detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 01 Dec 2022 01:11:48 GMT
Age: 2156
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15165
Expires: Thu, 01 Dec 2022 06:00:30 GMT
Date: Thu, 01 Dec 2022 01:47:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1117b400ee2ac7fa1b3bdee7d30c844f
b69e56f5cafae748749f8f327eeb365be16d663e
96e44d184e1bcf86381a34daad2d9c51148cd60981eda5549271859d2a5fdddb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "96E44D184E1BCF86381A34DAAD2D9C51148CD60981EDA5549271859D2A5FDDDB"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12012
Expires: Thu, 01 Dec 2022 05:07:57 GMT
Date: Thu, 01 Dec 2022 01:47:45 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 42 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 91c4fdb1d6aa4ea8a38cd8a3f11bf2ce
24da52bef1edd941174b69a97a4c72703d7bcd64
ed48d30d4ce9de9f64a6f09c632d94c3b5369a0e440a95e01de7b33bc6999811
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: Lh1QDxABdS2oOnuLcVFOoiU_GzLiEAor58Ad2p0dPTmCEcXqfbEAFA==
content-encoding: gzip
via: 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 01:41:36 GMT
age: 369
content-type: application/json
content-length: 41575
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18174
Expires: Thu, 01 Dec 2022 06:50:39 GMT
Date: Thu, 01 Dec 2022 01:47:45 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YIxNLR1+26d5J+/IQzY17pflPznjnSxQ+hZO9nk5T2PDtbl7A00oPAWawOZpUYOxFCSAs/tGDU8=
x-amz-request-id: 98RHHYT93Y82YNZ9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 00:56:17 GMT
age: 3088
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4564
Cache-Control: max-age=122378
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:45 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 11:47:23 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 01:19:45 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1680
alt-svc: clear
X-Firefox-Spdy: h2
crestcreations.com/
172.104.53.45301 Moved Permanently 162 B IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:45 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bec75288561194de9cfe42aad08d7e6c
c7da5041ee5f93bf23b3fdde3c3e1bd1304aa9c0
20e3a862e68606ee23e832ccd86186a5bc8cad9c5a1c179a15c670ca6e698db3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4606
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:45 GMT
Last-Modified: Thu, 01 Dec 2022 00:30:59 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 01 Dec 2022 01:11:48 GMT
Age: 2157
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 01:08:56 GMT
cache-control: public,max-age=3600
age: 2329
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4551
Cache-Control: max-age=117297
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:45 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:22:42 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
52.32.119.77200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP 52.32.119.77:0
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 01 Dec 2022 01:47:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
push.services.mozilla.com/
54.203.75.56101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.203.75.56:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 93DXileI1cYomh2wJsn0EQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7LH+1cKqsh1VsQUph2kFRegOLdk=
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5184e56ded7938821770699234de56e9
b600d9fc7c90feb214c3fe877e556cc4aaa3e1f5
8f078aba2bb820684572bd1e9051ec8a0c5313011994436ff84b2eb513c80e74
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 01:47:46 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 17:02:18 GMT
Expires: Mon, 05 Dec 2022 17:02:17 GMT
Etag: "b600d9fc7c90feb214c3fe877e556cc4aaa3e1f5"
Cache-Control: max-age=399870,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7728281f0875b4f3-OSL
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221669859128039%22
34.102.187.140200 OK 22 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221669859128039%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (21675), with no line terminators
Hash b85678a7dad901c6724444f9d87b4926
86cd1eeacb5e85cecf7c3948718cd1f4360f1d83
f40fae6a86577a3867f3dc3911543aca1b3c50b8b8a3263950398d9abfd2891f
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221669859128039%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21675
via: 1.1 google
date: Thu, 01 Dec 2022 01:47:02 GMT
cache-control: public,max-age=3600
last-modified: Thu, 01 Dec 2022 01:45:28 GMT
content-type: application/json
age: 44
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669811837825&_since=%221666204638208%22
34.102.187.140200 OK 6.9 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669811837825&_since=%221666204638208%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (6883), with no line terminators
Hash 8a5e09f5fb8417b5618e87d18d325721
c48523de09554c2dcb2cd6241bfeeaaec2803fb8
515c738bf239a57be380cb1cfe70051112b0218858fcbc9843702c7801ea60be
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669811837825&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 6883
via: 1.1 google
date: Thu, 01 Dec 2022 01:01:59 GMT
cache-control: public,max-age=3600
age: 2747
last-modified: Wed, 30 Nov 2022 12:37:17 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: ZFwmV0gNoLHxz3Yrx00gkqXQ/ECVjaYbj+KfPwTZrlVI40w9MZYg9klsXRpfLpnxhcuM4jXcE7/qORTy0y/49Q==
x-amz-request-id: W0Z762V3P0ENQ3GD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 01:45:28 GMT
age: 138
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22
34.102.187.140200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (1480), with no line terminators
Hash e563d51764592a817781ea1fbd3028b0
2462cc129770122bcc912c6b60d7573902db9eca
6f520bb82b2e9d58553fc5b1af75e8fcc6033d8f47f91faf2aeab6455a038f0a
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1480
via: 1.1 google
date: Thu, 01 Dec 2022 01:27:33 GMT
cache-control: public,max-age=3600
age: 1213
last-modified: Wed, 30 Nov 2022 16:36:43 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: EEZgk1jVVuqD1yKV5nLRVJZ5uPevgouECYqdg+a4T5Ejio2sjUYwCwTgAFhM2g9XuJjYg73DPnQ=
x-amz-request-id: W8R6QPVXJ0FWRVVV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 01:44:40 GMT
age: 186
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669753108374&_since=%221666279968541%22
34.102.187.140200 OK 58 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669753108374&_since=%221666279968541%22
IP 34.102.187.140:0
File type ASCII text, with very long lines (57458), with no line terminators
Hash dcfc37993dda8c99e223b85579875f72
2bbba05bce6648ca9429ae920261f57e98affa43
45cf39a996855fbea909dc4170a427bd88252bb0a85b965ea3cddaeaf49ebd3b
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669753108374&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 57458
via: 1.1 google
date: Thu, 01 Dec 2022 00:31:03 GMT
cache-control: public,max-age=3600
age: 4603
last-modified: Tue, 29 Nov 2022 20:18:28 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669736690606&_since=%221666483264567%22
34.102.187.140200 OK 51 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669736690606&_since=%221666483264567%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (51208), with no line terminators
Hash 9afaeae9d1527c87128e50461d2a6ef5
bde6a4638ccd5cb5a276909de5ee7fd8dfbf1f92
457c31b4e64a3d3482a8800d0fecdfa79a444dbf9e3aea58787756922629f6b2
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669736690606&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 51208
via: 1.1 google
date: Thu, 01 Dec 2022 01:27:57 GMT
cache-control: public,max-age=3600
age: 1189
last-modified: Tue, 29 Nov 2022 15:44:50 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
34.102.187.140200 OK 681 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Hash 01e6d8f0887454b033cd3d4cdb2f39f8
befee34a8f5c745b16752b061fdaa701e209ac8c
68f4889979f90605fd4fe35053efa202a5ced22b40bf321f51a2d7e97d49fbdc
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Thu, 01 Dec 2022 01:19:45 GMT
cache-control: public,max-age=3600
age: 1681
last-modified: Sun, 27 Nov 2022 16:36:54 GMT
etag: "1669567014153"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
34.102.187.140200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (1504), with no line terminators
Hash b480aba9ecded00911f29a626460b51a
