firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 09:15:30 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EA8uTeefGLzSu3SplNM_djg4TyZerNCbDmrtNgkQiUKph5W6Tjf1Fw==
Age: 3589
xtc-hair.com/keygen-alias-speedform-2019-exclusive
192.185.117.118301 Moved Permanently 266 B URL HTTP/1.1 xtc-hair.com/keygen-alias-speedform-2019-exclusive
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash c757d6ae301cf8ba00c7a60d943bc762
fe8ba373157b844b09172c50de5e8ad059819144
df26daaa09f36ec03b71499ba3bdd09858c835bdadb5d7c53dc5070cebb84717
Analyzer Verdict Alert fortinet Phishing
GET /keygen-alias-speedform-2019-exclusive HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 27 Sep 2022 10:15:19 GMT
Server: Apache
Location: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive
Content-Length: 266
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2994
Expires: Tue, 27 Sep 2022 11:05:13 GMT
Date: Tue, 27 Sep 2022 10:15:19 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 27 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: TzPbkT7XfRpNafyebI48gVWPlyJsMue7ciwag52EM1EoXWiJLfW1Mw==
age: 3066
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:15:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1abe32b7ebfc84ea789d123b3025f4ba
04deebdec98f5dc23a05910d1d638a5e7d8a1f71
c6af0859def82d74668584e3a894eb60008da06b5e5cbf9264f43d9e97018466
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6AF0859DEF82D74668584E3A894EB60008DA06B5E5CBF9264F43D9E97018466"
Last-Modified: Sun, 25 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21546
Expires: Tue, 27 Sep 2022 16:14:26 GMT
Date: Tue, 27 Sep 2022 10:15:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 10:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 11:02:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DmRkakapUJRj5HnOxcWF61j2xwoLbaBM5BWxOti4ZPKteUpcFbCa5Q==
Age: 274
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5807
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:20 GMT
Last-Modified: Tue, 27 Sep 2022 08:38:33 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.165.143.157101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.165.143.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JqV5nW2EOg2ZRFiSYjLW6g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: GM0enWW1BW8PxTjXx2ka/C90N8Q=
xtc-hair.com/keygen-alias-speedform-2019-exclusive
192.185.117.118301 Moved Permanently 0 B URL HTTP/2 xtc-hair.com/keygen-alias-speedform-2019-exclusive
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /keygen-alias-speedform-2019-exclusive HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
x-pingback: https://xtc-hair.com/xmlrpc.php
x-redirect-by: WordPress
location: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 10:15:20 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Tue, 27 Sep 2022 14:10:15 GMT
Date: Tue, 27 Sep 2022 10:15:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Tue, 27 Sep 2022 14:10:15 GMT
Date: Tue, 27 Sep 2022 10:15:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a6097201b7da81f6e9a6d99a7353a0c
d4240fe80c76013b9f7b6fd09963aa47151b8d6a
519e9b47ddfa1e1fe047f4dc7df88e3011817f88144fcc3853a7984a781c2070
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "519E9B47DDFA1E1FE047F4DC7DF88E3011817F88144FCC3853A7984A781C2070"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14093
Expires: Tue, 27 Sep 2022 14:10:15 GMT
Date: Tue, 27 Sep 2022 10:15:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa70ece15044b7318cb11ae5e37a64e7
04a0665f771562c3e56ac3542abe5bd3c4c1a6b5
8c974283b2ba0058114404af3e4818daa8cc56f270cb8a46f5f2f54de9d2f0e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8255
x-amzn-requestid: 3bf29c4a-406a-4645-ad18-44cd6f05d457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VnFEV-IAMFQMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfc6-3eaa337d1e1c1b6d5e951419;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: X-6P09-hgjmDFe4Y7P1KnXtJAuvJNen8XsBVIexf521SOxMivJ4t7A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 17:53:33 GMT
age: 58909
etag: "04a0665f771562c3e56ac3542abe5bd3c4c1a6b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deb8d1e3b6d7fbc8c8ba478269621676
84f5a4c8b38acde814bc790e5b514347718d5bb9
ed14fa766f0708b4166e83b61f160db5671af430917b7c67184bf18d9208742b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bfe3adc-1955-4f21-9e44-c0bc53a4edc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9163
x-amzn-requestid: 8ccd9b1f-bef9-4591-be32-e6dd98f4ee78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlKpEZrIAMFS1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bdd-4a40b9c8281b64c725fec0f1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:38:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bs6HOUmHOoYKDuzBoVHhcr8d4HP4bBmwUF3EtOmwKXo7ozhfaIYEvw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:07 GMT
age: 45375
