Overview

URLcrestcreations.com/
IP 172.104.53.45 (Singapore)
ASN#63949 Linode, LLC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-01 01:48:02 UTC
StatusLoading report..
IDS alerts0
Blocklist alert39
urlquery alerts No alerts detected
Tags None

Domain Summary (22)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ocsp.pki.goog (8) 175 2017-06-14 07:23:31 UTC 2022-11-30 17:12:14 UTC 142.250.74.131
www.google-analytics.com (1) 40 2013-07-28 22:04:32 UTC 2022-11-30 22:10:37 UTC 142.250.74.14
r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-11-30 17:12:16 UTC 23.36.77.32
ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-11-30 20:24:46 UTC 93.184.220.29
firefox.settings.services.mozilla.com (10) 867 2020-06-04 20:08:41 UTC 2022-11-30 17:12:31 UTC 34.102.187.140
ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-11-30 21:13:57 UTC 172.64.155.188
crestcreations.com (1) 0 No data No data 172.104.53.45 Unknown ranking
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-30 23:14:41 UTC 142.250.74.168
ocsp.usertrust.com (1) 899 2012-05-21 15:43:18 UTC 2022-11-30 17:12:14 UTC 172.64.155.188
ssl.comodoca.com (1) 0 2019-07-03 10:48:04 UTC 2022-11-30 19:58:32 UTC 34.193.96.49 Domain (comodoca.com) ranked at: 496
push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-11-30 17:12:17 UTC 54.203.75.56
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-11-30 17:26:07 UTC 34.120.237.76
www.crestcreations.com (104) 0 No data No data 172.104.53.45 Unknown ranking
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-11-30 22:48:06 UTC 142.250.74.35 Domain (gstatic.com) ranked at: 540
detectportal.firefox.com (2) 1601 2017-01-30 00:03:31 UTC 2022-11-30 17:12:10 UTC 34.107.221.82
getpocket.cdn.mozilla.net (1) 1369 2017-08-31 07:41:15 UTC 2022-11-30 17:25:09 UTC 34.120.5.221
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-30 17:13:24 UTC 34.117.237.239
shavar.services.mozilla.com (1) 3602 2017-01-30 05:00:58 UTC 2022-11-30 17:21:59 UTC 52.32.119.77
fonts.googleapis.com (3) 8877 2013-06-10 20:14:26 UTC 2022-11-30 21:05:51 UTC 142.250.74.106
content-signature-2.cdn.mozilla.net (3) 1152 2020-11-03 12:26:46 UTC 2022-11-30 17:19:42 UTC 34.160.144.191
ssl.comodo.com (1) 95321 2014-07-01 09:01:08 UTC 2022-11-30 19:58:32 UTC 34.193.96.49
stats.g.doubleclick.net (1) 96 2013-06-10 20:21:11 UTC 2022-11-30 17:26:15 UTC 64.233.165.157

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-01 2 crestcreations.com/ Malware
2022-12-01 2 www.crestcreations.com/ Malware
2022-12-01 2 www.crestcreations.com/wp-content/uploads/2018/01/CC-NEW-03_1.svg Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/css/jquery.bootstrap-touchs (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/css/responsive.css?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/kingcomposer/assets/css/icons.css (...) Malware
2022-12-01 2 www.crestcreations.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Malware
2022-12-01 2 www.crestcreations.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/css/woocommerce.css?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/woocommerce/packages/woocommerce- (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/js/owl.js?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/jquer (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/frontend/wo (...) Malware
2022-12-01 2 www.crestcreations.com/wp-includes/js/comment-reply.min.js?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/kingcomposer/assets/frontend/js/k (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/frontend/ad (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/js/script.js?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/jquery-bloc (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/js/wow.js?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/css/flaticon.css?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/contact-form-7/includes/swv/js/in (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/frontend/ca (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/kingcomposer/includes/frontend/ve (...) Malware
2022-12-01 2 www.crestcreations.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-includes/js/masonry.min.js?ver=4.2.2 Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/style.css?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/magni (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/css/flaticon.css?ver=2.9.6 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/jquer (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/js/appear.js?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/js/jquery.fancybox-media.js (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/css/animate.css?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/js/go_portfol (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/go_portfolio/assets/plugins/jquer (...) Malware
2022-12-01 2 www.crestcreations.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/revslider/public/assets/js/rs6.mi (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/themes/gruene/js/bootstrap.min.js?ver=6.0.3 Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/css/woocommerc (...) Malware
2022-12-01 2 www.crestcreations.com/wp-content/plugins/woocommerce/assets/js/js-cookie/j (...) Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.104.53.45
Date UQ / IDS / BL URL IP
2023-01-28 07:48:40 +0000 0 - 0 - 4 clients.crestcreations.com/ 172.104.53.45
2023-01-23 06:47:51 +0000 0 - 0 - 42 crestcreations.com/ 172.104.53.45
2023-01-23 03:47:52 +0000 0 - 0 - 39 crestcreations.com/ 172.104.53.45
2023-01-22 06:47:52 +0000 0 - 0 - 41 crestcreations.com/ 172.104.53.45
2023-01-22 06:46:09 +0000 0 - 0 - 1 promoaws.com/ 172.104.53.45


Last 5 reports on ASN: Linode, LLC
Date UQ / IDS / BL URL IP
2023-01-30 10:24:11 +0000 0 - 1 - 0 kompas-navigasi.co.id/wp-content/uploads/2018 (...) 139.162.52.11
2023-01-30 10:24:04 +0000 0 - 1 - 0 kompas-navigasi.co.id/wp-content/uploads/2018 (...) 139.162.52.11
2023-01-30 10:23:58 +0000 0 - 1 - 0 kompas-navigasi.co.id/wp-content/uploads/2019 (...) 139.162.52.11
2023-01-30 10:04:27 +0000 0 - 0 - 1 admin.classified.pointsource.ng/a3et6u5dw.rar 139.162.200.189
2023-01-30 10:04:21 +0000 0 - 1 - 1 admin.classified.pointsource.ng/a3et6u5dw.rar 139.162.200.189


Last 5 reports on domain: crestcreations.com
Date UQ / IDS / BL URL IP
2023-01-28 07:48:40 +0000 0 - 0 - 4 clients.crestcreations.com/ 172.104.53.45
2023-01-23 06:47:51 +0000 0 - 0 - 42 crestcreations.com/ 172.104.53.45
2023-01-23 03:47:52 +0000 0 - 0 - 39 crestcreations.com/ 172.104.53.45
2023-01-22 06:47:52 +0000 0 - 0 - 41 crestcreations.com/ 172.104.53.45
2023-01-22 00:48:37 +0000 0 - 0 - 9 clients.crestcreations.com/ 172.104.53.45


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-23 06:47:51 +0000 0 - 0 - 42 crestcreations.com/ 172.104.53.45
2023-01-22 06:47:52 +0000 0 - 0 - 41 crestcreations.com/ 172.104.53.45
2023-01-19 03:47:51 +0000 0 - 0 - 41 crestcreations.com/ 172.104.53.45
2023-01-17 04:47:52 +0000 0 - 0 - 39 crestcreations.com/ 172.104.53.45
2023-01-17 03:47:50 +0000 0 - 0 - 41 crestcreations.com/ 172.104.53.45

JavaScript

Executed Scripts (47)

Executed Evals (1)
#1 JavaScript::Eval (size: 24123) - SHA256: 9427b28bccd70e88ae216329d97b400e65432ac4f65058d19e7f713c9a5007d8
var kc_front = (function($) {
    jQuery.extend(jQuery.easing, {
        easeInOutQuart: function(x, t, b, c, d) {
            if ((t /= d / 2) < 1) return c / 2 * t * t * t * t + b;
            return -c / 2 * ((t -= 2) * t * t * t - 2) + b
        },
    });
    var v = $(window);
    var w = v.height();
    v.resize(function() {
        w = v.height();
        kc_front.row_action(true)
    });
    $.fn.kc_parallax = function() {
        var c = $(this),
            el_top;
        c.each(function() {
            el_top = c.offset().top
        });