ab390c2fdec3566f044afc6441e0bead2c854c3a
045742eee1dfc1cb13696b18f5e657dac32df0bcac9650e85d623547cda6a393
GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1504
via: 1.1 google
date: Thu, 01 Dec 2022 01:00:38 GMT
cache-control: public,max-age=3600
age: 2828
last-modified: Sun, 27 Nov 2022 16:36:43 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
34.102.187.140200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Hash 26b3a5820cb75c442a39a3f8c56a1212
241fb08f23be561100840e18bcff0e6ed9c053df
95ee3ea4b37a3cec84225b31fc5aca4d885d816233eba2292055663714138340
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Thu, 01 Dec 2022 01:23:59 GMT
cache-control: public,max-age=3600
age: 1428
last-modified: Wed, 23 Nov 2022 16:36:44 GMT
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 33f732b4dfbd5fb3ed7345eba2896fe6
2652f214cf7127302cc65b1d4e42f48a80907d5d
904ce722469d356f8ec20c14bd51ca3ce459012ea0869f7d14821a963310a494
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9811
Expires: Thu, 01 Dec 2022 04:31:18 GMT
Date: Thu, 01 Dec 2022 01:47:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9811
Expires: Thu, 01 Dec 2022 04:31:18 GMT
Date: Thu, 01 Dec 2022 01:47:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9811
Expires: Thu, 01 Dec 2022 04:31:18 GMT
Date: Thu, 01 Dec 2022 01:47:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d0219e6bee2a28f003f396f872eecf0
b3d22d146c6094cb539de40a72b9c5a140802ee5
41c1b037e8e654c19f36b74cceccd1fc841cc9fb7de39ac552ab5089dc3e82db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7609
x-amzn-requestid: 1a464872-7c15-42d3-a12a-f344adf99662
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91PHVUoAMFf4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-3f77f387752222b212d6e2a5;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XUcf5sxPRTQEOS_HWPDW5ioStuq1TPMKvKQSRi2kZI5TbTWEVKFfog==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 03:42:48 GMT
age: 79499
etag: "b3d22d146c6094cb539de40a72b9c5a140802ee5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.crestcreations.com/
172.104.53.45200 OK 22 kB IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (8339), with CRLF, CR, LF line terminators
Hash ecc12f65f4fef3b82194f6a5485ce296
f40453361aed4b7fa243c3a39f47e9ec3c9460f6
62fa827e8316ccb10945233dc756e8a5108d4523bc9e3af3b9012212405709c0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/html; charset=UTF-8
content-length: 22206
link: <https://www.crestcreations.com/wp-json/>; rel="https://api.w.org/", <https://www.crestcreations.com/wp-json/wp/v2/pages/11>; rel="alternate"; type="application/json", <https://www.crestcreations.com/>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.0.26, PleskLin
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7837c610-4f38-4ecd-b984-5752ff89a1f8.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7837c610-4f38-4ecd-b984-5752ff89a1f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37004182402c955f288eb1fa8df7aef4
01a07f9a5725f608fafeced7b3d1ebdbcb776c29
c90c80dd5cadbde3fef20a9c4561b1efa47401e5f6bdf64c91246553c50204f0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7837c610-4f38-4ecd-b984-5752ff89a1f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7957
x-amzn-requestid: 54f43d6b-cf41-4067-b459-6b8d98869354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91PGgNIAMF2Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-069ac54c22797a511c69a220;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5et72pBhP9fdm4fNy6V5AJjs7B5N3HUGgaToNJV3LbA59D-0QDAMvw==
via: 1.1 6c90b631453c435bd0022caa657b67e8.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 03:31:51 GMT
age: 80156
etag: "01a07f9a5725f608fafeced7b3d1ebdbcb776c29"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: 9e243a73-18ff-4abf-9b9c-442719960125
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpppFXjoAMFehg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bca3-47620f39181264772d2fb52d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:13:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _v5hatZyEWVRB4Tebygbb-QfE02oaFxE8CRfQsUY7I_ektxE3YeIpw==
via: 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 17:08:01 GMT
age: 31186
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-65419150-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-65419150-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash a8aa0f8492f4d78bf2e1438b5681821a
8c2c27a51099d7bb2b80018429d6b51b4bce620f
ce02cf2e2cb7ec852afb5907d005e35e8d512ac44b3dcd38e62730ef3be92bfd
GET /gtag/js?id=UA-65419150-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 01:47:47 GMT
expires: Thu, 01 Dec 2022 01:47:47 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43550
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 24581
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8802d5080eb35e4052ef31cf7658650
1e78566f2e69268c5f753fb49112ab07aae3eccf
9c96906ee1dea353198c9069fa7e42b100e4fa766e5be8e4d8db036033961086
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4409
x-amzn-requestid: cb422842-e955-4749-8b2a-3c028a09c20f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz7XEE2IAMFY3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd15-3c4d1a6d4d542e81179ea8ba;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zYLCQ4DUQtMklG-T-ATot22PDIUMjnN1wpVkoHBh4Oa3TAyNzTv86g==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:45 GMT
age: 14282
etag: "1e78566f2e69268c5f753fb49112ab07aae3eccf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F350e8884-8903-4779-8a0c-bb74e9168bfb.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F350e8884-8903-4779-8a0c-bb74e9168bfb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4fd5f7a9e04d27654062b3e18b8aecca
07fafbd614cdb49f20bceea29d5e684725d3bdf6
0cb64a9a33f66b92eed5a591b6c368f3d74363941d8876e553a8ea6aaa547590
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F350e8884-8903-4779-8a0c-bb74e9168bfb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4199
x-amzn-requestid: 61981ad5-3560-43e1-a1cd-37f823e89675
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQxoEz5IAMFzQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c80a-291574e42bee51b2523b3920;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fL5AwXN4Kitj3BB3DyYyYfFYk3GRgLvhNNTiQKrDcxPR6mkfzyUuzQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:05:04 GMT
age: 13363
etag: "07fafbd614cdb49f20bceea29d5e684725d3bdf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.crestcreations.com/wp-content/themes/gruene/css/font-awesome.css?ver=6.0.3
172.104.53.45200 OK 5.9 kB URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/font-awesome.css?ver=6.0.3
IP 172.104.53.45:0
File type troff or preprocessor input, ASCII text, with very long lines (372), with CRLF line terminators
Hash a1f38c533a80bfe14ab2fc437516d0a7
24b3584a6389cb080eeb747f3c9c8eaff66820fb
a68553ccb7fac05d8c29107de8587a0881492ed18b98116af1c70be7a23c2e5b
GET /wp-content/themes/gruene/css/font-awesome.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Tue, 21 Jun 2016 11:04:02 GMT
etag: W/"57691f22-7770"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ssl.comodo.com/images/trusted-site-seal.png
34.193.96.49301 Moved Permanently 162 B URL HTTP/2 ssl.comodo.com/images/trusted-site-seal.png
IP 34.193.96.49:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /images/trusted-site-seal.png HTTP/1.1
Host: ssl.comodo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/html
content-length: 162
location: https://ssl.comodoca.com/images/trusted-site-seal.png
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2018/01/CC-NEW-03_1.svg
172.104.53.45200 OK 15 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2018/01/CC-NEW-03_1.svg
IP 172.104.53.45:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 2ea0f778012395870f4f69d347d15874
51169e77b29591577caf02608570d1dd7c6a20d9
4d4a65c022b49fd77eba2a1b02ae943d1e92f9055c018d1b692113f47ecaee58
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/2018/01/CC-NEW-03_1.svg HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/svg+xml
content-length: 14930
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-3a52"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-2.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-2.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/07/content-arrow-2.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-2.png
