erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
192.124.249.32301 Moved Permanently 162 B URL HTTP/1.1 erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
IP 192.124.249.32:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET /qco/u1J/QMU/wHZ/uY3UPll.zip HTTP/1.1
Host: erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: Sucuri/Cloudproxy
Date: Sat, 05 Nov 2022 11:22:00 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
X-Sucuri-ID: 19032
Location: https://erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b720c31d9c036cd2ef10e35fa29f5345
ac625d2e69284e5080bede4b37c31af62c26338b
323b76eceb5d3ad339a1c55bfa7eea4e39741258e08d5005b691f712a9e9c81c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "323B76ECEB5D3AD339A1C55BFA7EEA4E39741258E08D5005B691F712A9E9C81C"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16767
Expires: Sat, 05 Nov 2022 16:01:27 GMT
Date: Sat, 05 Nov 2022 11:22:00 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2160
Cache-Control: max-age=168304
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:00 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 10:07:04 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2160
Cache-Control: max-age=168304
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:00 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 10:07:04 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2259
Expires: Sat, 05 Nov 2022 11:59:39 GMT
Date: Sat, 05 Nov 2022 11:22:00 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MBqAwz92948zJrbMXv23HsShu6g04qXXeby9cU/9f//nYayYZgaYd8BnW1Qi1w7q8ptm0VWkQi4=
x-amz-request-id: 7K514SWSJBEA8GBN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 05 Nov 2022 10:47:10 GMT
age: 2090
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 16c4f87b2865a79a3a7c84e769083cde
f270fdd6bbeef7b37bb61897d1fb87468e813c37
5748c3f4b3a603e1b53dc9f9504551bf20e44ada752dbe835378167aed711afd
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 05 Nov 2022 11:22:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 05 Nov 2022 03:12:59 GMT
Expires: Sun, 06 Nov 2022 03:12:59 GMT
ETag: "f270fdd6bbeef7b37bb61897d1fb87468e813c37"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash db63d54b77502dd6c7bdc792d4fd093e
026ad8186833988279468829c004c6e2a2f2626f
eff89ef67baa622e8a196ffcadc44d29aafff009bb531da3e979a1f47c3b1c36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6549
Cache-Control: max-age=167635
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:01 GMT
Etag: "63661997-1d7"
Expires: Mon, 07 Nov 2022 09:55:56 GMT
Last-Modified: Sat, 05 Nov 2022 08:06:47 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.215.91.121101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.91.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PRQ8up7XMAbgL0+3+U0P2g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hDiLXK+GVQ3ewY71vaF+XxxRqRo=
erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
192.124.249.32301 Moved Permanently 1 B URL HTTP/2 erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
IP 192.124.249.32:0
Hash eccbc87e4b5ce2fe28308fd9f2a7baf3
77de68daecd823babbb58edb1c8e14d7106e83bb
4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce
Analyzer Verdict Alert fortinet Malware
GET /qco/u1J/QMU/wHZ/uY3UPll.zip HTTP/1.1
Host: erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
server: nginx
date: Sat, 05 Nov 2022 11:22:01 GMT
content-type: text/html; charset=UTF-8
content-length: 1
location: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-redirect-by: WordPress
vary: Accept-Encoding
content-encoding: br
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
192.124.249.32404 Not Found 27 kB URL HTTP/2 www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
IP 192.124.249.32:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (36418), with CRLF, LF line terminators
Hash e7939b951b54411dae14b1310b7942d8
a8ca131e8839a6b7d8a420d4cacb9eed9e4e77ae
053891e28ac26a21425c1106b4024314df4e7f9f2590760960f800802418affe
Analyzer Verdict Alert fortinet Malware
GET /qco/u1J/QMU/wHZ/uY3UPll.zip HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/html; charset=UTF-8
content-length: 26844
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.erabahrain.net/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: br
x-sucuri-cache: MISS
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/css/dist/block-library/style.min.css?ver=6.1
