64751c6c3b8cecfb5b77f2f
b79a753d0bc720adbbd9f566f11764dd0e1cbe2c
c80ffb7bf5d6d523bd483d7eeba3b3334d25ee8d66ddba80eaf448d07da2e2ff
GET /js/button.d2f864f87f544dc0c11d7d712a191c1f.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 19:36:52 GMT
cache-control: public, max-age=315360000
content-type: application/javascript; charset=utf-8
etag: "7bb2d17ac20be3bd6ec1079356afecd9+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 17 Nov 2022 00:28:00 GMT
x-served-by: cache-iad-kiad7000153-IAD, cache-bma1657-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 2362
X-Firefox-Spdy: h2
platform.twitter.com/widgets/follow_button.644279d1635fd969e87af94a98bd232b.en-gb.html
151.101.84.157200 OK 15 kB URL HTTP/2 platform.twitter.com/widgets/follow_button.644279d1635fd969e87af94a98bd232b.en-gb.html
IP 151.101.84.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (26401)
Hash 1220d0814b241add84c3a425a35675fd
d875f29c7e802a33ae94b85838d39abcc2bace87
acc30923bd5a98e48ca33822c8d23068fcfd0c19c85770e157608c26d16c5431
GET /widgets/follow_button.644279d1635fd969e87af94a98bd232b.en-gb.html HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 02 Nov 2022 19:36:53 GMT
cache-control: public, max-age=315360000
content-type: text/html; charset=utf-8
etag: "7caff8d8d12f66a4000871452f39f09d+gzip"
content-encoding: gzip
access-control-allow-methods: GET
access-control-allow-origin: *
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
accept-ranges: bytes
date: Thu, 17 Nov 2022 00:28:00 GMT
x-served-by: cache-iad-kjyo7100135-IAD, cache-bma1657-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
tw-cdn: FT
content-length: 15134
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f65bbeba59ba5e31638a17325798582f
4e544597bb0593697cec412fb97217899add2d96
adc5670dce70829fcd1edfa5c47f3bf14ee0ee7eb1e090a62818e679b91585d6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:28:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
142.250.74.99200 OK 4.3 kB URL HTTP/2 ssl.gstatic.com/accounts/o/1832714284-postmessagerelay.js
IP 142.250.74.99:0
File type ASCII text, with very long lines (2267)
Hash 3f7502705229ccec9d066c5cd75e6c31
ede1663155afaa5a5213d075e6295c6d839b05c3
2be5113d3022d1819a19f327235d287a2538a03741fc08ccd9d55cc1d78b6282
GET /accounts/o/1832714284-postmessagerelay.js HTTP/1.1
Host: ssl.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-length: 4294
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 18:48:12 GMT
expires: Thu, 16 Nov 2023 18:48:12 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 12 Nov 2022 01:08:55 GMT
content-type: text/javascript
age: 20388
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f65bbeba59ba5e31638a17325798582f
4e544597bb0593697cec412fb97217899add2d96
adc5670dce70829fcd1edfa5c47f3bf14ee0ee7eb1e090a62818e679b91585d6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 17 Nov 2022 00:28:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fheypressto.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
216.58.207.237200 OK 401 B URL HTTP/2 accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fheypressto.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__
IP 216.58.207.237:0
Hash ae396e6f52ca9ab71cc7a324cedbd103
97804e932b670dc3f8de69705dfd8857af8da3ec
40b6bdb2612255c078d80ce263d7cc26fdc449db31eed47cfa75a09330eb4269
GET /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fheypressto.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.P0B2vZm_jJk.O%2Fd%3D1%2Frs%3DAHpOoo_nmCaDbrwZCe_WiNZEgKVKQ-FnSA%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 17 Nov 2022 00:28:00 GMT