etag: "84f5a4c8b38acde814bc790e5b514347718d5bb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d478b7bea64d1a5998967c0a665e6be
b078452d30703ea98ad4a7f7fd411b3e2a42ee71
24158d741732109ae2be7314205ac35f4c8b29785876f2785e8bb0ea906762b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc40a8f8a-3bc7-4223-a676-6960af975ebc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6628
x-amzn-requestid: 0f9703c5-5551-42a6-a77d-cc79af4987e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1B6GYnIAMFYfQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296872-7f7652a01d32fb907c8ebc68;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:14:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1lCA7nBGuXynUhqaMQHCj0hl3LcOkYF3mU99nOxl6eheK6DKzMtB_Q==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:27:42 GMT
age: 31660
etag: "b078452d30703ea98ad4a7f7fd411b3e2a42ee71"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash efaaa002eb6251769ea6dbf306ced3a1
9f99fa947a603fd6b10ff149e379cd04ad83d27a
238e0ca1aa29223416c34ef2dfcc6570c00e27a98991d91efc16e9bc4083c197
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8342bc11-d95e-4085-a7ca-d421aba94a91.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4573
x-amzn-requestid: ff35a66a-caf2-4ff4-b850-01a584fc2aa0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv1B8FzLIAMFSPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296872-5b4a410a2827baf5598d58e7;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:14:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NFjYOqhUeb3yyjMNWpoBNq_xcsX3wXvc3-rqJt4cGbJXY9Sxr5KpDA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 15:24:02 GMT
age: 67880
etag: "9f99fa947a603fd6b10ff149e379cd04ad83d27a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 62e68c3cd08dd94d910507512a67e85f
3d4fa8701f17e8818c25584ef5f04bfbee8440cd
058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13213
x-amzn-requestid: fe9ec409-2757-4910-8443-5b4d3be7efd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlATEp8oAMFd9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b9b-3230e97a4fe34413285eb578;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:37:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kRSg9NTTAgeAJgIZ_C9_rRodCX4bzGduJEvNPNHUya0Moa2vsmWSoQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:38:57 GMT
age: 45385
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5274e770cb5a704916c8965659709f4a
1a26007f761e439db575fb80fb403031260aecf4
e36e8be75c92feb9b416a46c5918356d8f9694894a799b7c10de21034d33d5ef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2517fd65-65c6-43b1-93a6-b1205ba3f0f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7455
x-amzn-requestid: 0887cd56-f324-46cf-a086-709e1c66f354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGBTdHmhoAMFvIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633248e2-42391706084f335228fe3994;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:50:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IWzfDNFlgYdqYnbQ9uWfOvqb5zl3I3mgTZrT5pU5P3EvetMRDN5P7w==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:06:47 GMT
age: 32915
etag: "1a26007f761e439db575fb80fb403031260aecf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xtc-hair.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
192.185.117.118200 OK 17 kB URL HTTP/2 xtc-hair.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (43771)
Hash 2a67a4888baa44de739f3fe56203ce07
da175eae57f26b655747d79f055477e3fee1abb9
3a4d7627476a0099ca4bcc101685f27de04cb49dd66ef842d72c6cda270599dd
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 13 Jul 2022 15:58:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16594
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
i0.wp.com/xtc-hair.com/wp-content/uploads/2016/05/Locations-sm.png?w=750
192.0.77.2200 OK 29 kB URL HTTP/2 i0.wp.com/xtc-hair.com/wp-content/uploads/2016/05/Locations-sm.png?w=750
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1ddae22ff1c78c4fae0baf9f172b7503
548c7a2bdb93e4a2993b7833acf3054e52d4c683
9a5478ba509c6d1ae2b4416354ca5db2344aae7a62cc38e82cc645b47bc8505e
GET /xtc-hair.com/wp-content/uploads/2016/05/Locations-sm.png?w=750 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:15:22 GMT
content-type: image/webp
content-length: 29174
last-modified: Fri, 22 Jul 2022 11:22:09 GMT
expires: Sun, 21 Jul 2024 23:22:09 GMT
cache-control: public, max-age=63115200
link: <http://xtc-hair.com/wp-content/uploads/2016/05/Locations-sm.png>; rel="canonical"
x-content-type-options: nosniff
etag: "f72b84333b327ca1"
vary: Accept
x-nc: HIT arn 3
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/xtc-hair.com/wp-content/uploads/2017/11/xtc-200.jpg?w=451&ssl=1
192.0.77.2200 OK 4.6 kB URL HTTP/2 i0.wp.com/xtc-hair.com/wp-content/uploads/2017/11/xtc-200.jpg?w=451&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 451x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e495a00f48e5dc429fc96aea3a871781