192.124.249.32200 OK 12 kB URL HTTP/2 www.erabahrain.net/wp-includes/css/dist/block-library/style.min.css?ver=6.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (47826)
Hash b2dc3251dcdda386df52cf08196865cb
1b72d2d6c8fff8f46bcd96ad60c5234a6b216f8c
43afc941bfab0dec4796f8f93f57334d906c844ebddd003e0a0e287ede35fd39
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 11574
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:29 GMT
etag: "e810fc-17265-5ec7976a4669f-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/residence-gutenberg/dist/blocks.style.build.css?ver=6.1
192.124.249.32200 OK 178 B URL HTTP/2 www.erabahrain.net/wp-content/plugins/residence-gutenberg/dist/blocks.style.build.css?ver=6.1
IP 192.124.249.32:0
Hash 08e3b46a53149a784ded27f94565f466
258f6c76a885dfd497b31601bef2ef3468af3564
5341b6961940449a95d866961cf16b43a2ae231ebef385b45677aee17101730d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/residence-gutenberg/dist/blocks.style.build.css?ver=6.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 178
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:10 GMT
etag: "f80970-119-5e593fa8c3880-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/css/classic-themes.min.css?ver=1
192.124.249.32200 OK 145 B URL HTTP/2 www.erabahrain.net/wp-includes/css/classic-themes.min.css?ver=1
IP 192.124.249.32:0
Hash 2dfb9ddeabe846b150087876ceb22a74
c9e3350631e53855d04d6dce360a675c84b3131d
26ef5cb63a695419cf11c79a759b46c5568df3716e4f1d36e7612b3695d5b554
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 145
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:29 GMT
etag: "e8230d-d9-5ec7976a45317-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
192.124.249.32200 OK 849 B URL HTTP/2 www.erabahrain.net/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP 192.124.249.32:0
Hash 206db6362f8b7f33b19b3cdbd3a9d057
8985a296fa427906875c57f2725c5b44488a7ab3
649ae4ae461fd7aadfc63f0cb914cb996e2559778721f82dc40daacc06c595d2
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 849
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 19 Oct 2022 12:52:32 GMT
etag: "fa1116-aab-5eb62aea421bc-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/css/bootstrap.min.css?ver=3.8.1
192.124.249.32200 OK 18 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/css/bootstrap.min.css?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (65371)
Hash 023692081edcb25bc6387f2aa9f111df
1e0ef7900bc0beac3c069e5ec719b2f640bff905
58666c9b6008be2cc578d0e144a10a5a572ad69d98eef9eb33a2de74f9f651dd
GET /wp-content/themes/wpresidence_381/css/bootstrap.min.css?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 17759
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fa0eef-1ca39-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/css/bootstrap-theme.min.css?ver=3.8.1
192.124.249.32200 OK 2.0 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/css/bootstrap-theme.min.css?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (19798)
Hash 9a033a68a886491687881bb123c6489d
9e9792d0a58cda1ff420e79c56d4f5dbac84b6ef
1c0ceec5593ef517ef648d330b8dddf1d50e29f0543eeb2452dce74d5e7d5ce1
GET /wp-content/themes/wpresidence_381/css/bootstrap-theme.min.css?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 1986
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fa0eec-4dfb-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/css/my_media.css?ver=3.8.1
192.124.249.32200 OK 20 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/css/my_media.css?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (356)
Hash d521441bc954b1e22153f8ad21d99db9
798c013b1fb55cea09c84f32a2b29c861a3e6310
26ef03f8c80d03b9c3608441082e82993aa7e8068bc1574619ec8961a99d6fcd
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/css/my_media.css?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 20034
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fa0ee4-284df-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontawesome/css/all.css?ver=6.1
192.124.249.32200 OK 13 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontawesome/css/all.css?ver=6.1
IP 192.124.249.32:0
Hash 9cbef4bb9a9586f83201a6a99cbe7daa
a4ce49b5706ae198147e4506c9ec28a7ba236a51
1514950b92700b723b8c22ff11eaffc2bcd969d8297f647f98022990db879d65
GET /wp-content/themes/wpresidence_381/css/fontawesome/css/all.css?ver=6.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 12552