        function update() {
            var b = v.scrollTop();
            c.each(function() {
                var a = $(this),
                    top = a.offset().top,
                    height = a.outerHeight(true);
                if (top + height < b || top > b + w || c.data('kc-parallax') !== true) return;
                c.css('backgroundPosition', "50% " + Math.round((el_top - b) * 0.4) + "px")
            })
        }
        v.on('scroll resize', update).trigger('update')
    };
    $.fn.viewportChecker = function(d) {
        var f = {
            classToAdd: 'visible',
            offset: 100,
            callbackFunction: function(a) {}
        };
        $.extend(f, d);
        var g = this,
            w = $(window).height();
        this.checkElements = function() {
            var c = ((navigator.userAgent.toLowerCase().indexOf('webkit') != -1) ? window : 'html'),
                viewportTop = $(c).scrollTop(),
                viewportBottom = (viewportTop + w);
            g.each(function() {
                var a = $(this);
                if (a.hasClass(f.classToAdd) && f.classToAdd != '') {
                    return
                }
                var b = Math.round(a.offset().top) + f.offset,
                    elemBottom = b + (a.height());
                if ((b < viewportBottom) && (elemBottom > viewportTop) && this.done != true) {
                    a.addClass(f.classToAdd);
                    f.callbackFunction(a)
                }
            })
        };
        $(window).scroll(this.checkElements);
        this.checkElements();
        $(window).resize(function(e) {
            w = e.currentTarget.innerHeight
        })
    };
    $(document).ready(function($) {
        kc_front.init($)
    });
    return {
        win_height: 0,
        win_width: 0,
        body: $('body'),
        init: function() {
            $('section[data-kc-parallax="true"]').each(function() {
                $(this).kc_parallax()
            });
            this.accordion();
            this.tabs();
            this.youtube_row_background.init();
            if (window.location.href.indexOf('#') > -1) {
                $('a[href="#' + window.location.href.split('#')[1] + '"]').trigger('click')
            }
            $('.kc_button').add('.kc_tooltip').kcTooltip();
            $('.kc-close-but').on('click', function() {
                $(this).parent().parent().hide('slow', function() {
                    $(this).remove()
                })
            });
            this.google_maps();
            this.blog.masonry();
            this.image_gallery.masonry();
            this.carousel_images();
            this.carousel_post();
            this.countdown_timer();
            this.piechar.init();
            this.progress_bar.run();
            this.ajax_action();
            this.pretty_photo();
            this.tooltips();
            this.image_fade();
            this.smooth_scroll();
            this.animate();
            this.row_action(true)
        },
        refresh: function(b) {
            setTimeout(function(a) {
                kc_front.piechar.update(a);
                kc_front.progress_bar.update(a);
                kc_front.image_gallery.masonry(a);
                if ($('.kc_video_play').length > 0) {
                    kc_video_play.refresh(a)
                }
            }, 100, b)
        },
        viewport: function(a) {
            var d = document;
            if (d.compatMode === 'BackCompat') {
                if (a == 'height') return d.body.clientHeight;
                else return d.body.clientWidth
            } else {
                if (a == 'height') return d.documentElement.clientHeight;
                else return d.documentElement.clientWidth
            }
        },
        row_action: function(c) {
            var d = document;
            [].forEach.call(d.querySelectorAll('section[data-kc-fullwidth]'), function(a) {
                var b = d.querySelectorAll('.kc_clfw')[0],
                    rect;
                if (typeof b === 'undefined') return;
                rect = b.getBoundingClientRect();
                a.style.left = (-rect.left) + 'px';
                if (a.getAttribute('data-kc-fullwidth') == 'row') {
                    a.style.paddingLeft = rect.left + 'px';
                    a.style.paddingRight = (kc_front.viewport('width') - rect.width - rect.left) + 'px';
                    a.style.width = rect.width + 'px'
                } else {
                    a.style.paddingLeft = '0px';
                    a.style.width = kc_front.viewport('width') + 'px'
                }
                if (a.nextElementSibling !== null && a.nextElementSibling.tagName == 'SCRIPT') {
                    if (a.nextElementSibling.innerHTML == 'kc_front.row_action(true);') {
                        a.parentNode.removeChild(a.nextElementSibling)
                    }
                }
            })
        },
        google_maps: function(b) {
            $('.kc_google_maps').each(function() {
                if ($(this).data('loaded') === true) return;
                else $(this).data({
                    'loaded': true
                });
                var a = $(this);
                if (a.data('wheel') == 'disable') {
                    a.click(function() {
                        a.find('iframe').css("pointer-events", "auto")
                    });
                    a.mouseleave(function() {
                        a.find('iframe').css("pointer-events", "none")
                    })
                }
                a.find('.close').on('click', function() {
                    a.find('.map_popup_contact_form').toggleClass("hidden");
                    a.find('.show_contact_form').fadeIn('slow')
                });
                a.find('.show_contact_form').on('click', function() {
                    a.find('.map_popup_contact_form').toggleClass("hidden");
                    a.find('.show_contact_form').fadeOut('slow')
                })
            })
        },
        accordion: function(d) {
            $('.kc_accordion_wrapper').each(function() {
                if ($(this).data('loaded') === true) return;
                else $(this).data({
                    'loaded': true
                });
                var c = $(this).data('tab-active') !== undefined ? ($(this).data('tab-active') - 1) : 0;
                if ($(this).data('closeall') == true) c = '100000';
                $(this).find('>div.kc_accordion_section>h3.kc_accordion_header>a, >div.kc_accordion_section>h3.kc_accordion_header>.ui-accordion-header-icon').off('click').on('click', function(e) {
                    var a = $(this).closest('.kc_accordion_wrapper'),
                        section = $(this).closest('.kc_accordion_section'),
                        allowopenall = (true === a.data('allowopenall')) ? true : false,
                        closeall = (true === a.data('closeall')) ? true : false,
                        changed = section.find('>h3.kc_accordion_header').hasClass('ui-state-active'),
                        clickitself = false;
                    if (allowopenall === false) {
                        if (!section.find('>h3.kc_accordion_header').hasClass('ui-state-active')) {
                            a.find('>.kc_accordion_section>.kc_accordion_content').slideUp();
                            a.find('>.kc_accordion_section>h3.kc_accordion_header').removeClass('ui-state-active');
                            a.find('>.kc_accordion_section.kc-section-active').removeClass('kc-section-active');
                            section.find('>.kc_accordion_content').stop().slideDown('normal', function() {
                                $(this).css({
                                    height: ''
                                })
                            });
                            section.find('>h3.kc_accordion_header').addClass('ui-state-active');
                            section.addClass('kc-section-active')
                        } else {
                            a.find('>.kc_accordion_section>.kc_accordion_content').slideUp();
                            a.find('>.kc_accordion_section>h3.kc_accordion_header').removeClass('ui-state-active');
                            a.find('>.kc_accordion_section>.kc-section-active').removeClass('kc-section-active');
                            section.removeClass('kc-section-active')
                        }
                    } else {
                        if (section.find('>h3.kc_accordion_header').hasClass('ui-state-active')) {
                            section.find('>.kc_accordion_content').stop().slideUp();
                            section.find('>h3.kc_accordion_header').removeClass('ui-state-active');
                            section.removeClass('kc-section-active')
                        } else {
                            section.find('>.kc_accordion_content').stop().slideDown('normal', function() {
                                $(this).css({
                                    height: ''
                                })
                            });
                            section.find('>h3.kc_accordion_header').addClass('ui-state-active');
                            section.addClass('kc-section-active')
                        }
                    }
                    if (changed != section.find('>h3.kc_accordion_header').hasClass('ui-state-active')) kc_front.refresh(section.find('>.kc_accordion_content'));
                    e.preventDefault();
                    var b = $(this).closest('.kc_accordion_section');
                    b = b.parent().find('>.kc_accordion_section').index(b.get(0));
                    $(this).closest('.kc_accordion_wrapper').data({
                        'tab-active': (b + 1)
                    })
                }).eq(c).trigger('click')
            })
        },
        tabs: function(d) {
            $('.kc_tabs > .kc_wrapper').each(function(b) {
                if ($(this).data('loaded') === true) return;
                else $(this).data({
                    'loaded': true
                });
                var c = $(this),
                    tab_group = c.parent('.kc_tabs.group'),
                    tab_event = ('yes' === tab_group.data('open-on-mouseover')) ? 'mouseover' : 'click',
                    effect_option = ('yes' === tab_group.data('effect-option')) ? true : false,
                    active_section = parseInt(tab_group.data('tab-active')) - 1;
                $(this).find('>.ui-tabs-nav>li').off('click').on('click', function(e) {
                    e.preventDefault()
                }).off(tab_event).on(tab_event, function(e) {
                    if ($(this).hasClass('ui-tabs-active')) {
                        e.preventDefault();
                        return
                    }
                    var a = $(this).closest('.kc_tabs_nav,.ui-tabs-nav').find('>li'),
                        b = a.index(this),
                        tab_list = $(this).closest('.kc_wrapper').find('>.kc_tab'),
                        new_panel = tab_list.eq(b);
                    a.removeClass('ui-tabs-active');
                    $(this).addClass('ui-tabs-active');
                    tab_list.removeClass('ui-tabs-body-active').removeClass('kc-section-active');
                    new_panel.addClass('ui-tabs-body-active').addClass('kc-section-active');
                    if (effect_option === true) new_panel.css({
                        'opacity': 0
                    }).animate({
                        opacity: 1
                    });
                    e.preventDefault();
                    $(this).closest('.kc_tabs').data({
                        'tab-active': (b + 1)
                    })
                }).eq(active_section).trigger(tab_event)
            });
            $('.kc_tabs.kc-tabs-slider').each(function() {
                if ($(this).data('loaded') === true) return;
                else $(this).data({
                    'loaded': true
                });
                $(this).find('.kc-tabs-slider-nav li').each(function(a) {
                    if ($(this).data('loaded') === true) return;
                    else $(this).data({
                        'loaded': true
                    });
                    $(this).on('click', a, function(e) {
                        $(this).parent().find('.kc-title-active').removeClass('kc-title-active');
                        $(this).addClass('kc-title-active');
                        console.log(e.data);
                        $(this).closest('.kc-tabs-slider').find('.owl-carousel').trigger('owl.goTo', e.data);
                        e.preventDefault();
                        $(this).closest('.kc_tabs').data({
                            'active': e.data
                        })
                    });
                    if (a === 0) $(this).addClass('kc-title-active')
                })
            });
            kc_front.owl_slider()
        },
        counterup: function() {
            $('.counterup').each(function(a) {
                if ($(this).data('loaded') === true) return;
                else $(this).data({
                    'loaded': true
                });
                $(this).counterUp({
                    delay: 100,
                    time: 2000
                })
            })
        },
        youtube_row_background: {
            init: function() {
                $('.kc_row, .kc_column').each(function() {
                    var a = $(this),
                        youtubeUrl, youtubeId;
                    if (a.data('kc-video-bg')) {
                        youtubeUrl = a.data('kc-video-bg');
                        youtubeId = kc_front.youtube_row_background.getID(youtubeUrl);
                        if (youtubeId) {
                            a.find('.kc_wrap-video-bg').remove();
                            kc_front.youtube_row_background.add(a, youtubeId)
                        }
                    } else {
                        a.find('.kc_wrap-video-bg').remove()
                    }
                })
            },
            getID: function(a) {
                if ('undefined' === typeof(a)) {
                    return false
                }
                var b = a.match(/(?:https?:\/{2})?(?:w{3}\.)?youtu(?:be)?\.(?:com|be)(?:\/watch\?v=|\/)([^\s&]+)/);
                if (null !== b) {
                    return b[1]
                }
                return false
            },
            add: function(c, d, f) {
                if (YT === undefined) return;
                if ('undefined' === typeof(YT.Player)) {
                    f = 'undefined' === typeof(f) ? 0 : f;
                    if (f > 100) {
                        console.warn('Too many attempts to load YouTube api');
                        return
                    }
                    setTimeout(function() {
                        kc_front.youtube_row_background.add(c, d, f++)
                    }, 100);
                    return