www.crestcreations.com/wp-content/uploads/2017/07/content-image-1.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/07/content-image-1.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/07/content-image-1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/content-image-1.png
www.crestcreations.com/wp-content/uploads/2017/07/content-image-2.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/07/content-image-2.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/07/content-image-2.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/content-image-2.png
www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-1.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-1.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/07/content-arrow-1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-1.png
www.crestcreations.com/wp-content/uploads/2017/12/embroidery1.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/12/embroidery1.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/12/embroidery1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/embroidery1.png
www.crestcreations.com/wp-content/uploads/2017/12/Slider.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/12/Slider.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/12/Slider.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Slider.png
ocsp.usertrust.com/
172.64.155.188200 OK 2.2 kB IP 172.64.155.188:0
Hash 448fd7232e74f575525805506589c97e
6f104c5df649352b17aca7ed25974dacea697855
64f3864c601d54e9967253b34c493681e4ce400cbb4450bf1f6d9555ec65b771
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 10:12:16 GMT
Expires: Wed, 07 Dec 2022 10:12:15 GMT
Etag: "6f104c5df649352b17aca7ed25974dacea697855"
Cache-Control: max-age=602520,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 241
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7728282c7e3ab509-OSL
www.crestcreations.com/wp-content/themes/gruene/css/jquery.bootstrap-touchspin.css?ver=6.0.3
172.104.53.45200 OK 306 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/jquery.bootstrap-touchspin.css?ver=6.0.3
IP 172.104.53.45:0
Hash 24de97be2b947519e02c1b0d498afe90
b6e1eaa290a8b8994b0a32a623bcc4e5ec7ee139
0d690c10b29f6616a8bd792a789c4b1b2ce9e4cc4c0e1522b81c03bb2068a91b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/css/jquery.bootstrap-touchspin.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
content-length: 306
x-accel-version: 0.01
last-modified: Fri, 12 Feb 2016 13:11:30 GMT
etag: "304-52b9267c90480-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/vector-art.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/12/vector-art.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/12/vector-art.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/vector-art.png
www.crestcreations.com/wp-content/uploads/2017/12/Vector-Artwork.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/12/Vector-Artwork.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/12/Vector-Artwork.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Vector-Artwork.png
www.crestcreations.com/wp-content/uploads/2017/12/Custom-Design-1.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/12/Custom-Design-1.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/12/Custom-Design-1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Custom-Design-1.png
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ec007933be685815085eee0c2032cb56
803d455eb63725964603e83f4d5c9a2e5e33d8d4
2c16066ce45c8082c00186496d6824b4892f561cce48e0b10b7cc2ed0e98ed8b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 12:59:00 GMT
Expires: Mon, 05 Dec 2022 12:58:59 GMT
Etag: "803d455eb63725964603e83f4d5c9a2e5e33d8d4"
Cache-Control: max-age=385270,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7728282c8ddab4f3-OSL
www.crestcreations.com/wp-content/uploads/2017/12/Image-editing.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/12/Image-editing.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/12/Image-editing.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Image-editing.png
www.crestcreations.com/wp-content/uploads/2017/12/Pre-Press.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/12/Pre-Press.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/12/Pre-Press.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Pre-Press.png
www.crestcreations.com/wp-content/uploads/2017/12/Embroidery-services.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/12/Embroidery-services.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/12/Embroidery-services.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Embroidery-services.png
www.crestcreations.com/wp-content/themes/gruene/css/responsive.css?ver=6.0.3
172.104.53.45200 OK 3.0 kB URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/responsive.css?ver=6.0.3
IP 172.104.53.45:0
File type ASCII text, with CRLF line terminators
Hash da6c447a2e11d0c7de391d95a82003c5
5e3eb43f8e5e0968a24ca1022c1e014f40e8f486
dd48122507ce99a3fe5669c4ec33c4c0345cf74b2a51598a75944f313af1763e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/css/responsive.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Fri, 15 Sep 2017 07:54:52 GMT
etag: W/"59bb874c-3a83"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/kingcomposer/assets/css/icons.css?ver=2.9.6
172.104.53.45200 OK 11 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/kingcomposer/assets/css/icons.css?ver=2.9.6
IP 172.104.53.45:0
File type ASCII text, with very long lines (35475)
Hash 84ec22e7de847a487a1ec0720bcd0411
9c83e792c392e140b1e50d5b1fc536f6cb3a2f5f
1e8fbda600e710b5b50d9ebff4af0e14dfdc3a3d5f64019c3f69e600b899863f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/kingcomposer/assets/css/icons.css?ver=2.9.6 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Thu, 19 Apr 2018 12:03:34 GMT
etag: W/"5ad88596-c096"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/revslider/public/assets/fonts/font-awesome/css/font-awesome.css
172.104.53.45200 OK 7.3 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/revslider/public/assets/fonts/font-awesome/css/font-awesome.css
IP 172.104.53.45:0
File type ASCII text, with very long lines (372)
Hash 12a0ee2e8a23fc0cff2f55632747fd29
5dfcc0c1c78c91c9ecd4949688ffb4ecedabbdad
430c44276cb9bf1074d7d6414b4c2132b051f3703d00e84bc883512262b9cb25
GET /wp-content/plugins/revslider/public/assets/fonts/font-awesome/css/font-awesome.css HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: W/"63206513-903d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/css/bootstrap.css?ver=6.0.3
172.104.53.45200 OK 26 kB URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/bootstrap.css?ver=6.0.3
IP 172.104.53.45:0
File type ASCII text, with very long lines (65371)
Hash ba5d711eef92aa98327549379f16d939
3c4013a7e697c9954214f36fef6ae3187ed7d9a7
d2c8f8f9050ff1f7f03b3298055564f8ad0cfe3cc0d7941255b11097ab43391c
GET /wp-content/themes/gruene/css/bootstrap.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Mon, 25 Jul 2016 10:23:30 GMT
etag: W/"5795e8a2-1d970"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/kingcomposer/assets/css/animate.css?ver=2.9.6
172.104.53.45200 OK 10 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/kingcomposer/assets/css/animate.css?ver=2.9.6
IP 172.104.53.45:0
File type ASCII text, with very long lines (36512)
Hash 50e94aaef601716bbb4a0197ac8c199d
b0f9f23c4c3c5ba584143ec295d93cdcb6a8d0e7
97d109b9a298bd69296acddefd79da97637d68ffaaf059666a0fcd4ed33d11cc
GET /wp-content/plugins/kingcomposer/assets/css/animate.css?ver=2.9.6 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Sat, 24 Sep 2016 21:06:50 GMT
etag: W/"57e6eaea-8f89"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
172.104.53.45200 OK 12 kB URL HTTP/2 www.crestcreations.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 172.104.53.45:0
File type ASCII text, with very long lines (11126)
Hash 4def19952bb24fab3811642bfdb32178
3589f25eb56fe703f2c6197a4760ebfd7a7f896b
23b42cf8f3db916731614ec117afa5effea790e877369613404bc5920c9b99cb
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
etag: W/"5fb4e3fe-2bd8"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
142.250.74.35200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Hash e43b535855a4ae53bd5b07a6eeb3bf67