72c64567427b9e91ed315838136326785335df31
03a743711874690a5fedce6297c025cf70d1de70228536f2bf1ff2829d321851
GET /xtc-hair.com/wp-content/uploads/2017/11/xtc-200.jpg?w=451&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:15:22 GMT
content-type: image/webp
content-length: 4598
last-modified: Tue, 09 Aug 2022 15:27:33 GMT
expires: Fri, 09 Aug 2024 03:27:33 GMT
cache-control: public, max-age=63115200
link: <https://xtc-hair.com/wp-content/uploads/2017/11/xtc-200.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "2ab347afe96bf5cf"
vary: Accept
x-nc: HIT arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
xtc-hair.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2
192.185.117.118200 OK 1.3 kB URL HTTP/2 xtc-hair.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (4186), with no line terminators
Hash 91bab39b98d7e5c1632717b9ebe349e4
e639a447d06fc7827be5b5b35d603ff16b5f7bb1
47ff151faeb23a5654f6ec58b404e51193f6714849a69de241c2ee79662f74c6
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 13 Nov 2019 03:58:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1298
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.235
192.185.117.118200 OK 4.5 kB URL HTTP/2 xtc-hair.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.235
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (14979), with no line terminators
Hash f2e41dbf24163bee8e916e6a9621a34e
c6ca67eb47140395068e7622385beaf9b061752f
a56fc9642f0c88d6268cf9fc731fb1ce6f9ce56134e28d3268eca9b19e445f83
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.235 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 29 Jan 2022 23:45:07 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4548
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
192.185.117.118200 OK 3.2 kB URL HTTP/2 xtc-hair.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11256), with no line terminators
Hash 1054d0d53548e8bae51665b11acc6413
2eea6a05fe18db61fff58c431d34a86b3e0b7ade
cb8b0f0f3f871d9776da32ee6d9e1af9277a211be61e97a831c7f8c98fbebfae
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 09 Dec 2020 04:01:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3239
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/themes/spacious/font-awesome/css/font-awesome.min.css?ver=4.7.0
192.185.117.118200 OK 7.1 kB URL HTTP/2 xtc-hair.com/wp-content/themes/spacious/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (30837), with CRLF line terminators
Hash 132393cbbd112512206aa3c468a210ee
7c0a904b30a100e744fa0dce8a5e47079810a4c3
fe7806c8283bc20c74e50713d63b477299130d05d9b0e2391ad5d307f5eb2292
GET /wp-content/themes/spacious/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7119
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-6604786-9
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-6604786-9
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash 121d157f1473b65041c9096dca1ed374
53bff68e743e0ca83b3760706da5023b7088539e
8373359326aa65e4be9dc3bdf5020643dc3f43005f80903aad8bb983e954a4c0
GET /gtag/js?id=UA-6604786-9 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 27 Sep 2022 10:15:22 GMT
expires: Tue, 27 Sep 2022 10:15:22 GMT
cache-control: private, max-age=900
last-modified: Tue, 27 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42250
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5b7b66f5886a12421c3f3970bbf49d5a
13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8
3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?render=6LeQrmEbAAAAAFBa2Ufo_PLvcDe102G8l2XsKiSp&ver=3.0
142.250.74.164200 OK 585 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LeQrmEbAAAAAFBa2Ufo_PLvcDe102G8l2XsKiSp&ver=3.0
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 40244930d0ee16a9ee4bad1147456195
806ed83f71c470c58d1cacd1f4028942cddc9613
dc462ce1fec14b29ccb7d47804dd83ddac1030f4e97307991af96fa6d95bd0d7
GET /recaptcha/api.js?render=6LeQrmEbAAAAAFBa2Ufo_PLvcDe102G8l2XsKiSp&ver=3.0 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 27 Sep 2022 10:15:22 GMT
date: Tue, 27 Sep 2022 10:15:22 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 585
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xtc-hair.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
192.185.117.118200 OK 2.5 kB URL HTTP/2 xtc-hair.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (5092), with no line terminators
Hash 793aed4abaceb0925e60458c8c42d980
6371ef087dee13724484a6cca1feda59c061644e
b43746949f5740fbf14e40489cb2bdee809c5a9d0954a0cf0982a3b4e90467af
GET /wp-content/plugins/tablepress/css/default.min.css?ver=1.14 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 05 Aug 2021 17:41:10 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2462
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.1
192.185.117.118409 Conflict 83 B URL HTTP/2 xtc-hair.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.1