                }
                var g, $container = c.prepend('<div class="kc_wrap-video-bg"><div class="ifr_inner"></div></div>').find('.ifr_inner'),
                    options = c.data('kc-video-options'),
                    playerVars = {
                        playlist: d,
                        iv_load_policy: 3,
                        enablejsapi: 1,
                        disablekb: 1,
                        autoplay: 1,
                        controls: 0,
                        showinfo: 0,
                        rel: 0,
                        loop: 1
                    };
                options = options ? JSON.parse('{"' + options.replace(/&/g, '","').replace(/=/g, '":"') + '"}', function(a, b) {
                    return a === "" ? b : decodeURIComponent(b)
                }) : {};
                if (typeof options == 'object') playerVars = $.extend(playerVars, options);
                g = new YT.Player($container[0], {
                    width: '100%',
                    height: '100%',
                    videoId: d,
                    playerVars: playerVars,
                    events: {
                        onReady: function(e) {
                            if (c.data('kc-video-mute') == 'yes') e.target.mute().setLoop(true);
                            e.target.playVideo()
                        }
                    }
                });
                kc_front.youtube_row_background.resize(c);
                $(window).on('resize', function() {
                    kc_front.youtube_row_background.resize(c)
                })
            },
            resize: function(a) {
                var b = 1.77,
                    ifr_w, ifr_h, marginLeft, marginTop, inner_width = a.innerWidth(),
                    inner_height = a.innerHeight();
                if ((inner_width / inner_height) < b) {
                    ifr_w = inner_height * b;
                    ifr_h = inner_height
                } else {
                    ifr_w = inner_width;
                    ifr_h = inner_width * (1 / b)
                }
                marginLeft = -Math.round((ifr_w - inner_width) / 2) + 'px';
                marginTop = -Math.round((ifr_h - inner_height) / 2) + 'px';
                ifr_w += 'px';
                ifr_h += 'px';
                a.find('.kc_wrap-video-bg iframe').css({
                    maxWidth: '1000%',
                    marginLeft: marginLeft,
                    marginTop: marginTop,
                    width: ifr_w,
                    height: ifr_h
                })
            }
        },
        single_img: {
            refresh: function(a) {
                kc_front.pretty_photo()
            }
        },
        blog: {
            masonry: function() {
                $('.kc_blog_masonry').each(function() {
                    if ($(this).data('loaded') === true) return;
                    else $(this).data({
                        'loaded': true
                    });
                    var c = $(this),
                        imgs = c.find('img'),
                        total = imgs.length,
                        ready = 0;
                    if (total > 0) {
                        imgs.each(function(a) {
                            var b = new Image();
                            b.onload = function() {
                                ready++;
                                if (ready == total) {
                                    new Masonry(c.get(0), {
                                        itemSelector: '.post-grid',
                                        columnWidth: '.post-grid',
                                    })
                                }
                            };
                            b.src = $(this).attr('src')
                        })
                    } else {
                        new Masonry(c.get(0), {
                            itemSelector: '.post-grid',
                            columnWidth: '.post-grid',
                        })
                    }
                })
            },
        },
        image_gallery: {
            masonry: function() {
                $('.kc_image_gallery').each(function() {
                    if ($(this).data('loaded') === true) return;
                    else $(this).data({
                        'loaded': true
                    });
                    if (('yes' === $(this).data('image_masonry'))) {
                        var c = $(this).find('img'),
                            total = c.length,
                            ready = 0,
                            el = $(this);
                        $(this).data({
                            'total': total
                        });
                        c.each(function(a) {
                            var b = new Image();
                            b.onload = function() {
                                ready++;
                                if (ready == total) {
                                    new Masonry(el.get(0), {
                                        itemSelector: '.item-grid',
                                        columnWidth: '.item-grid',
                                    })
                                }
                            };
                            b.src = $(this).attr('src')
                        })
                    }
                });
                kc_front.pretty_photo()
            },
        },
        image_fade: function() {
            $('.image_fadein_slider .image_fadein').each(function() {
                if ($(this).data('loaded') !== true) $(this).data({
                    'loaded': true
                });
                else return;
                var a = $(this).data('delay') ? $(this).data('delay') : '3000';
                window.kc_front.image_fade_delay(a, $(this).find('img').first())
            })
        },
        image_fade_delay: function(a, b) {
            if (b === undefined) return;
            b.parent().find('.active').removeClass('active');
            b.addClass('active');
            if (b.next().length > 0) b = b.next();
            else b = b.parent().find('img').first();
            var c = setTimeout(window.kc_front.image_fade_delay, a, a, b)
        },
        carousel_images: function(u) {
            $('.kc-carousel-images').each(function(f) {
                if ($(this).data('loaded') === true) return;
                else $(this).data({
                    'loaded': true
                });
                var g = $(this).data('owl-i-options'),
                    _auto_play = ('yes' === g.autoplay) ? true : false,
                    _delay = (g.delay !== undefined) ? g.delay : 8,
                    _navigation = ('yes' === g.navigation) ? true : false,
                    _pagination = ('yes' === g.pagination) ? true : false,
                    _speed = g.speed,
                    _items = g.items,
                    _auto_height = ('yes' === g.autoheight) ? true : false,
                    _num_thumb = (g.num_thumb !== undefined) ? g.num_thumb : 5,
                    _show_thumb = ('yes' === g.showthumb) ? true : false,
                    _progress_bar = ('yes' === g.progressbar) ? true : false,
                    _singleItem = false,
                    _tablet = false,
                    _mobile = false;
                if (g.tablet > 0) {
                    _tablet = [999, g.tablet]
                }
                if (g.mobile > 0) {
                    _mobile = [479, g.mobile]
                }
                var h = function() {};
                var j = function() {};
                var k = function() {};
                if (true === _auto_height || true === _progress_bar || true === _show_thumb) _singleItem = true;
                if (_auto_play) _auto_play = parseInt(_delay) * 1000;
                if (true === _progress_bar) {
                    var l = _delay;
                    var m, $bar, $elem, isPause, tick, percentTime;
                    h = function(a) {
                        $elem = a;
                        n();
                        o()
                    };
                    var n = function() {
                        m = $("<div>", {
                            class: "progressBar"
                        });
                        $bar = $("<div>", {
                            class: "bar"
                        });
                        m.append($bar).prependTo($elem)
                    };
                    var o = function() {
                        percentTime = 0;
                        isPause = false;
                        tick = setInterval(p, 10)
                    };
                    var p = function() {
                        if (isPause === false) {
                            percentTime += 1 / l;
                            $bar.css({
                                width: percentTime + "%"
                            });
                            if (percentTime >= 100) {
                                $elem.trigger('owl.next')
                            }
                        }
                    };
                    k = function() {
                        isPause = true
                    };
                    j = function() {
                        clearTimeout(tick);
                        o()
                    }
                }
                if (true !== _show_thumb) {
                    $(this).owlCarousel({
                        autoPlay: _auto_play,
                        navigation: _navigation,
                        pagination: _pagination,
                        slideSpeed: _speed,
                        paginationSpeed: _speed,
                        singleItem: _singleItem,
                        autoHeight: _auto_height,
                        items: _items,
                        itemsDesktop: false,
                        itemsDesktopSmall: false,
                        itemsTablet: _tablet,
                        itemsTabletSmall: _tablet,
                        itemsMobile: _mobile,
                        afterInit: h,
                        afterMove: j,
                        startDragging: k
                    })
                } else {
                    var q = $(this);
                    var r = q.next('.kc-sync2');
                    var s = function(a) {
                        var b = this.currentItem;
                        $(r).find(".owl-item").removeClass("synced").eq(b).addClass("synced");
                        if ($(r).data("owlCarousel") !== undefined) {
                            t(b)
                        }
                    };
                    r.on("click", ".owl-item", function(e) {
                        e.preventDefault();
                        var a = $(this).data("owlItem");
                        q.trigger("owl.goTo", a)
                    });
                    var t = function(a) {
                        var b = r.data("owlCarousel").owl.visibleItems;
                        var c = a;
                        var d = false;
                        for (var i in b) {
                            if (c === b[i]) {
                                d = true
                            }
                        }
                        if (d === false) {
                            if (c > b[b.length - 1]) {
                                r.trigger("owl.goTo", c - b.length + 2)
                            } else {
                                if (c - 1 === -1) {
                                    c = 0
                                }
                                r.trigger("owl.goTo", c)
                            }
                        } else if (c === b[b.length - 1]) {
                            r.trigger("owl.goTo", b[1])
                        } else if (c === b[0]) {
                            r.trigger("owl.goTo", c - 1)
                        }
                    };
                    q.owlCarousel({
                        autoPlay: _auto_play,
                        singleItem: _singleItem,
                        slideSpeed: _speed,
                        paginationSpeed: _speed,
                        navigation: _navigation,
                        pagination: _pagination,
                        afterAction: s,
                        responsiveRefreshRate: 200,
                        autoHeight: _auto_height,
                        afterInit: h,
                        afterMove: j,
                        startDragging: k
                    });
                    r.owlCarousel({
                        items: _num_thumb,
                        itemsDesktop: [1199, 15],
                        itemsDesktopSmall: [979, 12],
                        itemsTablet: [768, 6],
                        itemsMobile: [479, 5],
                        pagination: _pagination,
                        responsiveRefreshRate: 100,
                        afterInit: function(a) {
                            a.find(".owl-item").eq(0).addClass("synced")
                        }
                    })
                }
            });
            kc_front.pretty_photo()
        },
        update_option: function(b) {
            $.post(top.kc_ajax_url, {
                'security': top.kc_ajax_nonce,
                'action': 'kc_update_option',
                'options': top.kc.tools.base64.encode(JSON.stringify(b))
            }, function(a) {})
        },
        carousel_post: function(a) {
            kc_front.owl_slider('.kc-owl-post-carousel')
        },
        tooltips: function() {
            $('.kc_tooltip').each(function() {
                if ($(this).data('kc-loaded') !== true) $(this).data({
                    'kc-loaded': true
                });
                else return;
                $(this).kcTooltip()
            })
        },
        countdown_timer: function() {
            $('.kc-countdown-timer').each(function(b) {
                var c = $(this).data('countdown');
                $(this).countdown(c.date, function(a) {
                    $(this).html(a.strftime(c.template))
                })
            })
        },
        piechar: {
            init: function() {
                $('.kc_piechart').each(function(b) {
                    $(this).viewportChecker({
                        callbackFunction: function(a) {
                            kc_front.piechar.load(a)
                        },
                        classToAdd: 'kc-pc-loaded'
                    })
                })
            },
            load: function(d) {
                if (d.parent('div').width() < 10) return 0;
                var e = d.data('size'),
                    _linecap = ('yes' === d.data('linecap')) ? 'round' : 'square',
                    _barColor = d.data('barcolor'),
                    _trackColor = d.data('trackcolor'),
                    _autowidth = d.data('autowidth'),
                    _linewidth = d.data('linewidth');
                if ('yes' === _autowidth) {