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fa0e87-11bde-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontello.min.css?ver=6.1
192.124.249.32200 OK 565 B URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontello.min.css?ver=6.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (1986)
Hash 6fbea0b7baa9690608ce12d9b5420da5
89b198d7c75546f9142821500a59c7b1af9b9e86
e724f59818deafd1130617ba4b739c4ed53070dc63d52fdbf3201753cd01c7d3
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/css/fontello.min.css?ver=6.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 565
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fa0ee7-7c3-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/css/jquery-ui.min.css?ver=6.1
192.124.249.32200 OK 4.6 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/css/jquery-ui.min.css?ver=6.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (23401)
Hash 2f08ffb923df9ceb0927f947eb022f58
6b16264203fe6b0666b485a65b251703ecf798f9
4042b471843b8c7c97e527caf686c5493559040a1b9619024167e35fddf9f0aa
GET /wp-content/themes/wpresidence_381/css/jquery-ui.min.css?ver=6.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 4595
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fa0ee6-622c-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/leaflet.css?ver=3.8.1
192.124.249.32200 OK 3.0 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/leaflet.css?ver=3.8.1
IP 192.124.249.32:0
Hash ebcd2ba6b6a1a12a5eeea426392248b5
38f4c3bdb3589b1b2f0ca6bac8237e6a31b0fa37
e2f78dcb5250a1402f17412a422575641782a45f3fc986bcc314c72f9882e299
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/openstreet/leaflet.css?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 2993
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00d4-349f-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/MarkerCluster.css?ver=3.8.1
192.124.249.32200 OK 212 B URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/MarkerCluster.css?ver=3.8.1
IP 192.124.249.32:0
Hash dfeedd520ff83fbbf62cb1dd6388bbe0
ec557710bdd29eb2c5561397ec87c4dc050efbd9
1169852d4d3f4ddbb82a0aea208e36dfb960dd34e71f5ff22a867bcac3f4f63c
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/openstreet/MarkerCluster.css?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 212
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00d1-368-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/MarkerCluster.Default.css?ver=3.8.1
192.124.249.32200 OK 332 B URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/MarkerCluster.Default.css?ver=3.8.1
IP 192.124.249.32:0
Hash fa272ccc73cf4aa3e86116cc45b7401b
21249fb8203c8d899286e8ee29754f18f7fe6c4b
520fca48df5777d5919bcec6520039a143cce1ad8f10005498961ef250791d55
GET /wp-content/themes/wpresidence_381/js/openstreet/MarkerCluster.Default.css?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 332
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00d0-507-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
192.124.249.32200 OK 30 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (65447)
Hash fb1aea2f7ce09f9d2e290d73d57defdf
62d40e64c8aeff20834868816d20d6a645fd2565
367cc15d582c7056695a307c1ef9b32a9e4810c16e33f27eac05909a1f57d4b4
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 30350
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:30 GMT
etag: "ea033f-15e54-5ec7976b2f159-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
192.124.249.32200 OK 4.0 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 192.124.249.32:0
File type ASCII text, with very long lines (11126)
Hash 1fbb59519536e28eeb7ae7173973c39f
f6542c5d0f96f621eea4f3cb442021dfe33863fa
b1b54befd52c3605721bf8b5a6c0290c572929138358738826873751256b191c
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 3998
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
etag: "ea0337-2bd8-5b45debe27b80-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/modernizr.custom.62456.js?ver=3.8.1
192.124.249.32200 OK 7.8 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/modernizr.custom.62456.js?ver=3.8.1
IP 192.124.249.32:0
File type HTML document, ASCII text, with very long lines (3738)
Hash 063164d6ff6ffa5fe2ac7959b37bdf4e
fe886509e822d382904030cfaa55ec48ab61fa7a
440956be99c36429bf3982b9d9baa25f30e7f40cc93a5347d43bfa39abeba960
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/modernizr.custom.62456.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 7802