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.1 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.1
192.185.117.118409 Conflict 83 B URL HTTP/2 xtc-hair.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.1
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.1 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/lightweight-social-icons/css/style-min.css?ver=1.1
192.185.117.118200 OK 1.8 kB URL HTTP/2 xtc-hair.com/wp-content/plugins/lightweight-social-icons/css/style-min.css?ver=1.1
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (7989), with no line terminators
Hash 651b107c868611eaf140b8d2efedcf0d
afd2e4f4017cdba568ae9879280fb023cb286188
6d9d93708ba83fc0c491ace3c24846e2148c3feadb47884953094a21a5314b5b
GET /wp-content/plugins/lightweight-social-icons/css/style-min.css?ver=1.1 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 09 Apr 2020 14:24:19 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1753
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xtc-hair.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.6.1
192.185.117.118409 Conflict 83 B URL HTTP/2 xtc-hair.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.6.1
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.6.1 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.7.0
192.185.117.118200 OK 3.8 kB URL HTTP/2 xtc-hair.com/wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.7.0
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1571)
Hash f2694bc14d8b63a7d406f4400b74cca4
eb87c041943667f69b6dc73b1ca12370fff38fb0
28baa20440db143848726898dac1510692b768c9086b97f637cde74db6e96a2a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/google-analytics-dashboard-for-wp/assets/js/frontend-gtag.min.js?ver=7.7.0 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:14 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3848
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
192.185.117.118200 OK 4.6 kB URL HTTP/2 xtc-hair.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (11126)
Hash acdb97105af28a7066790c6748ae2e1e
65794d2c5a9d04f747faf370bc8bacd330e69e5a
dc4efbc4b704b142b5313588c32e56ea56648068a01d2bc596a4eee06b379b5e
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 09 Dec 2020 04:01:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4618
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/themes/spacious/js/skip-link-focus-fix.js?ver=6.0.2
192.185.117.118200 OK 425 B URL HTTP/2 xtc-hair.com/wp-content/themes/spacious/js/skip-link-focus-fix.js?ver=6.0.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 62c10ae379acf345832166577cf721a4
a9d99c17fbe36ee8ed057b181b8a885d2bb88556
8cd627febaae9f8dbdfaca4cb5ed2c298e3d0d6513b3f45478af7bd91fde691b
GET /wp-content/themes/spacious/js/skip-link-focus-fix.js?ver=6.0.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 425
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-includes/js/comment-reply.min.js?ver=6.0.2
192.185.117.118200 OK 1.5 kB URL HTTP/2 xtc-hair.com/wp-includes/js/comment-reply.min.js?ver=6.0.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2946)
Hash 92712acce6ce836d0a929b1800b4f9d6
8157d1380bb1d6dadfd85565dd464bb5b0ed06bd
2f82d181a2cadadf7d898d7f5ea2eb527106fb6413044b55fbfa4fb0081a2e09
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/comment-reply.min.js?ver=6.0.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 May 2022 15:03:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1477
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
192.185.117.118200 OK 2.7 kB URL HTTP/2 xtc-hair.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (6475), with no line terminators
Hash 45bd1d6f7fc3a4069fc6fd400b90c961
903c7e28c7141e9fc1bdb4dfc62d043a97a01e2d
c638a0057b4be0a61cfb65b1860a855a327397e9871f5dde28fa2f138fb394dc
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 May 2022 15:03:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2675
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/themes/spacious/js/navigation.js?ver=6.0.2
192.185.117.118200 OK 3.2 kB URL HTTP/2 xtc-hair.com/wp-content/themes/spacious/js/navigation.js?ver=6.0.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 6e2649475b40aaa23c7933cd4864d49c
b58b3cdfdc538d9199cda602c2cd0ff922ebd3a3
9875d2e52f93962fe242e2f5984210a87304988d3a78b8b10118843d28c6ab7d
GET /wp-content/themes/spacious/js/navigation.js?ver=6.0.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3152
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
192.185.117.118200 OK 5.3 kB URL HTTP/2 xtc-hair.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 May 2022 15:03:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
192.185.117.118200 OK 8.3 kB URL HTTP/2 xtc-hair.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (19138), with no line terminators
Hash e49f0561a452c9d04fb7d1510a23cc8c
9e8fc2e3129da4fe2790eee565a6478b864bea83