6507312d9491156036316484bf8dc41e8b52ddd9
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.crestcreations.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:55 GMT
expires: Tue, 28 Nov 2023 18:52:55 GMT
cache-control: public, max-age=31536000
age: 197693
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.24
172.104.53.45200 OK 20 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.24
IP 172.104.53.45:0
File type Unicode text, UTF-8 text, with very long lines (12602)
Hash 64d3f1bc920e05e62a739243ef363986
a7b2833ad8bbf5610e02e1e7617c83fe14f4a5cc
ae7eb0d646c2ad4f03497d2ba7f63aa6502f76f9b278c547eaec9cf9046a2f3f
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.24 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: W/"63206513-e245"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.5.1
172.104.53.45200 OK 30 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.5.1
IP 172.104.53.45:0
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Hash 02d7912a95d679645c71c962bcca2b4c
80659e5f519db92e0ae3bf4170cd1264662578ac
4b383cf24594b72daa41f431e7cb39796daab1f3640701097d1883773784ee8f
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.5.1 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Mon, 24 Oct 2022 07:17:59 GMT
etag: W/"63563c27-384e1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ssl.comodoca.com/images/trusted-site-seal.png
34.193.96.49200 OK 9.2 kB URL HTTP/2 ssl.comodoca.com/images/trusted-site-seal.png
IP 34.193.96.49:0
File type PNG image data, 113 x 59, 8-bit/color RGBA, non-interlaced\012- data
Hash 4feb0483d9baea8d00fec981ae1e9d71
3cf4aba6784ed4124745d3f6061287c4829dea8a
24c94b4ab339a9c7c23474bcef3443422d2b99b5d8d2d7d3911296c3ffef4cf2
GET /images/trusted-site-seal.png HTTP/1.1
Host: ssl.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.crestcreations.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 9233
last-modified: Wed, 30 Nov 2022 16:06:34 GMT
expires: Sat, 31 Dec 2022 01:47:48 GMT
cache-control: max-age=2592000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/6.jpg
172.104.53.45200 OK 53 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/6.jpg
IP 172.104.53.45:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Hash 9467e0789235f0bea677c90c80a5e230
843609c989e125433d2c6633f59f2702ece57a3f
c1ad3db67db9a7ae6cb2c7fef0572c1761363e9ec55aec561e34a4a9167042eb
GET /wp-content/uploads/2017/12/6.jpg HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/jpeg
content-length: 53330
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-d052"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/07/icon-2.png
172.104.53.45200 OK 11 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/07/icon-2.png
IP 172.104.53.45:0
File type PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash fe22859bfd5dad480f9ab35dff2da666
7cee7e91d0800a2bc9582b9d4442b4d0e3c5838a
5650c189497dd884094662e550922ee066f9d21fb0b8ca15253f2f8eed683901
GET /wp-content/uploads/2017/07/icon-2.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 11184
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-2bb0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/Web-Designing.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/12/Web-Designing.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/12/Web-Designing.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Web-Designing.png
www.crestcreations.com/wp-content/uploads/2017/07/business-2.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/07/business-2.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/07/business-2.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/business-2.png
www.crestcreations.com/wp-content/uploads/2017/07/business-img.png
172.104.53.45301 Moved Permanently 162 B URL HTTP/1.1 www.crestcreations.com/wp-content/uploads/2017/07/business-img.png
IP 172.104.53.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /wp-content/uploads/2017/07/business-img.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/business-img.png
www.crestcreations.com/wp-content/uploads/2017/12/2.jpg
172.104.53.45200 OK 31 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/2.jpg
IP 172.104.53.45:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Hash e595efa498dde9f416852aaf63c548f2
2da9329911d5d0a6e8ac64dbb0fc510197dc2ece
a4fb46658b2117ef04f17697c97b4e409a4b3083ef71389b1b7ae4d4a18d7163
GET /wp-content/uploads/2017/12/2.jpg HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/jpeg
content-length: 31046
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-7946"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%7CRoboto%3A400%2C500%2C700&subset=latin%2Clatin-ext
142.250.74.106200 OK 48 kB URL HTTP/2 fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%7CRoboto%3A400%2C500%2C700&subset=latin%2Clatin-ext
IP 142.250.74.106:0
Hash c90cd131ce64b4b2959883f9c746be46
17b164d688197e1e0ec87e4488607423f93f2386
0d40b5b65617c7483f2db937a7c1a792a22fd5ef8828cc7a55684688cf4c884e
GET /css?family=Poppins%3A300%2C400%2C500%2C600%2C700%7CRoboto%3A400%2C500%2C700&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 01:47:47 GMT
date: Thu, 01 Dec 2022 01:47:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/revslider/public/assets/fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
172.104.53.45200 OK 77 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/revslider/public/assets/fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 172.104.53.45:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/plugins/revslider/public/assets/fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: font/woff2
content-length: 77160
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: "63206513-12d68"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext%2Cdevanagari&ver=2.9.6
142.250.74.106200 OK 46 kB URL HTTP/2 fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext%2Cdevanagari&ver=2.9.6
IP 142.250.74.106:0
Hash 4ec84113906ff3b4cab32f95c03b0ff6
0fc144c60c6de8c600f72d452fe774b88170c778
371ad5dd3c4609c33a41d5ee4517a83d41dfda9aaab880695a60ca0faaa9acc5
GET /css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext%2Cdevanagari&ver=2.9.6 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 01:47:47 GMT
date: Thu, 01 Dec 2022 01:47:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/5.jpg
172.104.53.45200 OK 48 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/5.jpg
IP 172.104.53.45:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Hash 04ed560545705926a4bcee4fa802ebbf
ba37fd35cd126ae736dd7d211d5aabd1819b4508
76a3e83aba751f3f0e0260212aa4b8d796b9b2a4e27f3a3ccba106467d377988
GET /wp-content/uploads/2017/12/5.jpg HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/jpeg
content-length: 48156
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-bc1c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/1.jpg
172.104.53.45200 OK 28 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/1.jpg
IP 172.104.53.45:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Hash 3455b144c283fc98e37ab129f8324667
dc6602620bba7ea1f083538ed11ae90d33a4f9ba
525a19ab679f15681d3129e31f043a279989f3a3061f9a072596015b042feceb
GET /wp-content/uploads/2017/12/1.jpg HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/jpeg
content-length: 28376
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-6ed8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/3.jpg
172.104.53.45200 OK 29 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/3.jpg
IP 172.104.53.45:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Hash 4ad9d97708eb0c638c3667ff0fa0b0fc
005e2f0ce5a6ba549da54dc793874a9bcac716ee
7fde1e5e12f87edd1ea845b1f1154816e7ff1c87629944435418d50507975f07
GET /wp-content/uploads/2017/12/3.jpg HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/jpeg
content-length: 29428
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-72f4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/07/author-1.png
172.104.53.45200 OK 5.3 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/07/author-1.png
IP 172.104.53.45:0
File type PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 7f7462012ebf4d74f1f3b172a11d0882
9742f2a182cb520746d09a4b2dd55521ba80addb
7786d9ad1c2fb8e8953052b5e42b4d82724b19a3cb921e9763626539ef9dd68c
GET /wp-content/uploads/2017/07/author-1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 5334