                    e = d.parent('div').width();
                    d.data('size', e)
                }
                var f = d.find('.percent').width() + d.find('.percent:after').width();
                var g = d.find('.percent').height();
                d.easyPieChart({
                    barColor: _barColor,
                    trackColor: _trackColor,
                    lineCap: _linecap,
                    easing: 'easeOutBounce',
                    onStep: function(a, b, c) {
                        $(this.el).find('.percent').text(Math.round(c));
                        $(this.el).find('.percent').show();
                        $(this.el).css({
                            'width': e,
                            'height': e
                        })
                    },
                    scaleLength: 0,
                    lineWidth: _linewidth,
                    size: e,
                })
            },
            update: function(a) {
                a.find('.kc_piechart').each(function() {
                    if ($(this).data('loaded') === true) return;
                    else $(this).data({
                        'loaded': true
                    });
                    kc_front.piechar.load($(this))
                })
            }
        },
        progress_bar: {
            run: function() {
                $('.kc_progress_bars').each(function() {
                    $(this).viewportChecker({
                        callbackFunction: function(a) {
                            kc_front.progress_bar.update(a)
                        },
                        classToAdd: 'kc-pb-loaded'
                    })
                })
            },
            update: function(c) {
                $('.kc-progress-bar .kc-ui-progress').each(function() {
                    if ($(this).data('loaded') === true) return;
                    else $(this).data({
                        'loaded': true
                    });
                    $(this).css({
                        width: '5%'
                    }).stop().animate({
                        width: this.getAttribute('data-value') + '%'
                    }, {
                        duration: parseInt(this.getAttribute('data-speed')),
                        easing: 'easeInOutQuart',
                        step: function(a, b) {
                            if (b.now / b.end > 0.3) this.getElementsByClassName('ui-label')[0].style.opacity = b.now / b.end
                        }
                    }).find('.ui-label').css({
                        opacity: 0
                    })
                })
            }
        },
        ajax_action: function() {
            $('.kc_facebook_recent_post').each(function() {
                if (this.getAttribute('data-cfg') === null || this.getAttribute('data-cfg') === undefined || this.getAttribute('data-cfg') === '') return;
                var b = $(this),
                    data_send = {
                        action: 'kc_facebook_recent_post',
                        cfg: $(this).data('cfg')
                    };
                this.removeAttribute('data-cfg');
                $.ajax({
                    url: kc_script_data.ajax_url,
                    method: 'POST',
                    dataType: 'json',
                    data: data_send,
                    success: function(a) {
                        b.find('ul').html(a.html).before(a.header_html)
                    }
                })
            });
            $('.kc_wrap_instagram').each(function(b) {
                if (this.getAttribute('data-cfg') === null || this.getAttribute('data-cfg') === undefined || this.getAttribute('data-cfg') === '') return;
                var c = $(this),
                    data_send = {
                        action: 'kc_instagrams_feed',
                        cfg: $(this).data('cfg')
                    };
                this.removeAttribute('data-cfg');
                $.ajax({
                    url: kc_script_data.ajax_url,
                    method: 'POST',
                    dataType: 'json',
                    data: data_send,
                    success: function(a) {
                        c.find('ul').html(a.html)
                    }
                })
            });
            $('.kc_twitter_feed').each(function(d) {
                if (this.getAttribute('data-cfg') === null || this.getAttribute('data-cfg') === undefined || this.getAttribute('data-cfg') === '') return;
                var e = $(this),
                    atts_data = {
                        action: 'kc_twitter_timeline',
                        cfg: $(this).data('cfg')
                    };
                this.removeAttribute('data-cfg');
                var f = $(this).data('owl_option');
                $.ajax({
                    url: kc_script_data.ajax_url,
                    method: 'POST',
                    dataType: 'json',
                    data: atts_data,
                    success: function(a) {
                        var b = e.data('display_style');
                        e.find('.result_twitter_feed').html(a.html);
                        e.find('.result_twitter_feed').before('<div class="button_follow_wrap">' + a.header_data + '</div>');
                        var c = ('yes' === f.show_navigation) ? true : false,
                            _pagination = ('yes' === f.show_pagination) ? true : false,
                            _autoHeight = ('yes' === f.auto_height) ? true : false;
                        if (2 === b) {
                            e.find('.kc-tweet-owl').owlCarousel({
                                navigation: c,
                                pagination: _pagination,
                                slideSpeed: 300,
                                paginationSpeed: 400,
                                singleItem: true,
                                items: 1,
                                autoHeight: _autoHeight
                            })
                        }
                    }
                })
            })
        },
        owl_slider: function() {
            if (typeof $().owlCarousel != 'function') return;
            $('[data-owl-options]').each(function(a) {
                var b = $(this).data('owl-options');
                if (typeof b !== 'object') return;
                if ($(this).data('loaded') === true) return;
                else $(this).data({
                    'loaded': true
                });
                $(this).attr({
                    'data-owl-options': null
                });
                var c = ('yes' === b.autoplay) ? true : false,
                    _navigation = ('yes' === b.navigation) ? true : false,
                    _pagination = ('yes' === b.pagination) ? true : false,
                    _speed = (b.speed !== undefined) ? b.speed : 450,
                    _items = (b.items !== undefined) ? b.items : 1,
                    _tablet = (b.tablet !== undefined) ? b.tablet : 1,
                    _mobile = (b.mobile !== undefined) ? b.mobile : 1,
                    _autoheight = ('yes' === b.autoheight) ? true : false,
                    _showthumb = ('yes' === b.showthumb) ? true : false,
                    _singleItem = false;
                if (_autoheight === true) {
                    _singleItem = true;
                    _items = 1
                }
                $(this).owlCarousel({
                    autoPlay: c,
                    navigation: _navigation,
                    pagination: _pagination,
                    showthumb: _showthumb,
                    slideSpeed: _speed,
                    paginationSpeed: _speed,
                    singleItem: _singleItem,
                    autoHeight: _autoheight,
                    items: _items,
                    itemsCustom: false,
                    itemsDesktop: [1199, _items],
                    itemsDesktopSmall: [980, _tablet],
                    itemsTablet: [640, _mobile],
                    itemsTabletSmall: false,
                    itemsMobile: [480, _mobile],
                })
            });
            kc_front.pretty_photo()
        },
        pretty_photo: function() {
            if (typeof($.prettyPhoto) == 'object') {
                $("a.kc-pretty-photo:not(.kc-pt-loaded)").addClass('kc-pt-loaded').off('click').prettyPhoto({
                    theme: 'dark_rounded',
                    allow_resize: true,
                    allow_expand: true,
                    opacity: 0.85,
                    animation_speed: 'fast',
                    deeplinking: false,
                    counter_separator_label: ' / ',
                    show_title: true,
                    autoplay: true,
                    horizontal_padding: 0,
                    overlay_gallery: false,
                    markup: '<div class="pp_pic_holder"> 		                <div class="pp_content_container"> 		                  <div class="pp_left"> 		                  <div class="pp_right"> 		                    <div class="pp_content"> 		                      <div class="pp_loaderIcon kc-spinner"></div> 		                      <div class="pp_fade"> 		                        <div class="pp_hoverContainer"> 		                          <a class="pp_next" href="#"><i class="sl-arrow-right"></i></a> 		                          <a class="pp_previous" href="#"><i class="sl-arrow-left"></i></a> 		                        </div> 		                        <div id="pp_full_res"></div> 		                        <div class="pp_details"> 		                         <div class="ppt">&nbsp;</div> 		                          <div class="pp_nav"> 		                            <p class="currentTextHolder">0 / 0</p> 		                          </div> 		                          <p class="pp_description"></p> 		                          <a class="pp_close" href="#"><i class="sl-close"></i></a> 		                        </div> 		                      </div> 		                    </div> 		                  </div> 		                  </div> 		                </div> 		              </div> 		              <div class="pp_overlay"></div>'
                })
            }
        },
        smooth_scroll: function() {
            $('a[href^="#"]').on('click', function(e) {
                if (location.pathname.replace(/^\//, '') == this.pathname.replace(/^\//, '') && location.hostname == this.hostname && this.hash.indexOf('#!') === 0) {
                    var a = $(this.hash.replace('!', ''));
                    if (a.length) {
                        $('html,body').stop().animate({
                            scrollTop: a.offset().top - 80
                        }, 500)
                    }
                }
            })
        },
        animate: function() {
            $('.kc-animated').each(function(f) {
                $(this).viewportChecker({
                    callbackFunction: function(c) {
                        var d = c.get(0).className,
                            delay = 0,
                            speed = '2s',
                            timeout = 0;
                        if (d.indexOf('kc-animate-delay-') > -1) {
                            delay = d.split('kc-animate-delay-')[1].split(' ')[0];
                            c.css({
                                'animation-delay': delay + 'ms'
                            });
                            c.removeClass('kc-animate-delay-' + delay);
                            timeout += parseInt(delay)
                        }
                        if (d.indexOf('kc-animate-speed-') > -1) {
                            speed = d.split('kc-animate-speed-')[1].split(' ')[0];
                            c.css({
                                'animation-duration': speed
                            });
                            c.removeClass('kc-animate-speed-' + speed)
                        }
                        if (d.indexOf('kc-animate-eff-') > -1) {
                            var e = d.split('kc-animate-eff-')[1].split(' ')[0];
                            timeout += parseFloat(speed) * 1000;
                            c.removeClass('kc-animated').addClass('animated ' + e);
                            setTimeout(function(a, b) {
                                a.removeClass('animated kc-animated kc-animate-eff-' + b + ' ' + b);
                                a.css({
                                    'animation-delay': '',
                                    'animation-duration': ''
                                })
                            }, timeout, c, e)
                        }
                    },
                    classToAdd: 'kc-pc-loaded'
                })
            })
        }
    }
}(jQuery));
(function($) {
    $.fn.kcTooltip = function() {
        return this.each(function() {
            var a = this.getBoundingClientRect();
            var b = $(this).data('tooltip'),
                span_w = $(this).find('span').outerWidth(),
                span_h = $(this).find('span').outerHeight(),
                this_w = $(this).outerWidth(),
                this_h = $(this).outerHeight();
            if (typeof(b) == 'undefined') {
                $(this).find('span').css('margin-left', -span_w / 2);
                $(this).hover().find('span').css('bottom', this_h + 10)
            } else {
                var c = $(this).data('position');
                var d = -10;
                if (typeof c == 'undefined') c = 'top';
                $(this).addClass(c);
                $(this).find('span').attr({
                    'style': ''
                });
                switch (c) {
                    case 'right':
                        {
                            var e;
                            e = this_h / 2 - span_h / 2;
                            $(this).find('span').css('left', this_w + 10);
                            $(this).find('span').css('bottom', e);
                            $(this).hover().find('span').css('left', this_w - d);
                            break
                        }
                    case 'bottom':
                        {
                            $(this).find('span').css('margin-left', -span_w / 2);
                            $(this).hover().find('span').css('bottom', -span_h + d);
                            break
                        }
                    case 'left':
                        {
                            var e, ext_left = 5;
                            e = this_h / 2 - span_h / 2;
                            $(this).find('span').css('left', -span_w - ext_left);
                            $(this).find('span').css('bottom', e);
                            break
                        }
                    default:
                        {
                            $(this).find('span').css('margin-left', -span_w / 2);
                            $(this).hover().find('span').css('bottom', this_h - d)
                        }
                }
            }
        })
    }
}(jQuery));