ab4f9f418b022ab34d617ee2f95d70afff005ed4d4d92e313ce84a56b40bce75
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 27 May 2022 15:03:42 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 8254
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001
192.185.117.118200 OK 369 B URL HTTP/2 xtc-hair.com/wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (685), with no line terminators
Hash accd80b294f42169b1e447e68bacfffe
40847092d82d78897a8219b270b22838fcc0bb95
35e8294d38f054cd6fbcdef72076443685888546d93b41a596e981a5e9a61552
GET /wp-content/plugins/jetpack/_inc/build/photon/photon.min.js?ver=20191001 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 369
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/wp-facebook-pixel/inc/scripts/nsautilities.min.js
192.185.117.118200 OK 214 B URL HTTP/2 xtc-hair.com/wp-content/plugins/wp-facebook-pixel/inc/scripts/nsautilities.min.js
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 (with BOM) text
Hash d472cbacb37c016041b58772d54ad559
63e1c1aa09aef1189ac568497f4d8b762b3f22b7
ae454e133e079135e984107978953414c24f4a4cee42639af40d60535582b116
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wp-facebook-pixel/inc/scripts/nsautilities.min.js HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 04 Sep 2019 13:31:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 214
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/wp-facebook-pixel/assets/NSAFacebookPixel.min.js
192.185.117.118200 OK 363 B URL HTTP/2 xtc-hair.com/wp-content/plugins/wp-facebook-pixel/assets/NSAFacebookPixel.min.js
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 (with BOM) text, with very long lines (521)
Hash 500545bf22f6760751dcd932bc1ba078
95ff2a360643bb23024055cbb3fac63512dfab45
d1ed998bdee807eacffc3f3313369cbf9033c79ff80e61181caa1c5818c4cfcc
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wp-facebook-pixel/assets/NSAFacebookPixel.min.js HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 04 Sep 2019 13:31:54 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 363
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/wp-gallery-custom-links/wp-gallery-custom-links.js?ver=1.1
192.185.117.118200 OK 536 B URL HTTP/2 xtc-hair.com/wp-content/plugins/wp-gallery-custom-links/wp-gallery-custom-links.js?ver=1.1
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 6f60958d7fc961a2f5e744a081f8a8ac
bb558da62a47b135476a5eb4ee66745d8cd12d7a
4be5234257b239c5e32fd6b5ccebde0b7c6b3af12d732778b090ab0f07bb079d
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wp-gallery-custom-links/wp-gallery-custom-links.js?ver=1.1 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 29 Aug 2017 14:19:48 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 536
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/themes/spacious/js/spacious-custom.js?ver=6.0.2
192.185.117.118200 OK 1.0 kB URL HTTP/2 xtc-hair.com/wp-content/themes/spacious/js/spacious-custom.js?ver=6.0.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash dadc838792cbce3cf9aa041753aed2ef
53d30467a3bffe9d0aad046a72cb33a663304b9a
ce677d1e8b1ddee194459c599dbc87aa43d198ec802f37ed90f0c82d46503f64
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/spacious/js/spacious-custom.js?ver=6.0.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1047
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1658944857
192.185.117.118200 OK 3.2 kB URL HTTP/2 xtc-hair.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1658944857
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash f796610b23c66216e124dcc6c1fa1133
97502795a8059ad1205e9174ff736568d2e2a2b1
c83333221f3e4e154acc1e668679a3b2e77f012a3627354ee26f2a20c716d777
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1658944857 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:00:57 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3245
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/themes/spacious/assets/fonts/Lato-Regular.woff
192.185.117.118200 OK 38 kB URL HTTP/2 xtc-hair.com/wp-content/themes/spacious/assets/fonts/Lato-Regular.woff
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 37580, version 1.104\012- data
Hash 8ed525743dbb32ae4bdb7531d637f7fa
c5f13bf20b52ddbe34ccde18c1d92df8bffefdf3
dff99fb17b5e8fa6ea55c50a6200c824ef0ab3e88b4e06b2284c37d19ac4bf9a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/spacious/assets/fonts/Lato-Regular.woff HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xtc-hair.com/wp-content/themes/spacious/style.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:39 GMT
accept-ranges: bytes
content-length: 37580
content-type: font/woff
date: Tue, 27 Sep 2022 10:15:23 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/themes/spacious/assets/fonts/Lato-Bold.woff
192.185.117.118200 OK 37 kB URL HTTP/2 xtc-hair.com/wp-content/themes/spacious/assets/fonts/Lato-Bold.woff
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 36784, version 1.104\012- data