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-14d6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
172.104.53.45200 OK 68 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/revslider/public/assets/assets/dummy.png
IP 172.104.53.45:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 2a637d3d825673c0e3462fa4ed9a1c5c
81668d396da22832d75a986407ff10035e0d5899
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
GET /wp-content/plugins/revslider/public/assets/assets/dummy.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 68
x-accel-version: 0.01
last-modified: Tue, 13 Sep 2022 11:10:13 GMT
etag: "44-5e88d0e6f8298"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/07/icon-1.png
172.104.53.45200 OK 9.9 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/07/icon-1.png
IP 172.104.53.45:0
File type PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash 46edd6ed1acf9cddb1ed6118525463e1
40f98d36a5cb2cd897a9f189417661fbf47aad32
3e4059f1192d98cd3f259f24f86e582b5ff03af17370fc24210c1aebff070655
GET /wp-content/uploads/2017/07/icon-1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 9919
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-26bf"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/07/icon-3.png
172.104.53.45200 OK 5.5 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/07/icon-3.png
IP 172.104.53.45:0
File type PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Hash ec8fe17ca98417e1973b5063c3ed8ea1
ea718b1d40b5222b9756d3e3d8cad6688a859caa
5f6be84735b23d6f65e6fc68191d6fbf032dda65dea9c2ca4ed265d36e3b6e8f
GET /wp-content/uploads/2017/07/icon-3.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 5512
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-1588"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/4.jpg
172.104.53.45200 OK 68 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/4.jpg
IP 172.104.53.45:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Hash 255df3bb2e4dbc8a220c3eba89826ba4
48e3b8ec40ed9acedab15a2fe1783eb875a0fbe9
4ddc847f31fd78b4416fc665122e7a922c8167702251f9f69862837a0b17e345
GET /wp-content/uploads/2017/12/4.jpg HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/jpeg
content-length: 67677
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-1085d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-2.png
172.104.53.45200 OK 6.6 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-2.png
IP 172.104.53.45:0
File type PNG image data, 270 x 188, 8-bit/color RGBA, non-interlaced\012- data
Hash 2544724dd13b4c8b197ab633766818c2
380f8e45eaa9103a75774866cc137156df5c606b
fb68ac2e85d87ff7ea90253de7a8fad9bc11d3d4d6285216865ac5fc98efd90a
GET /wp-content/uploads/2017/07/content-arrow-2.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 6632
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-19e8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/07/content-image-2.png
172.104.53.45200 OK 9.1 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/07/content-image-2.png
IP 172.104.53.45:0
File type PNG image data, 1263 x 173, 8-bit/color RGBA, non-interlaced\012- data
Hash dceaa09ea675009611b7a501b26e5495
ced98d72136632f4a45f2dd8653f3b5d301756a1
832bb5c064f7c0589a400cc0d9d8eefedb2769baedc6ee59313da64e1f384f77
GET /wp-content/uploads/2017/07/content-image-2.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 9079
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-2377"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-1.png
172.104.53.45200 OK 4.1 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-1.png
IP 172.104.53.45:0
File type PNG image data, 300 x 125, 8-bit/color RGBA, non-interlaced\012- data
Hash f46e188e24b9b38441327eed7ab5bd2d
c1b36f424940e4437b1fbaabee1544f02a9830b2
40fb2d434771c843427e3f71e5adf08b42848506c4d7df6712cbcde05ba18c2e
GET /wp-content/uploads/2017/07/content-arrow-1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 4148
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-1034"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/Slider.png
172.104.53.45200 OK 19 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/Slider.png
IP 172.104.53.45:0
File type PNG image data, 468 x 556, 8-bit colormap, non-interlaced\012- data
Hash 932dc08d0573f7cb8b5a5e113e9ff118
0ec8f3c39111606c803f57b6d6930307a2aec30c
8b857a239ce984f9c7f6b492dc65d509d4d30719a7003a396b460ffe2a446ce1
GET /wp-content/uploads/2017/12/Slider.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 18933
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-49f5"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
172.104.53.45200 OK 74 kB URL HTTP/2 www.crestcreations.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 172.104.53.45:0
File type ASCII text, with very long lines (65447)
Hash 1d4ab83d3d91e0f617f9a9c788ef703b
fc9fbb85cc72b118b63d5f5d732b72c733993e29
fc93f036ed9c80754fa204ec5bbf3416d704d339f3ddc0d8b2eca735af5f43ac
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
etag: W/"6048e0ac-15db1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/07/content-image-1.png
172.104.53.45200 OK 97 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/07/content-image-1.png
IP 172.104.53.45:0
File type PNG image data, 286 x 531, 8-bit/color RGBA, non-interlaced\012- data
Hash 944888bdff00c3136f95c432a6cc1a47
0ded496b6e05caa44270af2f7df682d0520e173f
1883e41710fa4d4efb9b37d1366635f8148ca3be01674991cd7342c230ffa16f
GET /wp-content/uploads/2017/07/content-image-1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 97125
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-17b65"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/upic-ppai.png
172.104.53.45200 OK 883 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/upic-ppai.png
IP 172.104.53.45:0
File type PNG image data, 1170 x 188, 8-bit/color RGBA, non-interlaced\012- data
Size 883 kB (882942 bytes)
Hash 665cc2faeb7ddaad0de5969ab96fed05
685ebf00b1b0c5992d68aac57d9cbd1d61494809
af8bdd7e8f0db0b7f23dfac1d4bff8055e8d60189f268d5df1b46fce77215f94
GET /wp-content/uploads/2017/12/upic-ppai.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 882942
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-d78fe"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/embroidery1.png
172.104.53.45200 OK 200 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/embroidery1.png
IP 172.104.53.45:0
File type PNG image data, 600 x 414, 8-bit/color RGBA, non-interlaced\012- data
Size 200 kB (199961 bytes)
Hash 1979a85bc3a65634ea8cba0d1f4396a9
0942ac541df0e867372f55f5571784fd5c6281b9
cdb2d25c2da8763ac6ee7ca168bc2ba54fd805e1c75206dc555ca8dac02be07a
GET /wp-content/uploads/2017/12/embroidery1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 199961
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-30d19"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/css/woocommerce.css?ver=6.0.3
172.104.53.45200 OK 16 kB URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/woocommerce.css?ver=6.0.3
IP 172.104.53.45:0
File type Unicode text, UTF-8 text, with very long lines (1148), with CRLF line terminators
Hash 00b0be7df68de9ea4fefe33969a382c8
15daf52c61b0312b17d342c299b831f9c7d8f371
f9aa200a3af64ea02acd187ba9c609ffd2d16fbd62dc2b35242bde2b5e77ec49
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/css/woocommerce.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Fri, 12 Apr 2019 11:56:14 GMT
etag: W/"5cb07cde-f69f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/images/background/pattern-2.png
172.104.53.45200 OK 112 kB URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/images/background/pattern-2.png
IP 172.104.53.45:0
File type PNG image data, 396 x 714, 8-bit/color RGBA, non-interlaced\012- data
Size 112 kB (111778 bytes)
Hash 94795c67c857ef0bc19996fd8f052be7
041244d399f29c62736544f6a22b6a8e3ef286c0
67656e0f476380a3c8a2fe61c654ac190a77999ca37dd5c3041918ac8af32ee8
GET /wp-content/themes/gruene/images/background/pattern-2.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/wp-content/themes/gruene/style.css?ver=6.0.3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: image/png
content-length: 111778
last-modified: Thu, 13 Jul 2017 09:34:20 GMT
etag: "59673e9c-1b4a2"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Poppins:400%2C600%7COpen+Sans:400%7CRoboto:400&display=swap
142.250.74.106200 OK 20 kB URL HTTP/2 fonts.googleapis.com/css?family=Poppins:400%2C600%7COpen+Sans:400%7CRoboto:400&display=swap