Executed Writes (0)


HTTP Transactions (159)


Request Response
                                        
                                            GET /success.txt?ipv4 HTTP/1.1 
Host: detectportal.firefox.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         34.107.221.82
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 01 Dec 2022 01:11:48 GMT
Age: 2156
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    ae780585f49b94ce1444eb7d28906123
Sha1:   7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
Sha256: 81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15165
Expires: Thu, 01 Dec 2022 06:00:30 GMT
Date: Thu, 01 Dec 2022 01:47:45 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "96E44D184E1BCF86381A34DAAD2D9C51148CD60981EDA5549271859D2A5FDDDB"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12012
Expires: Thu, 01 Dec 2022 05:07:57 GMT
Date: Thu, 01 Dec 2022 01:47:45 GMT
Connection: keep-alive

                                        
                                            GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1 
Host: getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.5.221
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: Lh1QDxABdS2oOnuLcVFOoiU_GzLiEAor58Ad2p0dPTmCEcXqfbEAFA==
content-encoding: gzip
via: 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 01:41:36 GMT
age: 369
content-length: 41575
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size:   41575
Md5:    91c4fdb1d6aa4ea8a38cd8a3f11bf2ce
Sha1:   24da52bef1edd941174b69a97a4c72703d7bcd64
Sha256: ed48d30d4ce9de9f64a6f09c632d94c3b5369a0e440a95e01de7b33bc6999811
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18174
Expires: Thu, 01 Dec 2022 06:50:39 GMT
Date: Thu, 01 Dec 2022 01:47:45 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: YIxNLR1+26d5J+/IQzY17pflPznjnSxQ+hZO9nk5T2PDtbl7A00oPAWawOZpUYOxFCSAs/tGDU8=
x-amz-request-id: 98RHHYT93Y82YNZ9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 00:56:17 GMT
age: 3088
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4564
Cache-Control: max-age=122378
Date: Thu, 01 Dec 2022 01:47:45 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 11:47:23 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:45 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 01:19:45 GMT
cache-control: public,max-age=3600
age: 1680
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET / HTTP/1.1 
Host: crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:45 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4606
Cache-Control: 'max-age=158059'
Date: Thu, 01 Dec 2022 01:47:45 GMT
Last-Modified: Thu, 01 Dec 2022 00:30:59 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /success.txt?ipv4 HTTP/1.1 
Host: detectportal.firefox.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         34.107.221.82
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 01 Dec 2022 01:11:48 GMT
Age: 2157
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    ae780585f49b94ce1444eb7d28906123
Sha1:   7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
Sha256: 81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 01:08:56 GMT
cache-control: public,max-age=3600
age: 2329
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4551
Cache-Control: max-age=117297
Date: Thu, 01 Dec 2022 01:47:45 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:22:42 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1 
Host: shavar.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

search
                                         52.32.119.77
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Thu, 01 Dec 2022 01:47:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    29fc57841962e407cb50c1be60284bf7
Sha1:   ce968a77e2996da5eee8925182318f171ccdce47
Sha256: ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 93DXileI1cYomh2wJsn0EQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.203.75.56
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7LH+1cKqsh1VsQUph2kFRegOLdk=

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:46 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 17:02:18 GMT
Expires: Mon, 05 Dec 2022 17:02:17 GMT
Etag: "b600d9fc7c90feb214c3fe877e556cc4aaa3e1f5"
Cache-Control: max-age=399870,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7728281f0875b4f3-OSL

                                        
                                            GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221669859128039%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21675
via: 1.1 google
date: Thu, 01 Dec 2022 01:47:02 GMT
cache-control: public,max-age=3600
last-modified: Thu, 01 Dec 2022 01:45:28 GMT
age: 44
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (21675), with no line terminators
Size:   21675
Md5:    b85678a7dad901c6724444f9d87b4926
Sha1:   86cd1eeacb5e85cecf7c3948718cd1f4360f1d83
Sha256: f40fae6a86577a3867f3dc3911543aca1b3c50b8b8a3263950398d9abfd2891f
                                        
                                            GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1669811837825&_since=%221666204638208%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 6883
via: 1.1 google
date: Thu, 01 Dec 2022 01:01:59 GMT
cache-control: public,max-age=3600
age: 2747
last-modified: Wed, 30 Nov 2022 12:37:17 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (6883), with no line terminators
Size:   6883
Md5:    8a5e09f5fb8417b5618e87d18d325721
Sha1:   c48523de09554c2dcb2cd6241bfeeaaec2803fb8
Sha256: 515c738bf239a57be380cb1cfe70051112b0218858fcbc9843702c7801ea60be
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: ZFwmV0gNoLHxz3Yrx00gkqXQ/ECVjaYbj+KfPwTZrlVI40w9MZYg9klsXRpfLpnxhcuM4jXcE7/qORTy0y/49Q==
x-amz-request-id: W0Z762V3P0ENQ3GD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 01:45:28 GMT
age: 138
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1668607340435&_since=%221657747510534%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1480
via: 1.1 google
date: Thu, 01 Dec 2022 01:27:33 GMT
cache-control: public,max-age=3600
age: 1213
last-modified: Wed, 30 Nov 2022 16:36:43 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1480), with no line terminators
Size:   1480
Md5:    e563d51764592a817781ea1fbd3028b0
Sha1:   2462cc129770122bcc912c6b60d7573902db9eca
Sha256: 6f520bb82b2e9d58553fc5b1af75e8fcc6033d8f47f91faf2aeab6455a038f0a
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: EEZgk1jVVuqD1yKV5nLRVJZ5uPevgouECYqdg+a4T5Ejio2sjUYwCwTgAFhM2g9XuJjYg73DPnQ=
x-amz-request-id: W8R6QPVXJ0FWRVVV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 01:44:40 GMT
age: 186
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1669753108374&_since=%221666279968541%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 57458
via: 1.1 google
date: Thu, 01 Dec 2022 00:31:03 GMT
cache-control: public,max-age=3600
age: 4603
last-modified: Tue, 29 Nov 2022 20:18:28 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (57458), with no line terminators
Size:   57458
Md5:    dcfc37993dda8c99e223b85579875f72
Sha1:   2bbba05bce6648ca9429ae920261f57e98affa43
Sha256: 45cf39a996855fbea909dc4170a427bd88252bb0a85b965ea3cddaeaf49ebd3b
                                        
                                            GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1669736690606&_since=%221666483264567%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 51208
via: 1.1 google
date: Thu, 01 Dec 2022 01:27:57 GMT
cache-control: public,max-age=3600
age: 1189
last-modified: Tue, 29 Nov 2022 15:44:50 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (51208), with no line terminators
Size:   51208
Md5:    9afaeae9d1527c87128e50461d2a6ef5
Sha1:   bde6a4638ccd5cb5a276909de5ee7fd8dfbf1f92
Sha256: 457c31b4e64a3d3482a8800d0fecdfa79a444dbf9e3aea58787756922629f6b2
                                        
                                            GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Thu, 01 Dec 2022 01:19:45 GMT
cache-control: public,max-age=3600
age: 1681
last-modified: Sun, 27 Nov 2022 16:36:54 GMT
etag: "1669567014153"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Size:   681
Md5:    01e6d8f0887454b033cd3d4cdb2f39f8
Sha1:   befee34a8f5c745b16752b061fdaa701e209ac8c
Sha256: 68f4889979f90605fd4fe35053efa202a5ced22b40bf321f51a2d7e97d49fbdc
                                        
                                            GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1504
via: 1.1 google
date: Thu, 01 Dec 2022 01:00:38 GMT
cache-control: public,max-age=3600
age: 2828
last-modified: Sun, 27 Nov 2022 16:36:43 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1504), with no line terminators
Size:   1504
Md5:    b480aba9ecded00911f29a626460b51a
Sha1:   ab390c2fdec3566f044afc6441e0bead2c854c3a
Sha256: 045742eee1dfc1cb13696b18f5e657dac32df0bcac9650e85d623547cda6a393
                                        
                                            GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Thu, 01 Dec 2022 01:23:59 GMT
cache-control: public,max-age=3600
age: 1428
last-modified: Wed, 23 Nov 2022 16:36:44 GMT
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Size:   1719
Md5:    26b3a5820cb75c442a39a3f8c56a1212
Sha1:   241fb08f23be561100840e18bcff0e6ed9c053df
Sha256: 95ee3ea4b37a3cec84225b31fc5aca4d885d816233eba2292055663714138340
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9811
Expires: Thu, 01 Dec 2022 04:31:18 GMT
Date: Thu, 01 Dec 2022 01:47:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9811
Expires: Thu, 01 Dec 2022 04:31:18 GMT
Date: Thu, 01 Dec 2022 01:47:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9811
Expires: Thu, 01 Dec 2022 04:31:18 GMT
Date: Thu, 01 Dec 2022 01:47:47 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7609
x-amzn-requestid: 1a464872-7c15-42d3-a12a-f344adf99662
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91PHVUoAMFf4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-3f77f387752222b212d6e2a5;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XUcf5sxPRTQEOS_HWPDW5ioStuq1TPMKvKQSRi2kZI5TbTWEVKFfog==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 03:42:48 GMT
age: 79499
etag: "b3d22d146c6094cb539de40a72b9c5a140802ee5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7609
Md5:    0d0219e6bee2a28f003f396f872eecf0
Sha1:   b3d22d146c6094cb539de40a72b9c5a140802ee5
Sha256: 41c1b037e8e654c19f36b74cceccd1fc841cc9fb7de39ac552ab5089dc3e82db
                                        
                                            GET / HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
content-length: 22206
link: <https://www.crestcreations.com/wp-json/>; rel="https://api.w.org/", <https://www.crestcreations.com/wp-json/wp/v2/pages/11>; rel="alternate"; type="application/json", <https://www.crestcreations.com/>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PHP/8.0.26, PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (8339), with CRLF, CR, LF line terminators
Size:   22206
Md5:    ecc12f65f4fef3b82194f6a5485ce296
Sha1:   f40453361aed4b7fa243c3a39f47e9ec3c9460f6
Sha256: 62fa827e8316ccb10945233dc756e8a5108d4523bc9e3af3b9012212405709c0

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7837c610-4f38-4ecd-b984-5752ff89a1f8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7957
x-amzn-requestid: 54f43d6b-cf41-4067-b459-6b8d98869354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91PGgNIAMF2Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-069ac54c22797a511c69a220;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5et72pBhP9fdm4fNy6V5AJjs7B5N3HUGgaToNJV3LbA59D-0QDAMvw==
via: 1.1 6c90b631453c435bd0022caa657b67e8.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 03:31:51 GMT
age: 80156
etag: "01a07f9a5725f608fafeced7b3d1ebdbcb776c29"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7957
Md5:    37004182402c955f288eb1fa8df7aef4
Sha1:   01a07f9a5725f608fafeced7b3d1ebdbcb776c29
Sha256: c90c80dd5cadbde3fef20a9c4561b1efa47401e5f6bdf64c91246553c50204f0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9459
x-amzn-requestid: 9e243a73-18ff-4abf-9b9c-442719960125
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpppFXjoAMFehg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bca3-47620f39181264772d2fb52d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:13:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _v5hatZyEWVRB4Tebygbb-QfE02oaFxE8CRfQsUY7I_ektxE3YeIpw==
via: 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 17:08:01 GMT
age: 31186
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9459
Md5:    e1e6b6ba4f82221b41c3d9129008c76d
Sha1:   2f9532d698b4c28df23e18bbb66399ec776d5b9f
Sha256: 218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f
                                        