Hash a9d8f02506c0ea8b1b0ea76ccc485651
94372d3d5222e5601b8a801ba81df80e5c66a7fe
9f8224817f8e13b4047734e58a7a3310b35146bd436752546d04389e4a46d766
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/spacious/assets/fonts/Lato-Bold.woff HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xtc-hair.com/wp-content/themes/spacious/style.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:39 GMT
accept-ranges: bytes
content-length: 36784
content-type: font/woff
date: Tue, 27 Sep 2022 10:15:23 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/lightweight-social-icons/fonts/fontello.woff
192.185.117.118200 OK 23 kB URL HTTP/2 xtc-hair.com/wp-content/plugins/lightweight-social-icons/fonts/fontello.woff
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 23328, version 0.0\012- data
Hash 242e0c93f0f72bde894698405d7a04ab
368cef17895968a3d6a683c43e4cf4175665a757
1b6e0cc5ce7dad5ae275d7ac33c17034f27f801270805bf8d320bab919045a2c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/lightweight-social-icons/fonts/fontello.woff HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xtc-hair.com/wp-content/plugins/lightweight-social-icons/css/style-min.css?ver=1.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 09 Apr 2020 14:24:19 GMT
accept-ranges: bytes
content-length: 23328
content-type: font/woff
date: Tue, 27 Sep 2022 10:15:23 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/themes/spacious/assets/fonts/Lato-Italic.woff
192.185.117.118200 OK 39 kB URL HTTP/2 xtc-hair.com/wp-content/themes/spacious/assets/fonts/Lato-Italic.woff
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 39144, version 1.104\012- data
Hash 5518023c841f1844a49e352831fe011c
ed4952a517498fa4fe5da6e46ee75c73b376cf3a
7ddc8f319db77a7867a106e97b74bfd0f9c94c9612feac09567fee256164688e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/spacious/assets/fonts/Lato-Italic.woff HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://xtc-hair.com/wp-content/themes/spacious/style.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:39 GMT
accept-ranges: bytes
content-length: 39144
content-type: font/woff
date: Tue, 27 Sep 2022 10:15:23 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.1
192.185.117.118409 Conflict 83 B URL HTTP/2 xtc-hair.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.1
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.1 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 27 Sep 2022 10:15:23 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.6.1
192.185.117.118409 Conflict 83 B URL HTTP/2 xtc-hair.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.6.1
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.6.1 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 27 Sep 2022 10:15:23 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
pixel.wp.com/g.gif?v=ext&j=1%3A11.1.2&blog=194744380&post=100113&tz=-4&srv=xtc-hair.com&host=xtc-hair.com&ref=&fcp=3864&rand=0.36251557342847707
192.0.76.3200 OK 50 B URL HTTP/2 pixel.wp.com/g.gif?v=ext&j=1%3A11.1.2&blog=194744380&post=100113&tz=-4&srv=xtc-hair.com&host=xtc-hair.com&ref=&fcp=3864&rand=0.36251557342847707
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&j=1%3A11.1.2&blog=194744380&post=100113&tz=-4&srv=xtc-hair.com&host=xtc-hair.com&ref=&fcp=3864&rand=0.36251557342847707 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:15:23 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/27a1.svg
192.0.77.48200 OK 242 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/27a1.svg
IP 192.0.77.48:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 464b4ad3ec906581bdc288c42780b3c9
7fd81bf366663e16e9f0a60216adc18561a4d50f
8ab75b37e150efe65cdfd300029b88de8355d72c7bbb5d2055f902aeaec3c14d
GET /images/core/emoji/14.0.0/svg/27a1.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:15:23 GMT
content-type: image/svg+xml
content-length: 242
last-modified: Tue, 12 Apr 2022 03:47:50 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cf99681f6f1d6e00e0abca7033eb6219
73261f7daa90ce6fd7a81b10ed7bd762200c3f28
3f4bfe673679f8f0650774c07f8707a7013ac7e1c3e1b3b03e68cbaa5ccc1af6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5375
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:23 GMT
Last-Modified: Tue, 27 Sep 2022 08:45:48 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Tue, 27 Sep 2022 08:41:09 GMT
expires: Tue, 27 Sep 2022 10:41:09 GMT
cache-control: public, max-age=7200
age: 5654
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: VdkqUJzF2GmA2NUUlf/rTtGJrfnDfnhq4PUzaA/u0CeBujfnrs93o9Ojkqmql1Pdx7/zSw9aRDqT3DNYf6c2Hw==
content-length: 26840
x-fb-trip-id: 1679558926
date: Tue, 27 Sep 2022 10:15:23 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/1f4aa.svg
192.0.77.48200 OK 159 kB URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/1f4aa.svg
IP 192.0.77.48:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1219)