IP 142.250.74.106:0
Hash e44112d31f4614382bb0a4b82884d82c
342345363ab708018df345bf178f997f1b0bec47
55011324b6553b039da2931f536918d33c7022c91415aaf6c2f9704e569a2c45
GET /css?family=Poppins:400%2C600%7COpen+Sans:400%7CRoboto:400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 01:47:47 GMT
date: Thu, 01 Dec 2022 01:47:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.5.1
172.104.53.45200 OK 26 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.5.1
IP 172.104.53.45:0
File type ASCII text, with very long lines (10435), with no line terminators
Hash 62acd64780eaa028e1f571c17ba205f3
43002ed9ff5ae7c7b6717f33c0ac51bae1216be2
aba0fc48fff0f60ca9951718149a4114eab49c3f801f492f14818157313bd900
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.5.1 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Mon, 24 Oct 2022 07:17:59 GMT
etag: W/"63563c27-28c3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/Vector-Artwork.png
172.104.53.45200 OK 35 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/Vector-Artwork.png
IP 172.104.53.45:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 911d15ab9d7628efa9c54d49b9307357
57cdf1b3118817a4176debb4d0b1dd5690ede421
5e844c127ded0e07938acc41316f0d904b9f2aaa5c47097f19da82be0d14a9ac
GET /wp-content/uploads/2017/12/Vector-Artwork.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-type: image/png
content-length: 35127
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-8937"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/Image-editing.png
172.104.53.45200 OK 36 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/Image-editing.png
IP 172.104.53.45:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash dac41d66e249137b2e0b97c6133aa726
a7395d4322a55a7ba4954ff1cadba53bc10085e0
5d5598166ea41e028f90b409dc59b9c7b6a2d8e1cbd061fe57511724f35a9380
GET /wp-content/uploads/2017/12/Image-editing.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-type: image/png
content-length: 36398
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-8e2e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/Embroidery-services.png
172.104.53.45200 OK 34 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/Embroidery-services.png
IP 172.104.53.45:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 8eb3064599f9ead39be3a5823c3adb71
0ab79c72a47898e15368b101ff48d5e30ab7f008
aca57124ddb51142b665a6051a970916d23605db857c594d6ae1b0470ed1db33
GET /wp-content/uploads/2017/12/Embroidery-services.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-type: image/png
content-length: 34523
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-86db"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/Pre-Press.png
172.104.53.45200 OK 31 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/Pre-Press.png
IP 172.104.53.45:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash f293a1fcfa44ceb802f5217f6db246b9
4659d583c97733ee0c1028e2e7efe9bf0bf429f1
5937cf2c7cbc31299c73342a06097a87412daa5485c56eff2a0fc1db9f0c6af7
GET /wp-content/uploads/2017/12/Pre-Press.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-type: image/png
content-length: 30798
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-784e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
172.104.53.45200 OK 466 kB URL HTTP/2 www.crestcreations.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 172.104.53.45:0
File type ASCII text, with very long lines (43771)
Size 466 kB (466465 bytes)
Hash 479916d666bcd11f8c14992072be000a
d518bf297d5ade144943d98818a8a7a4885e0d50
7733d19788adb7a2b2ae40d39b5511b98df7ab6bdec5009065ec28bf8fc9ded3
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Mon, 12 Sep 2022 13:21:12 GMT
etag: W/"631f3248-15b64"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/vector-art.png
172.104.53.45200 OK 906 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/vector-art.png
IP 172.104.53.45:0
File type PNG image data, 591 x 383, 8-bit/color RGBA, non-interlaced\012- data
Size 906 kB (906063 bytes)
Hash 1494efc374614049cc7c265b3179456e
c6529207140c28f0d640ecd939d0e66ffd9976f0
60285c1401b476d83cd3d30dcf61265e8e10a790f969da5dc77478fab6dec5a8
GET /wp-content/uploads/2017/12/vector-art.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-type: image/png
content-length: 906063
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-dd34f"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/Custom-Design-1.png
172.104.53.45200 OK 68 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/Custom-Design-1.png
IP 172.104.53.45:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 1818ac071dc10e20dcefcecaeea5c181
77563417d365ffd2dfaa6e6333154e9cdb4d46b6
213ae80824bfe7ffadd72293c3bc8210778db70409163acc92bd62a884c7a91b
GET /wp-content/uploads/2017/12/Custom-Design-1.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-type: image/png
content-length: 68458
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-10b6a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
172.104.53.45200 OK 39 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP 172.104.53.45:0
File type HTML document, ASCII text, with very long lines (12310), with no line terminators
Hash edef05d73f4406151cfd7c635a10a906
b67c6ffd577985c8d16df11ba0237017081a60c5
8c976970fdecb170fd39c9fcdda3368a577edacbcdc9669d0d374d4a09b36f4f
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 07:17:06 GMT
etag: W/"63563bf2-3016"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/js/owl.js?ver=6.0.3
172.104.53.45200 OK 49 kB URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/js/owl.js?ver=6.0.3
IP 172.104.53.45:0
File type ASCII text, with very long lines (360)
Hash 202d09b60f7096b69dbbcdaea5d738af
44033b5ab03606cfd495db41c4b8715d8032e869
54a404857e41d96a405e42ebce88f533e1875e42cd195f9ee8c8de2f6c9a64cd
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/js/owl.js?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2016 08:46:22 GMT
etag: W/"580f1bde-14d37"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/js/jquery.fancybox.pack.js?ver=6.0.3
172.104.53.45200 OK 79 kB URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/js/jquery.fancybox.pack.js?ver=6.0.3
IP 172.104.53.45:0
File type ASCII text, with very long lines (645)
Hash 131e776f39e542bcd5483d68aa91ddcb
1028383a459999a84d324f3df264a2974cc65bef
3676a28455583155639ae587191c06924b7e81936371c6a65f518d67423cb2dd
GET /wp-content/themes/gruene/js/jquery.fancybox.pack.js?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Thu, 13 Jun 2013 20:42:30 GMT
etag: W/"51ba2eb6-5a5f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/revslider/public/assets/assets/loader.gif
172.104.53.45200 OK 2.5 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/revslider/public/assets/assets/loader.gif
IP 172.104.53.45:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash 4b3afb84b2b71ef56df09997a350bd04
accdac8a7abeab0e21c49539aad0a973addb28ef
9034d5d34015e4b05d2c1d1a8dc9f6ec9d59bd96d305eb9e24e24e65c591a645
GET /wp-content/plugins/revslider/public/assets/assets/loader.gif HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.24
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-type: image/gif
content-length: 2545
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: "63206513-9f1"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/jquery.carouFredSel-6.2.1-packed.js?ver=1.8.3
172.104.53.45200 OK 21 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/jquery.carouFredSel-6.2.1-packed.js?ver=1.8.3
IP 172.104.53.45:0
File type ASCII text, with very long lines (19352), with CRLF line terminators
Hash 80afade30801c1aa1ae83727d78d31a5
d847887f1c9111780df10536bbcd3f0c13cafb28
b20a8a73f8927796627d7c8cf060b43bd7358096cd6cb01d2d11196f736c1c74
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/go_portfolio/assets/plugins/jquery.carouFredSel-6.2.1-packed.js?ver=1.8.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Wed, 23 Dec 2020 15:08:50 GMT
etag: W/"5fe35d82-f4f6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.0.0
172.104.53.45200 OK 25 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.0.0
IP 172.104.53.45:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash d93dc9112894cbb04906d23ddb174c51
a40023d429995ba1d1d90a05fdec515739653e8f