                                            GET /gtag/js?id=UA-65419150-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 01 Dec 2022 01:47:47 GMT
expires: Thu, 01 Dec 2022 01:47:47 GMT
cache-control: private, max-age=900
last-modified: Thu, 01 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43550
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43550
Md5:    a8aa0f8492f4d78bf2e1438b5681821a
Sha1:   8c2c27a51099d7bb2b80018429d6b51b4bce620f
Sha256: ce02cf2e2cb7ec852afb5907d005e35e8d512ac44b3dcd38e62730ef3be92bfd
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 24581
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8740
Md5:    26d6dffbf400da4803a2e76e2a8ef2f8
Sha1:   2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
Sha256: 04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4409
x-amzn-requestid: cb422842-e955-4749-8b2a-3c028a09c20f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz7XEE2IAMFY3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd15-3c4d1a6d4d542e81179ea8ba;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zYLCQ4DUQtMklG-T-ATot22PDIUMjnN1wpVkoHBh4Oa3TAyNzTv86g==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:45 GMT
age: 14282
etag: "1e78566f2e69268c5f753fb49112ab07aae3eccf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4409
Md5:    b8802d5080eb35e4052ef31cf7658650
Sha1:   1e78566f2e69268c5f753fb49112ab07aae3eccf
Sha256: 9c96906ee1dea353198c9069fa7e42b100e4fa766e5be8e4d8db036033961086
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F350e8884-8903-4779-8a0c-bb74e9168bfb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4199
x-amzn-requestid: 61981ad5-3560-43e1-a1cd-37f823e89675
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQxoEz5IAMFzQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c80a-291574e42bee51b2523b3920;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fL5AwXN4Kitj3BB3DyYyYfFYk3GRgLvhNNTiQKrDcxPR6mkfzyUuzQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:05:04 GMT
age: 13363
etag: "07fafbd614cdb49f20bceea29d5e684725d3bdf6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4199
Md5:    4fd5f7a9e04d27654062b3e18b8aecca
Sha1:   07fafbd614cdb49f20bceea29d5e684725d3bdf6
Sha256: 0cb64a9a33f66b92eed5a591b6c368f3d74363941d8876e553a8ea6aaa547590
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/themes/gruene/css/font-awesome.css?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
last-modified: Tue, 21 Jun 2016 11:04:02 GMT
etag: W/"57691f22-7770"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  troff or preprocessor input, ASCII text, with very long lines (372), with CRLF line terminators
Size:   5876
Md5:    a1f38c533a80bfe14ab2fc437516d0a7
Sha1:   24b3584a6389cb080eeb747f3c9c8eaff66820fb
Sha256: a68553ccb7fac05d8c29107de8587a0881492ed18b98116af1c70be7a23c2e5b
                                        
                                            GET /images/trusted-site-seal.png HTTP/1.1 
Host: ssl.comodo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.193.96.49
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 162
location: https://ssl.comodoca.com/images/trusted-site-seal.png
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2018/01/CC-NEW-03_1.svg HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 14930
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-3a52"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   14930
Md5:    2ea0f778012395870f4f69d347d15874
Sha1:   51169e77b29591577caf02608570d1dd7c6a20d9
Sha256: 4d4a65c022b49fd77eba2a1b02ae943d1e92f9055c018d1b692113f47ecaee58

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2017/07/content-arrow-2.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-2.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/07/content-image-1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/content-image-1.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/07/content-image-2.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/content-image-2.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/07/content-arrow-1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/content-arrow-1.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/12/embroidery1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/embroidery1.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/12/Slider.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Slider.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 2236
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 10:12:16 GMT
Expires: Wed, 07 Dec 2022 10:12:15 GMT
Etag: "6f104c5df649352b17aca7ed25974dacea697855"
Cache-Control: max-age=602520,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 241
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7728282c7e3ab509-OSL


--- Additional Info ---
Magic:  data
Size:   2236
Md5:    448fd7232e74f575525805506589c97e
Sha1:   6f104c5df649352b17aca7ed25974dacea697855
Sha256: 64f3864c601d54e9967253b34c493681e4ce400cbb4450bf1f6d9555ec65b771
                                        
                                            GET /wp-content/themes/gruene/css/jquery.bootstrap-touchspin.css?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 306
x-accel-version: 0.01
last-modified: Fri, 12 Feb 2016 13:11:30 GMT
etag: "304-52b9267c90480-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   306
Md5:    24de97be2b947519e02c1b0d498afe90
Sha1:   b6e1eaa290a8b8994b0a32a623bcc4e5ec7ee139
Sha256: 0d690c10b29f6616a8bd792a789c4b1b2ce9e4cc4c0e1522b81c03bb2068a91b

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2017/12/vector-art.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/vector-art.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/12/Vector-Artwork.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Vector-Artwork.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/12/Custom-Design-1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Custom-Design-1.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 12:59:00 GMT
Expires: Mon, 05 Dec 2022 12:58:59 GMT
Etag: "803d455eb63725964603e83f4d5c9a2e5e33d8d4"
Cache-Control: max-age=385270,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7728282c8ddab4f3-OSL

                                        
                                            GET /wp-content/uploads/2017/12/Image-editing.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Image-editing.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/12/Pre-Press.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Pre-Press.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/12/Embroidery-services.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Embroidery-services.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/themes/gruene/css/responsive.css?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Fri, 15 Sep 2017 07:54:52 GMT
etag: W/"59bb874c-3a83"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   3004
Md5:    da6c447a2e11d0c7de391d95a82003c5
Sha1:   5e3eb43f8e5e0968a24ca1022c1e014f40e8f486
Sha256: dd48122507ce99a3fe5669c4ec33c4c0345cf74b2a51598a75944f313af1763e

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/kingcomposer/assets/css/icons.css?ver=2.9.6 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Thu, 19 Apr 2018 12:03:34 GMT
etag: W/"5ad88596-c096"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (35475)
Size:   10777
Md5:    84ec22e7de847a487a1ec0720bcd0411
Sha1:   9c83e792c392e140b1e50d5b1fc536f6cb3a2f5f
Sha256: 1e8fbda600e710b5b50d9ebff4af0e14dfdc3a3d5f64019c3f69e600b899863f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/revslider/public/assets/fonts/font-awesome/css/font-awesome.css HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: W/"63206513-903d"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (372)
Size:   7272
Md5:    12a0ee2e8a23fc0cff2f55632747fd29
Sha1:   5dfcc0c1c78c91c9ecd4949688ffb4ecedabbdad
Sha256: 430c44276cb9bf1074d7d6414b4c2132b051f3703d00e84bc883512262b9cb25
                                        
                                            GET /wp-content/themes/gruene/css/bootstrap.css?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
last-modified: Mon, 25 Jul 2016 10:23:30 GMT
etag: W/"5795e8a2-1d970"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   25665
Md5:    ba5d711eef92aa98327549379f16d939
Sha1:   3c4013a7e697c9954214f36fef6ae3187ed7d9a7
Sha256: d2c8f8f9050ff1f7f03b3298055564f8ad0cfe3cc0d7941255b11097ab43391c
                                        
                                            GET /wp-content/plugins/kingcomposer/assets/css/animate.css?ver=2.9.6 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Sat, 24 Sep 2016 21:06:50 GMT
etag: W/"57e6eaea-8f89"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (36512)
Size:   10465
Md5:    50e94aaef601716bbb4a0197ac8c199d
Sha1:   b0f9f23c4c3c5ba584143ec295d93cdcb6a8d0e7
Sha256: 97d109b9a298bd69296acddefd79da97637d68ffaaf059666a0fcd4ed33d11cc
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
etag: W/"5fb4e3fe-2bd8"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   11873
Md5:    4def19952bb24fab3811642bfdb32178
Sha1:   3589f25eb56fe703f2c6197a4760ebfd7a7f896b
Sha256: 23b42cf8f3db916731614ec117afa5effea790e877369613404bc5920c9b99cb

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.crestcreations.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.35
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 18:52:55 GMT
expires: Tue, 28 Nov 2023 18:52:55 GMT
cache-control: public, max-age=31536000
age: 197693
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Size:   16740
Md5:    e43b535855a4ae53bd5b07a6eeb3bf67
Sha1:   6507312d9491156036316484bf8dc41e8b52ddd9
Sha256: b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
                                        
                                            GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.24 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: W/"63206513-e245"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (12602)
Size:   19786
Md5:    64d3f1bc920e05e62a739243ef363986
Sha1:   a7b2833ad8bbf5610e02e1e7617c83fe14f4a5cc
Sha256: ae7eb0d646c2ad4f03497d2ba7f63aa6502f76f9b278c547eaec9cf9046a2f3f
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=8.5.1 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
last-modified: Mon, 24 Oct 2022 07:17:59 GMT
etag: W/"63563c27-384e1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size:   29598
Md5:    02d7912a95d679645c71c962bcca2b4c
Sha1:   80659e5f519db92e0ae3bf4170cd1264662578ac
Sha256: 4b383cf24594b72daa41f431e7cb39796daab1f3640701097d1883773784ee8f
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /images/trusted-site-seal.png HTTP/1.1 
Host: ssl.comodoca.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.crestcreations.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.193.96.49
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 9233
last-modified: Wed, 30 Nov 2022 16:06:34 GMT
expires: Sat, 31 Dec 2022 01:47:48 GMT
cache-control: max-age=2592000, public
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 113 x 59, 8-bit/color RGBA, non-interlaced\012- data
Size:   9233
Md5:    4feb0483d9baea8d00fec981ae1e9d71
Sha1:   3cf4aba6784ed4124745d3f6061287c4829dea8a
Sha256: 24c94b4ab339a9c7c23474bcef3443422d2b99b5d8d2d7d3911296c3ffef4cf2
                                        
                                            GET /wp-content/uploads/2017/12/6.jpg HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 53330
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-d052"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Size:   53330
Md5:    9467e0789235f0bea677c90c80a5e230
Sha1:   843609c989e125433d2c6633f59f2702ece57a3f
Sha256: c1ad3db67db9a7ae6cb2c7fef0572c1761363e9ec55aec561e34a4a9167042eb
                                        
                                            GET /wp-content/uploads/2017/07/icon-2.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 11184
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-2bb0"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size:   11184
Md5:    fe22859bfd5dad480f9ab35dff2da666
Sha1:   7cee7e91d0800a2bc9582b9d4442b4d0e3c5838a
Sha256: 5650c189497dd884094662e550922ee066f9d21fb0b8ca15253f2f8eed683901
                                        