Size 159 kB (158932 bytes)
Hash 7b870c4dd03e35f40a0ce452a349c3cb
7204294dca186b175998df0629ea960c9385471f
9dee37bcd0b75689f2ce71861e8899bf8b70afe73e239fdcd76f845f5e312698
GET /images/core/emoji/14.0.0/svg/1f4aa.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:15:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-6604786-9&cid=230389970.1664273722&jid=1188747538&gjid=846015200&_gid=2081652568.1664273722&_u=YEBAAUAAAAAAAC~&z=2082482076
64.233.162.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-6604786-9&cid=230389970.1664273722&jid=1188747538&gjid=846015200&_gid=2081652568.1664273722&_u=YEBAAUAAAAAAAC~&z=2082482076
IP 64.233.162.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-6604786-9&cid=230389970.1664273722&jid=1188747538&gjid=846015200&_gid=2081652568.1664273722&_u=YEBAAUAAAAAAAC~&z=2082482076 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xtc-hair.com
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xtc-hair.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 27 Sep 2022 10:15:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 10:15:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 12:31:58 GMT
expires: Sun, 24 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 251006
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Sep 2022 00:48:31 GMT
expires: Sat, 23 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 379613
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
data.processwebsitedata.com/cscripts/2RHNTvGyN1-630f9b6d.js
69.167.130.71200 OK 12 kB URL HTTP/1.1 data.processwebsitedata.com/cscripts/2RHNTvGyN1-630f9b6d.js
IP 69.167.130.71:0
File type ASCII text, with very long lines (12112), with CRLF line terminators
Hash da4b934ea477dd5cc4ee5c3f6743a983
4dc691d67cfb55527ab8fd4183c3eaf452daf213
0c3bf4832bd454bd0576f61a36981af424de13011c3fb7a6adb94b6ad3474714
GET /cscripts/2RHNTvGyN1-630f9b6d.js HTTP/1.1
Host: data.processwebsitedata.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Microsoft-IIS/10.0
Cache-Control: max-age=600
Content-Type: application/javascript
Date: Tue, 27 Sep 2022 10:15:23 GMT
Accept-Ranges: bytes
ETag: "fe3128f465c8d81:0"
Set-Cookie: X-Mapping-iliahmoa=03554A16AB946F350B86C67CE179B1D6; path=/
Last-Modified: Wed, 14 Sep 2022 18:15:22 GMT
Content-Length: 12114
cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
151.101.85.229200 OK 1.3 kB URL HTTP/2 cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (1460)
Hash 8786cd8041431d860694eed4e4df5493
ad176b25138137c05527a1a93f9b1d2bd9819bb6
2f1ab64452cbd8b4a75b5f778aaadd7f8a9c194ef48c5e2e9132393b68d21a85
GET /npm/cookieconsent@3/build/cookieconsent.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.1.1
x-jsd-version-type: version
etag: W/"135e-3nthfC1sCV/yhiNebPZMMo2hpL8"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Sep 2022 10:15:24 GMT
age: 33468
x-served-by: cache-fra19127-FRA, cache-bma1648-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1299
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
151.101.85.229200 OK 6.8 kB URL HTTP/2 cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (20693), with no line terminators
Hash 58a872ad8da4bad737e618cf78b55feb
1917e7662a1c0d1034c3056c6ebd0e9ae2d542f1
5ddc446ff4623ed98a827c66171c9d5d2809d7f679b0681eb088765e272849bb
GET /npm/cookieconsent@3/build/cookieconsent.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.1.1
x-jsd-version-type: version
etag: W/"50d5-nLraS9YXyGxjjPLr3exyStWWkHs"
content-encoding: gzip
accept-ranges: bytes
date: Tue, 27 Sep 2022 10:15:24 GMT
age: 39688
x-served-by: cache-fra19162-FRA, cache-bma1648-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6756
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 04ee915cd1e862132c5e14f1fad2e6b9
37229560cd07334168da9f829495f1c92f91e743
dbf3e7f19ddfefbde9277bd283c4005f666422c84ae8649d9fd5a7a46e55e22e
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 10:15:24 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "2EFFE14A46B1780B98673A6C6D5E6186ACCB313B"
Expires: Tue, 27 Sep 2022 21:00:00 GMT
Last-Modified: Tue, 27 Sep 2022 09:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 976
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75137a59cf61b518-OSL
www.facebook.com/tr/?id=159612091116662&ev=PageView&dl=https%3A%2F%2Fxtc-hair.com%2Fkeygen-alias-speedform-2019-exclusive%2F&rl=&if=false&ts=1664273722368&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664273722367.1461622540&it=1664273721884&coo=false&rqm=GET
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=159612091116662&ev=PageView&dl=https%3A%2F%2Fxtc-hair.com%2Fkeygen-alias-speedform-2019-exclusive%2F&rl=&if=false&ts=1664273722368&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664273722367.1461622540&it=1664273721884&coo=false&rqm=GET