b455926f8f12fe88ec39fa2779bcb8b2f8cf466aae11d375adf31b4c2473f0e8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.0.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-85b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 00:46:55 GMT
expires: Thu, 01 Dec 2022 02:46:55 GMT
cache-control: public, max-age=7200
age: 3655
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/cropped-crest_logo-32x32.png
172.104.53.45200 OK 2.3 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/cropped-crest_logo-32x32.png
IP 172.104.53.45:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 1eed90108d4ab26ddf7f4c7aae69ebec
9567e21fe63c9140beb3d61b3fc3cad5c251ebe0
d284ea1b1ed187bb83351fa6fa68c1fe6dbe2acc5eb2fa46fd66aa57ca782d56
GET /wp-content/uploads/2017/12/cropped-crest_logo-32x32.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:50 GMT
content-type: image/png
content-length: 2296
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-8f8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/uploads/2017/12/cropped-crest_logo-192x192.png
172.104.53.45200 OK 26 kB URL HTTP/2 www.crestcreations.com/wp-content/uploads/2017/12/cropped-crest_logo-192x192.png
IP 172.104.53.45:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 09b2818441a3f092c7170788071e3d21
9672b25eca7b40357ad43d079ee2bce5d7d38d3e
ddddcf630bf6c25d3034eebf878597a684525e7dbc58437d9e0b942dcc7c92dd
GET /wp-content/uploads/2017/12/cropped-crest_logo-192x192.png HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:50 GMT
content-type: image/png
content-length: 25607
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-6407"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?ver=3.1.6-wc.7.0.0
172.104.53.45200 OK 34 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?ver=3.1.6-wc.7.0.0
IP 172.104.53.45:0
File type HTML document, ASCII text, with very long lines (21310), with no line terminators
Hash d7723a5eb988e16f6906f1ee87005785
208dad5e6351ccb4ae545ba4b4cb53fde7a6423a
9907b38a61f08b8fff56a4ff8b61cc80a88b1570f629e2fd7c2e8b7401cdafc6
GET /wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?ver=3.1.6-wc.7.0.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-533e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5d950b70d3b1532276ed817249b72618
dca7faf727b8afdd481c8f8bcc3e9129fdadadc3
afe3fbe5f269179e18a66ca806664b7f96b903150b364129e2f2b30087198e34
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-65419150-1&cid=1509196373.1669859269&jid=1781763902&gjid=408239674&_gid=1774710057.1669859269&_u=YGBACUAABAAAACAAI~&z=235182505
64.233.165.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-65419150-1&cid=1509196373.1669859269&jid=1781763902&gjid=408239674&_gid=1774710057.1669859269&_u=YGBACUAABAAAACAAI~&z=235182505
IP 64.233.165.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-65419150-1&cid=1509196373.1669859269&jid=1781763902&gjid=408239674&_gid=1774710057.1669859269&_u=YGBACUAABAAAACAAI~&z=235182505 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.crestcreations.com
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.crestcreations.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 01 Dec 2022 01:47:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.crestcreations.com/wp-includes/js/comment-reply.min.js?ver=6.0.3
172.104.53.45200 OK 1.7 kB URL HTTP/2 www.crestcreations.com/wp-includes/js/comment-reply.min.js?ver=6.0.3
IP 172.104.53.45:0
File type ASCII text, with very long lines (2946)
Hash 59d28ecef618b08d85e642e5160c2ec2
ef5e2ff3bff35b1ea3531e4c627be67098fd67f9
320431979ed53e2c22a44044442370d3db0ca0aab4b587749fe70df13cb046fa
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/comment-reply.min.js?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 12 Sep 2022 13:21:14 GMT
etag: W/"631f324a-ba5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
172.104.53.45200 OK 7.1 kB URL HTTP/2 www.crestcreations.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 172.104.53.45:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash 56a3aeeedb5c8243a2799d4a76c66fbf
f047b7b6bb7785009155584e0f0605e9c30a118c
2338c269d693976b369fea74422ef6118b2f0b3aa1dc771f54749958db73bb17
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 12 Sep 2022 13:21:13 GMT
etag: W/"631f3249-50eb"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6
172.104.53.45200 OK 8.0 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6
IP 172.104.53.45:0
File type ASCII text, with very long lines (17655)
Hash e22a574d8613bb7e907f3591fb37c93a
ed386039edb50293a369f7278ba15ae5c0992805
2f8fb0b127417f9689ece760e0ccbd70e93dd879395e1b746e6a8d1d2d76ad1d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Sat, 13 Jan 2018 22:55:50 GMT
etag: W/"5a5a8e76-44f8"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.0.0
172.104.53.45200 OK 1.0 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.0.0
IP 172.104.53.45:0
File type HTML document, ASCII text, with very long lines (3037), with no line terminators
Hash b66f825abcda9883fcddbc9c149a9ccd
21161badee995b1e8847b5057cba0dc300ba1266
062d1d87477a1ac4d30a33fc831bf23a12c3dc9ae2c1365e858e0092f1ec7cf9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.0.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-bdd"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/js/script.js?ver=6.0.3
172.104.53.45200 OK 3.3 kB URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/js/script.js?ver=6.0.3
IP 172.104.53.45:0
File type ASCII text, with CRLF line terminators
Hash 50adb2fafe7932cd7b7740ad4d77569c
b433682098538f9406dc909c764b13c9eb5aa20d
1f9edeb318cc3da1c6cb2c7f28f8878d8ea90e829b20f4900111712bdaf4e3f5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/js/script.js?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Fri, 17 May 2019 04:08:16 GMT
etag: W/"5cde33b0-41ba"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.0.0
172.104.53.45200 OK 3.7 kB URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.0.0
IP 172.104.53.45:0
File type ASCII text, with very long lines (9115)
Hash 79fcd8c68f455f95f0ee0adf7e1d1d96
120db2815767fd1f235bdb9cb0fdfb51ea6f2b0e
f24c4993d258f5daac516066e9b9ca2aa60b0b298a2da1f47085ae1db158ec86
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.0.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-2525"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 01:47:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.crestcreations.com/wp-content/themes/gruene/js/wow.js?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/js/wow.js?ver=6.0.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/js/wow.js?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Sat, 16 May 2015 17:00:06 GMT
etag: W/"55577796-189c"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/css/flaticon.css?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/flaticon.css?ver=6.0.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/css/flaticon.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Thu, 13 Jul 2017 06:16:40 GMT
etag: W/"59671048-2308"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 07:17:06 GMT
etag: W/"63563bf2-26d1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.0.0
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.0.0
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.0.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-b7a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/kingcomposer/includes/frontend/vendors/prettyPhoto/css/prettyPhoto.css?ver=2.9.6
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/kingcomposer/includes/frontend/vendors/prettyPhoto/css/prettyPhoto.css?ver=2.9.6
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/kingcomposer/includes/frontend/vendors/prettyPhoto/css/prettyPhoto.css?ver=2.9.6 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Tue, 17 May 2016 09:06:02 GMT
etag: W/"573adefa-6a13"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 12 Sep 2022 13:21:14 GMT
etag: W/"631f324a-48b9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-includes/js/masonry.min.js?ver=4.2.2
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-includes/js/masonry.min.js?ver=4.2.2
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: W/"5ee520a7-5e4a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/style.css?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/style.css?ver=6.0.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/style.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Mon, 13 Jun 2022 08:12:16 GMT