                                            GET /wp-content/uploads/2017/12/Web-Designing.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/12/Web-Designing.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/07/business-2.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/business-2.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/07/business-img.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         172.104.53.45
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 01 Dec 2022 01:47:48 GMT
Content-Length: 162
Connection: keep-alive
Location: https://www.crestcreations.com/wp-content/uploads/2017/07/business-img.png


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /wp-content/uploads/2017/12/2.jpg HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 31046
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-7946"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Size:   31046
Md5:    e595efa498dde9f416852aaf63c548f2
Sha1:   2da9329911d5d0a6e8ac64dbb0fc510197dc2ece
Sha256: a4fb46658b2117ef04f17697c97b4e409a4b3083ef71389b1b7ae4d4a18d7163
                                        
                                            GET /css?family=Poppins%3A300%2C400%2C500%2C600%2C700%7CRoboto%3A400%2C500%2C700&subset=latin%2Clatin-ext HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 01:47:47 GMT
date: Thu, 01 Dec 2022 01:47:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   47473
Md5:    c90cd131ce64b4b2959883f9c746be46
Sha1:   17b164d688197e1e0ec87e4488607423f93f2386
Sha256: 0d40b5b65617c7483f2db937a7c1a792a22fd5ef8828cc7a55684688cf4c884e
                                        
                                            GET /wp-content/plugins/revslider/public/assets/fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: font/woff2
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 77160
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: "63206513-12d68"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
                                        
                                            GET /css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2Cregular%2Citalic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&subset=latin%2Clatin-ext%2Cdevanagari&ver=2.9.6 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 01:47:47 GMT
date: Thu, 01 Dec 2022 01:47:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   45749
Md5:    4ec84113906ff3b4cab32f95c03b0ff6
Sha1:   0fc144c60c6de8c600f72d452fe774b88170c778
Sha256: 371ad5dd3c4609c33a41d5ee4517a83d41dfda9aaab880695a60ca0faaa9acc5
                                        
                                            GET /wp-content/uploads/2017/12/5.jpg HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 48156
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-bc1c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Size:   48156
Md5:    04ed560545705926a4bcee4fa802ebbf
Sha1:   ba37fd35cd126ae736dd7d211d5aabd1819b4508
Sha256: 76a3e83aba751f3f0e0260212aa4b8d796b9b2a4e27f3a3ccba106467d377988
                                        
                                            GET /wp-content/uploads/2017/12/1.jpg HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 28376
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-6ed8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Size:   28376
Md5:    3455b144c283fc98e37ab129f8324667
Sha1:   dc6602620bba7ea1f083538ed11ae90d33a4f9ba
Sha256: 525a19ab679f15681d3129e31f043a279989f3a3061f9a072596015b042feceb
                                        
                                            GET /wp-content/uploads/2017/12/3.jpg HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 29428
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-72f4"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Size:   29428
Md5:    4ad9d97708eb0c638c3667ff0fa0b0fc
Sha1:   005e2f0ce5a6ba549da54dc793874a9bcac716ee
Sha256: 7fde1e5e12f87edd1ea845b1f1154816e7ff1c87629944435418d50507975f07
                                        
                                            GET /wp-content/uploads/2017/07/author-1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 5334
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-14d6"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size:   5334
Md5:    7f7462012ebf4d74f1f3b172a11d0882
Sha1:   9742f2a182cb520746d09a4b2dd55521ba80addb
Sha256: 7786d9ad1c2fb8e8953052b5e42b4d82724b19a3cb921e9763626539ef9dd68c
                                        
                                            GET /wp-content/plugins/revslider/public/assets/assets/dummy.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 68
x-accel-version: 0.01
last-modified: Tue, 13 Sep 2022 11:10:13 GMT
etag: "44-5e88d0e6f8298"
accept-ranges: bytes
x-powered-by: PleskLin
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size:   68
Md5:    2a637d3d825673c0e3462fa4ed9a1c5c
Sha1:   81668d396da22832d75a986407ff10035e0d5899
Sha256: 69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
                                        
                                            GET /wp-content/uploads/2017/07/icon-1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 9919
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-26bf"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size:   9919
Md5:    46edd6ed1acf9cddb1ed6118525463e1
Sha1:   40f98d36a5cb2cd897a9f189417661fbf47aad32
Sha256: 3e4059f1192d98cd3f259f24f86e582b5ff03af17370fc24210c1aebff070655
                                        
                                            GET /wp-content/uploads/2017/07/icon-3.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 5512
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-1588"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size:   5512
Md5:    ec8fe17ca98417e1973b5063c3ed8ea1
Sha1:   ea718b1d40b5222b9756d3e3d8cad6688a859caa
Sha256: 5f6be84735b23d6f65e6fc68191d6fbf032dda65dea9c2ca4ed265d36e3b6e8f
                                        
                                            GET /wp-content/uploads/2017/12/4.jpg HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 67677
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-1085d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 600x462, components 3\012- data
Size:   67677
Md5:    255df3bb2e4dbc8a220c3eba89826ba4
Sha1:   48e3b8ec40ed9acedab15a2fe1783eb875a0fbe9
Sha256: 4ddc847f31fd78b4416fc665122e7a922c8167702251f9f69862837a0b17e345
                                        
                                            GET /wp-content/uploads/2017/07/content-arrow-2.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 6632
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-19e8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 270 x 188, 8-bit/color RGBA, non-interlaced\012- data
Size:   6632
Md5:    2544724dd13b4c8b197ab633766818c2
Sha1:   380f8e45eaa9103a75774866cc137156df5c606b
Sha256: fb68ac2e85d87ff7ea90253de7a8fad9bc11d3d4d6285216865ac5fc98efd90a
                                        
                                            GET /wp-content/uploads/2017/07/content-image-2.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 9079
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-2377"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1263 x 173, 8-bit/color RGBA, non-interlaced\012- data
Size:   9079
Md5:    dceaa09ea675009611b7a501b26e5495
Sha1:   ced98d72136632f4a45f2dd8653f3b5d301756a1
Sha256: 832bb5c064f7c0589a400cc0d9d8eefedb2769baedc6ee59313da64e1f384f77
                                        
                                            GET /wp-content/uploads/2017/07/content-arrow-1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 4148
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-1034"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 300 x 125, 8-bit/color RGBA, non-interlaced\012- data
Size:   4148
Md5:    f46e188e24b9b38441327eed7ab5bd2d
Sha1:   c1b36f424940e4437b1fbaabee1544f02a9830b2
Sha256: 40fb2d434771c843427e3f71e5adf08b42848506c4d7df6712cbcde05ba18c2e
                                        
                                            GET /wp-content/uploads/2017/12/Slider.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 18933
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-49f5"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 468 x 556, 8-bit colormap, non-interlaced\012- data
Size:   18933
Md5:    932dc08d0573f7cb8b5a5e113e9ff118
Sha1:   0ec8f3c39111606c803f57b6d6930307a2aec30c
Sha256: 8b857a239ce984f9c7f6b492dc65d509d4d30719a7003a396b460ffe2a446ce1
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
etag: W/"6048e0ac-15db1"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   74187
Md5:    1d4ab83d3d91e0f617f9a9c788ef703b
Sha1:   fc9fbb85cc72b118b63d5f5d732b72c733993e29
Sha256: fc93f036ed9c80754fa204ec5bbf3416d704d339f3ddc0d8b2eca735af5f43ac

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2017/07/content-image-1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 97125
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-17b65"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 286 x 531, 8-bit/color RGBA, non-interlaced\012- data
Size:   97125
Md5:    944888bdff00c3136f95c432a6cc1a47
Sha1:   0ded496b6e05caa44270af2f7df682d0520e173f
Sha256: 1883e41710fa4d4efb9b37d1366635f8148ca3be01674991cd7342c230ffa16f
                                        
                                            GET /wp-content/uploads/2017/12/upic-ppai.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 882942
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-d78fe"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1170 x 188, 8-bit/color RGBA, non-interlaced\012- data
Size:   882942
Md5:    665cc2faeb7ddaad0de5969ab96fed05
Sha1:   685ebf00b1b0c5992d68aac57d9cbd1d61494809
Sha256: af8bdd7e8f0db0b7f23dfac1d4bff8055e8d60189f268d5df1b46fce77215f94
                                        
                                            GET /wp-content/uploads/2017/12/embroidery1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 199961
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-30d19"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 600 x 414, 8-bit/color RGBA, non-interlaced\012- data
Size:   199961
Md5:    1979a85bc3a65634ea8cba0d1f4396a9
Sha1:   0942ac541df0e867372f55f5571784fd5c6281b9
Sha256: cdb2d25c2da8763ac6ee7ca168bc2ba54fd805e1c75206dc555ca8dac02be07a
                                        
                                            GET /wp-content/themes/gruene/css/woocommerce.css?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Fri, 12 Apr 2019 11:56:14 GMT
etag: W/"5cb07cde-f69f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1148), with CRLF line terminators
Size:   16306
Md5:    00b0be7df68de9ea4fefe33969a382c8
Sha1:   15daf52c61b0312b17d342c299b831f9c7d8f371
Sha256: f9aa200a3af64ea02acd187ba9c609ffd2d16fbd62dc2b35242bde2b5e77ec49

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/gruene/images/background/pattern-2.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/wp-content/themes/gruene/style.css?ver=6.0.3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
content-length: 111778
last-modified: Thu, 13 Jul 2017 09:34:20 GMT
etag: "59673e9c-1b4a2"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 396 x 714, 8-bit/color RGBA, non-interlaced\012- data
Size:   111778
Md5:    94795c67c857ef0bc19996fd8f052be7
Sha1:   041244d399f29c62736544f6a22b6a8e3ef286c0
Sha256: 67656e0f476380a3c8a2fe61c654ac190a77999ca37dd5c3041918ac8af32ee8
                                        
                                            GET /css?family=Poppins:400%2C600%7COpen+Sans:400%7CRoboto:400&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 01:47:47 GMT
date: Thu, 01 Dec 2022 01:47:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   20359
Md5:    e44112d31f4614382bb0a4b82884d82c
Sha1:   342345363ab708018df345bf178f997f1b0bec47
Sha256: 55011324b6553b039da2931f536918d33c7022c91415aaf6c2f9704e569a2c45
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=8.5.1 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
last-modified: Mon, 24 Oct 2022 07:17:59 GMT
etag: W/"63563c27-28c3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (10435), with no line terminators
Size:   25616
Md5:    62acd64780eaa028e1f571c17ba205f3
Sha1:   43002ed9ff5ae7c7b6717f33c0ac51bae1216be2
Sha256: aba0fc48fff0f60ca9951718149a4114eab49c3f801f492f14818157313bd900