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=159612091116662&ev=PageView&dl=https%3A%2F%2Fxtc-hair.com%2Fkeygen-alias-speedform-2019-exclusive%2F&rl=&if=false&ts=1664273722368&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.1.1664273722367.1461622540&it=1664273721884&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Tue, 27 Sep 2022 10:15:24 GMT
X-Firefox-Spdy: h2
xtc-hair.com/favicon.ico
192.185.117.118302 Found 0 B IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
link: <https://xtc-hair.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
location: https://xtc-hair.com/wp-includes/images/w-logo-blue-white-bg.png
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 10:15:23 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-includes/images/w-logo-blue-white-bg.png
192.185.117.118200 OK 4.1 kB URL HTTP/2 xtc-hair.com/wp-includes/images/w-logo-blue-white-bg.png
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0
GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Connection: keep-alive
Cookie: _ga=GA1.2.230389970.1664273722; _gid=GA1.2.2081652568.1664273722; _gat_gtag_UA_6604786_9=1; _fbp=fb.1.1664273722367.1461622540
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 11 Jun 2020 03:59:22 GMT
accept-ranges: bytes
content-length: 4119
content-type: image/png
date: Tue, 27 Sep 2022 10:15:25 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/keygen-alias-speedform-2019-exclusive/
192.185.117.118200 OK 0 B URL HTTP/2 xtc-hair.com/keygen-alias-speedform-2019-exclusive/
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /keygen-alias-speedform-2019-exclusive/ HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
x-pingback: https://xtc-hair.com/xmlrpc.php
link: <https://xtc-hair.com/wp-json/>; rel="https://api.w.org/", <https://xtc-hair.com/wp-json/wp/v2/posts/100113>; rel="alternate"; type="application/json", <https://xtc-hair.com/?p=100113>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 27 Sep 2022 10:15:21 GMT
server: Apache
X-Firefox-Spdy: h2
stats.wp.com/e-202239.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /e-202239.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:15:22 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Sun, 17 Sep 2023 22:04:35 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/1f480.svg
192.0.77.48200 OK 0 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/1f480.svg
IP 192.0.77.48:0
GET /images/core/emoji/14.0.0/svg/1f480.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:15:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Tue, 12 Apr 2022 03:47:50 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/themes/spacious/genericons/genericons.css?ver=3.3.1
192.185.117.118200 OK 0 B URL HTTP/2 xtc-hair.com/wp-content/themes/spacious/genericons/genericons.css?ver=3.3.1
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
GET /wp-content/themes/spacious/genericons/genericons.css?ver=3.3.1 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
i0.wp.com/5b0988e595225.cdn.sohucs.com/images/20181030/e7700bb9182d42a0ba3cc31ccfebc662.jpeg?w=750
192.0.77.2200 OK 0 B URL HTTP/2 i0.wp.com/5b0988e595225.cdn.sohucs.com/images/20181030/e7700bb9182d42a0ba3cc31ccfebc662.jpeg?w=750
IP 192.0.77.2:0
GET /5b0988e595225.cdn.sohucs.com/images/20181030/e7700bb9182d42a0ba3cc31ccfebc662.jpeg?w=750 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 10:15:23 GMT
content-type: image/webp
content-length: 266776
last-modified: Tue, 27 Sep 2022 10:15:23 GMT
expires: Thu, 26 Sep 2024 22:15:23 GMT
cache-control: public, max-age=63115200
link: <http://5b0988e595225.cdn.sohucs.com/images/20181030/e7700bb9182d42a0ba3cc31ccfebc662.jpeg>; rel="canonical"
x-content-type-options: nosniff
etag: "9725f2ee5fe0e223"
vary: Accept
x-nc: MISS arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/themes/spacious/style.css?ver=6.0.2
192.185.117.118200 OK 0 B URL HTTP/2 xtc-hair.com/wp-content/themes/spacious/style.css?ver=6.0.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/spacious/style.css?ver=6.0.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:39 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.1.2
192.185.117.118200 OK 0 B URL HTTP/2 xtc-hair.com/wp-content/plugins/jetpack/css/jetpack.css?ver=11.1.2
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/jetpack/css/jetpack.css?ver=11.1.2 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 27 Jul 2022 18:01:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2
xtc-hair.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
192.185.117.118200 OK 0 B URL HTTP/2 xtc-hair.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 192.185.117.118:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: xtc-hair.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xtc-hair.com/keygen-alias-speedform-2019-exclusive/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 21 Jul 2021 03:59:41 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 27 Sep 2022 10:15:22 GMT
server: Apache
X-Firefox-Spdy: h2