etag: W/"62a6f160-1d1ca"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/go_portfolio/assets/css/go_portfolio_styles.css?ver=1.8.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/css/go_portfolio_styles.css?ver=1.8.3
IP 172.104.53.45:0
GET /wp-content/plugins/go_portfolio/assets/css/go_portfolio_styles.css?ver=1.8.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Wed, 14 Jul 2021 05:52:18 GMT
etag: W/"60ee7b92-55b3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.0.0
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.0.0
IP 172.104.53.45:0
GET /wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=7.0.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-f523"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/magnific-popup/magnific-popup.css?ver=1.8.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/magnific-popup/magnific-popup.css?ver=1.8.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/go_portfolio/assets/plugins/magnific-popup/magnific-popup.css?ver=1.8.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Sat, 31 May 2014 10:36:24 GMT
etag: W/"5389b0a8-1e06"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/css/flaticon.css?ver=2.9.6
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/flaticon.css?ver=2.9.6
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/css/flaticon.css?ver=2.9.6 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Thu, 13 Jul 2017 06:16:40 GMT
etag: W/"59671048-2308"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/jquery.touchSwipe.min.js?ver=1.8.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/jquery.touchSwipe.min.js?ver=1.8.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/go_portfolio/assets/plugins/jquery.touchSwipe.min.js?ver=1.8.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Wed, 23 Dec 2020 13:18:24 GMT
etag: W/"5fe343a0-58ff"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/js/appear.js?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/js/appear.js?ver=6.0.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/js/appear.js?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Sun, 08 Feb 2015 19:26:36 GMT
etag: W/"54d7b86c-111b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/js/jquery.fancybox-media.js?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/js/jquery.fancybox-media.js?ver=6.0.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/js/jquery.fancybox-media.js?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Thu, 13 Jun 2013 20:42:30 GMT
etag: W/"51ba2eb6-14b9"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/css/animate.css?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/animate.css?ver=6.0.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/css/animate.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Thu, 07 Apr 2016 15:06:50 GMT
etag: W/"5706778a-13541"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/css/custom.css?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/custom.css?ver=6.0.3
IP 172.104.53.45:0
GET /wp-content/themes/gruene/css/custom.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Thu, 11 Apr 2019 09:17:24 GMT
etag: W/"5caf0624-2df7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/css/gutenberg.css?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/gutenberg.css?ver=6.0.3
IP 172.104.53.45:0
GET /wp-content/themes/gruene/css/gutenberg.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Thu, 11 Apr 2019 07:21:52 GMT
etag: W/"5caeeb10-eec"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/kingcomposer/assets/frontend/css/kingcomposer.min.css?ver=2.9.6
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/kingcomposer/assets/frontend/css/kingcomposer.min.css?ver=2.9.6
IP 172.104.53.45:0
GET /wp-content/plugins/kingcomposer/assets/frontend/css/kingcomposer.min.css?ver=2.9.6 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Sat, 13 Jan 2018 22:55:50 GMT
etag: W/"5a5a8e76-10d5e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.18
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.18
IP 172.104.53.45:0
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.18 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: W/"63206513-1f69c"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP 172.104.53.45:0
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Mon, 24 Oct 2022 07:17:06 GMT
etag: W/"63563bf2-aab"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/go_portfolio/assets/js/go_portfolio_scripts.js?ver=1.8.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/js/go_portfolio_scripts.js?ver=1.8.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/go_portfolio/assets/js/go_portfolio_scripts.js?ver=1.8.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Wed, 14 Jul 2021 05:52:18 GMT
etag: W/"60ee7b92-dbc0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/magnific-popup/jquery.magnific-popup.min.js?ver=1.8.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/magnific-popup/jquery.magnific-popup.min.js?ver=1.8.3
IP 172.104.53.45:0
GET /wp-content/plugins/go_portfolio/assets/plugins/magnific-popup/jquery.magnific-popup.min.js?ver=1.8.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Wed, 23 Dec 2020 15:01:46 GMT
etag: W/"5fe35bda-5e68"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/jquery.isotope.min.js?ver=1.8.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/jquery.isotope.min.js?ver=1.8.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/go_portfolio/assets/plugins/jquery.isotope.min.js?ver=1.8.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Wed, 23 Dec 2020 14:56:36 GMT
etag: W/"5fe35aa4-48ab"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
etag: W/"5ee520a7-15fd"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.24
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.24
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.24 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: W/"63206513-5f392"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/?wc-ajax=get_refreshed_fragments
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/?wc-ajax=get_refreshed_fragments
IP 172.104.53.45:0
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://www.crestcreations.com
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.crestcreations.com
access-control-allow-credentials: true
x-content-type-options: nosniff
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-powered-by: PHP/8.0.26, PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/js/bootstrap.min.js?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/js/bootstrap.min.js?ver=6.0.3
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/gruene/js/bootstrap.min.js?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 25 Jul 2016 10:23:30 GMT
etag: W/"5795e8a2-90b5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.0.0
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.0.0
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=7.0.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-type: text/css
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-4591"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.0.0
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.0.0
IP 172.104.53.45:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.7.0.0 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: application/javascript
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-72a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/css/jquery.fancybox.css?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/jquery.fancybox.css?ver=6.0.3
IP 172.104.53.45:0
GET /wp-content/themes/gruene/css/jquery.fancybox.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Tue, 16 Jun 2015 22:10:32 GMT
etag: W/"55809ed8-1391"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2
www.crestcreations.com/wp-content/themes/gruene/css/owl.css?ver=6.0.3
172.104.53.45200 OK 0 B URL HTTP/2 www.crestcreations.com/wp-content/themes/gruene/css/owl.css?ver=6.0.3
IP 172.104.53.45:0
GET /wp-content/themes/gruene/css/owl.css?ver=6.0.3 HTTP/1.1
Host: www.crestcreations.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-type: text/css
last-modified: Tue, 25 Oct 2016 08:46:22 GMT
etag: W/"580f1bde-1010"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2