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2017/12/Vector-Artwork.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-length: 35127
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-8937"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size:   35127
Md5:    911d15ab9d7628efa9c54d49b9307357
Sha1:   57cdf1b3118817a4176debb4d0b1dd5690ede421
Sha256: 5e844c127ded0e07938acc41316f0d904b9f2aaa5c47097f19da82be0d14a9ac
                                        
                                            GET /wp-content/uploads/2017/12/Image-editing.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-length: 36398
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-8e2e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size:   36398
Md5:    dac41d66e249137b2e0b97c6133aa726
Sha1:   a7395d4322a55a7ba4954ff1cadba53bc10085e0
Sha256: 5d5598166ea41e028f90b409dc59b9c7b6a2d8e1cbd061fe57511724f35a9380
                                        
                                            GET /wp-content/uploads/2017/12/Embroidery-services.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-length: 34523
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-86db"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size:   34523
Md5:    8eb3064599f9ead39be3a5823c3adb71
Sha1:   0ab79c72a47898e15368b101ff48d5e30ab7f008
Sha256: aca57124ddb51142b665a6051a970916d23605db857c594d6ae1b0470ed1db33
                                        
                                            GET /wp-content/uploads/2017/12/Pre-Press.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-length: 30798
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-784e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size:   30798
Md5:    f293a1fcfa44ceb802f5217f6db246b9
Sha1:   4659d583c97733ee0c1028e2e7efe9bf0bf429f1
Sha256: 5937cf2c7cbc31299c73342a06097a87412daa5485c56eff2a0fc1db9f0c6af7
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:47 GMT
last-modified: Mon, 12 Sep 2022 13:21:12 GMT
etag: W/"631f3248-15b64"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   466465
Md5:    479916d666bcd11f8c14992072be000a
Sha1:   d518bf297d5ade144943d98818a8a7a4885e0d50
Sha256: 7733d19788adb7a2b2ae40d39b5511b98df7ab6bdec5009065ec28bf8fc9ded3
                                        
                                            GET /wp-content/uploads/2017/12/vector-art.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-length: 906063
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-dd34f"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 591 x 383, 8-bit/color RGBA, non-interlaced\012- data
Size:   906063
Md5:    1494efc374614049cc7c265b3179456e
Sha1:   c6529207140c28f0d640ecd939d0e66ffd9976f0
Sha256: 60285c1401b476d83cd3d30dcf61265e8e10a790f969da5dc77478fab6dec5a8
                                        
                                            GET /wp-content/uploads/2017/12/Custom-Design-1.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-length: 68458
last-modified: Tue, 05 Jul 2022 16:20:52 GMT
etag: "62c464e4-10b6a"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size:   68458
Md5:    1818ac071dc10e20dcefcecaeea5c181
Sha1:   77563417d365ffd2dfaa6e6333154e9cdb4d46b6
Sha256: 213ae80824bfe7ffadd72293c3bc8210778db70409163acc92bd62a884c7a91b
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Mon, 24 Oct 2022 07:17:06 GMT
etag: W/"63563bf2-3016"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (12310), with no line terminators
Size:   38691
Md5:    edef05d73f4406151cfd7c635a10a906
Sha1:   b67c6ffd577985c8d16df11ba0237017081a60c5
Sha256: 8c976970fdecb170fd39c9fcdda3368a577edacbcdc9669d0d374d4a09b36f4f
                                        
                                            GET /wp-content/themes/gruene/js/owl.js?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Tue, 25 Oct 2016 08:46:22 GMT
etag: W/"580f1bde-14d37"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (360)
Size:   49009
Md5:    202d09b60f7096b69dbbcdaea5d738af
Sha1:   44033b5ab03606cfd495db41c4b8715d8032e869
Sha256: 54a404857e41d96a405e42ebce88f533e1875e42cd195f9ee8c8de2f6c9a64cd

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/gruene/js/jquery.fancybox.pack.js?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Thu, 13 Jun 2013 20:42:30 GMT
etag: W/"51ba2eb6-5a5f"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (645)
Size:   79112
Md5:    131e776f39e542bcd5483d68aa91ddcb
Sha1:   1028383a459999a84d324f3df264a2974cc65bef
Sha256: 3676a28455583155639ae587191c06924b7e81936371c6a65f518d67423cb2dd
                                        
                                            GET /wp-content/plugins/revslider/public/assets/assets/loader.gif HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.24
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:49 GMT
content-length: 2545
last-modified: Tue, 13 Sep 2022 11:10:11 GMT
etag: "63206513-9f1"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 24 x 24\012- data
Size:   2545
Md5:    4b3afb84b2b71ef56df09997a350bd04
Sha1:   accdac8a7abeab0e21c49539aad0a973addb28ef
Sha256: 9034d5d34015e4b05d2c1d1a8dc9f6ec9d59bd96d305eb9e24e24e65c591a645
                                        
                                            GET /wp-content/plugins/go_portfolio/assets/plugins/jquery.carouFredSel-6.2.1-packed.js?ver=1.8.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Wed, 23 Dec 2020 15:08:50 GMT
etag: W/"5fe35d82-f4f6"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19352), with CRLF line terminators
Size:   21325
Md5:    80afade30801c1aa1ae83727d78d31a5
Sha1:   d847887f1c9111780df10536bbcd3f0c13cafb28
Sha256: b20a8a73f8927796627d7c8cf060b43bd7358096cd6cb01d2d11196f736c1c74

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.0.0 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-85b"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2139), with no line terminators
Size:   25439
Md5:    d93dc9112894cbb04906d23ddb174c51
Sha1:   a40023d429995ba1d1d90a05fdec515739653e8f
Sha256: b455926f8f12fe88ec39fa2779bcb8b2f8cf466aae11d375adf31b4c2473f0e8

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.14
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 00:46:55 GMT
expires: Thu, 01 Dec 2022 02:46:55 GMT
cache-control: public, max-age=7200
age: 3655
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /wp-content/uploads/2017/12/cropped-crest_logo-32x32.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:50 GMT
content-length: 2296
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-8f8"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   2296
Md5:    1eed90108d4ab26ddf7f4c7aae69ebec
Sha1:   9567e21fe63c9140beb3d61b3fc3cad5c251ebe0
Sha256: d284ea1b1ed187bb83351fa6fa68c1fe6dbe2acc5eb2fa46fd66aa57ca782d56
                                        
                                            GET /wp-content/uploads/2017/12/cropped-crest_logo-192x192.png HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:50 GMT
content-length: 25607
last-modified: Tue, 05 Jul 2022 16:20:54 GMT
etag: "62c464e6-6407"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   25607
Md5:    09b2818441a3f092c7170788071e3d21
Sha1:   9672b25eca7b40357ad43d079ee2bce5d7d38d3e
Sha256: ddddcf630bf6c25d3034eebf878597a684525e7dbc58437d9e0b942dcc7c92dd
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js?ver=3.1.6-wc.7.0.0 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-533e"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (21310), with no line terminators
Size:   34005
Md5:    d7723a5eb988e16f6906f1ee87005785
Sha1:   208dad5e6351ccb4ae545ba4b4cb53fde7a6423a
Sha256: 9907b38a61f08b8fff56a4ff8b61cc80a88b1570f629e2fd7c2e8b7401cdafc6
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-65419150-1&cid=1509196373.1669859269&jid=1781763902&gjid=408239674&_gid=1774710057.1669859269&_u=YGBACUAABAAAACAAI~&z=235182505 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.crestcreations.com
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         64.233.165.157
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://www.crestcreations.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 01 Dec 2022 01:47:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   4
Md5:    48c0473b7821185d937e685216e2168b
Sha1:   3743e47f8a429a5e87b86cb582d78940733d9d2e
Sha256: 570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
                                        
                                            GET /wp-includes/js/comment-reply.min.js?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Mon, 12 Sep 2022 13:21:14 GMT
etag: W/"631f324a-ba5"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2946)
Size:   1701
Md5:    59d28ecef618b08d85e642e5160c2ec2
Sha1:   ef5e2ff3bff35b1ea3531e4c627be67098fd67f9
Sha256: 320431979ed53e2c22a44044442370d3db0ca0aab4b587749fe70df13cb046fa

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Mon, 12 Sep 2022 13:21:13 GMT
etag: W/"631f3249-50eb"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (8189)
Size:   7086
Md5:    56a3aeeedb5c8243a2799d4a76c66fbf
Sha1:   f047b7b6bb7785009155584e0f0605e9c30a118c
Sha256: 2338c269d693976b369fea74422ef6118b2f0b3aa1dc771f54749958db73bb17
                                        
                                            GET /wp-content/plugins/kingcomposer/assets/frontend/js/kingcomposer.min.js?ver=2.9.6 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Sat, 13 Jan 2018 22:55:50 GMT
etag: W/"5a5a8e76-44f8"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (17655)
Size:   8007
Md5:    e22a574d8613bb7e907f3591fb37c93a
Sha1:   ed386039edb50293a369f7278ba15ae5c0992805
Sha256: 2f8fb0b127417f9689ece760e0ccbd70e93dd879395e1b746e6a8d1d2d76ad1d

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.0.0 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-bdd"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (3037), with no line terminators
Size:   1015
Md5:    b66f825abcda9883fcddbc9c149a9ccd
Sha1:   21161badee995b1e8847b5057cba0dc300ba1266
Sha256: 062d1d87477a1ac4d30a33fc831bf23a12c3dc9ae2c1365e858e0092f1ec7cf9

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/gruene/js/script.js?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Fri, 17 May 2019 04:08:16 GMT
etag: W/"5cde33b0-41ba"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   3300
Md5:    50adb2fafe7932cd7b7740ad4d77569c
Sha1:   b433682098538f9406dc909c764b13c9eb5aa20d
Sha256: 1f9edeb318cc3da1c6cb2c7f28f8878d8ea90e829b20f4900111712bdaf4e3f5

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.7.0.0 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Mon, 24 Oct 2022 07:18:03 GMT
etag: W/"63563c2b-2525"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9115)
Size:   3716
Md5:    79fcd8c68f455f95f0ee0adf7e1d1d96
Sha1:   120db2815767fd1f235bdb9cb0fdfb51ea6f2b0e
Sha256: f24c4993d258f5daac516066e9b9ca2aa60b0b298a2da1f47085ae1db158ec86

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 01 Dec 2022 01:47:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/themes/gruene/js/wow.js?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.crestcreations.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         172.104.53.45
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 01:47:48 GMT
last-modified: Sat, 16 May 2015 17:00:06 GMT
etag: W/"55577796-189c"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/gruene/css/flaticon.css?ver=6.0.3 HTTP/1.1 
Host: www.crestcreations.com
                                        
User-A