content-security-policy: script-src 'nonce-UDilMNB7CpEs2Gy07oYZSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport, require-trusted-types-for 'script';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.linkedin.com/cws/member/public_profile?public_profile_url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fchartreuse-green-420735103&format=inline&xdOrigin=https%3A%2F%2Fheypressto.com&xdChannel=b0890aeb-aab2-4db3-9dd7-69955e6a59e3&xd_origin_host=https%3A%2F%2Fheypressto.com
13.107.42.14404 Not Found 8.0 kB URL HTTP/2 www.linkedin.com/cws/member/public_profile?public_profile_url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fchartreuse-green-420735103&format=inline&xdOrigin=https%3A%2F%2Fheypressto.com&xdChannel=b0890aeb-aab2-4db3-9dd7-69955e6a59e3&xd_origin_host=https%3A%2F%2Fheypressto.com
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash e3d465526df999d34bbebcca57b69597
aa704a640acacd184758295c31a4494d1cd4dee0
1669df9afbb36bc8fefaecf6f203b046c6ea79a40fdd347239ac709651480f13
GET /cws/member/public_profile?public_profile_url=https%3A%2F%2Fwww.linkedin.com%2Fin%2Fchartreuse-green-420735103&format=inline&xdOrigin=https%3A%2F%2Fheypressto.com&xdChannel=b0890aeb-aab2-4db3-9dd7-69955e6a59e3&xd_origin_host=https%3A%2F%2Fheypressto.com HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heypressto.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html
content-encoding: gzip
expires: Thu, 01 Jan 1970 00:00:00 GMT
etag: W/"636196e7-4e1a6"
set-cookie: bcookie="v=2&df7115f2-1640-4ef2-864e-88397d28b902"; Domain=.linkedin.com; Expires=Fri, 17-Nov-2023 00:28:00 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202211170028002966ffc2-49fd-4dab-8981-95b19b074fabAQHPDWTR0whDzQma3ZxNt0fClRbfJtKY"; Domain=.www.linkedin.com; Expires=Fri, 17-Nov-2023 00:28:00 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2Njg2NDQ4ODA7MjswMjFbBIVvpJJ0oQU6Jsmomdb/YcmjweAAfpw+adeCoR1crw==; Domain=.linkedin.com; Expires=Tue, 16 May 2023 00:28:00 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2419:u=1:x=1:i=1668644880:t=1668731280:v=2:sig=AQFaXwuXdyn9v5alhKrO3P-iA8Sycv8u"; Expires=Fri, 18 Nov 2022 00:28:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
content-security-policy: default-src *; connect-src 'self' media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXtn6lcB3EkS0/vHrAw+Q==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: B4645C7375A148979F6842277C21F614 Ref B: OSL30EDGE0507 Ref C: 2022-11-17T00:28:00Z
date: Thu, 17 Nov 2022 00:27:59 GMT
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 0 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
GET /rsrc.php/v3/yR/r/bPhRbIw5d4Y.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 09 Nov 2023 00:22:00 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 37KShYF/ynsGi6DsmKojkg==
x-fb-debug: Obg/zZxOT723xBEW9ad6GT+fE5a68QhD51O/aRxgpFfeE/IHu9t9v6hrg8LwrneoqMg3KlmnfO9Vu/TVbzaJWQ==
priority: u=3,i
content-length: 16262
x-fb-trip-id: 1904183273
date: Thu, 17 Nov 2022 00:27:59 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 0 B URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
GET /rsrc.php/v3/y6/r/8LoDHCcRMmF.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 09 Nov 2023 00:18:49 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: B2XXbXRnFhVtU9Nu5vgINg==
x-fb-debug: XIWAxIz1YPVrSnxdvo/LtlhQx09jgH6AWVB5gz/W4A1O8CeYZhZFwKbd/jC58B6BnsZReYMsjsRLmKdLjfkFDw==
priority: u=3,i
content-length: 12369
x-fb-trip-id: 1904183273
date: Thu, 17 Nov 2022 00:27:59 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2