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00e3-7155-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/wp-emoji-release.min.js?ver=6.1
192.124.249.32200 OK 4.6 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/wp-emoji-release.min.js?ver=6.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (15660)
Hash a0083d25b89ea80ecd2393db9f865d62
24eaf2df7c722fb13f2b5bf77ada5ee446720c25
f7533cb93f2efbb9e3bccfa9ff4036a2cafa7dd1bd4d66bea4833306b321e957
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 4614
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
etag: "ea03d7-48b9-5dc6eb878efc0-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/uploads/2022/06/logo-white-2.png
192.124.249.32200 OK 15 kB URL HTTP/2 www.erabahrain.net/wp-content/uploads/2022/06/logo-white-2.png
IP 192.124.249.32:0
File type PNG image data, 525 x 525, 8-bit/color RGB, non-interlaced\012- data
Hash 472193b674f250de9a8e940b9cc8028e
e6f2a5e237a9db82853902360161e65b4317281a
b5486c55f205824fe988b3653fa6ec4a64a2eb90a63b26b83a688f9a368ac9fa
GET /wp-content/uploads/2022/06/logo-white-2.png HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: image/png
content-length: 15353
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "f6424d-3bf9-5e593faaabd00"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
192.124.249.32200 OK 7.5 kB URL HTTP/2 www.erabahrain.net/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888
IP 192.124.249.32:0
File type Web Open Font Format, TrueType, length 7536, version 1.0\012- data
Hash a4ed9cd7534746ac7fbea2d091ee91df
0a2791674bdb5a12546803ab2868e2b41f40e21e
d3aab64dc6dcecee8a79e680d3fc4f6e4a66b4c52f0b0131a5963a0fc1b62058
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: font/woff
content-length: 7459
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:10 GMT
etag: "f80fe9-1d70-5e593fa8c3880-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash a2f6c296003d839bdee766ef4082e376
013ae64b10cb1355ae9b6ba38dcfa79f71a9b505
703d6582ab3344d6e4a0d5b7e0c9983b8f7e8179d73dd6584c37bbccc8c84308
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d65c94a3bfe8605059e5e626ea0fa57e
b0fbc3577331b82efc8e320095b8d8705a6360d3
0878edd256a972f526d7053cdebceb28241db5662cc7660a10f1b4c3430c43c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash a2f6c296003d839bdee766ef4082e376
013ae64b10cb1355ae9b6ba38dcfa79f71a9b505
703d6582ab3344d6e4a0d5b7e0c9983b8f7e8179d73dd6584c37bbccc8c84308
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.erabahrain.net/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.3
192.124.249.32200 OK 12 kB URL HTTP/2 www.erabahrain.net/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.3
IP 192.124.249.32:0
File type Unicode text, UTF-8 text, with very long lines (12602)
Hash ea655ec5d9ef5b7307b62f2aee12f2a2
616cae877202cf19e17a7c612e218f340c873cc2
659984f6a872eefd691b0277d1d739771ab0b2b0c6f9497ee8d4bd1d74893a0a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.5.3 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
content-length: 11757
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:10 GMT
etag: "f80fc0-e120-5e593fa8c3880-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
192.124.249.32200 OK 2.8 kB URL HTTP/2 www.erabahrain.net/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP 192.124.249.32:0
File type ASCII text, with very long lines (9937), with no line terminators
Hash ff02b8666d63a3b9e397b2b858074693
91b481014f8b9d7e24dd7bb8b1c6c0f9f602cd45
2fa477da19ee9f42c129136ab344430ac488774572922145bdd85b79947c428b
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 2816
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 19 Oct 2022 12:52:32 GMT
etag: "fa1132-26d1-5eb62aea425a4-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
192.124.249.32200 OK 3.7 kB URL HTTP/2 www.erabahrain.net/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP 192.124.249.32:0
File type HTML document, ASCII text, with very long lines (12310), with no line terminators
Hash 3f5b29ccb14616c832957c42795e6ab2
7d30104802da738c826407e18a392f8a7f3ba21b
f0056cb6dc94c74c15c8df327c6d4721bfe1e9f57fef745b53f1398d660f7785
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 3709
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 19 Oct 2022 12:52:32 GMT
etag: "fa1135-3016-5eb62aea425a4-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.3
192.124.249.32200 OK 46 kB URL HTTP/2 www.erabahrain.net/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.3
IP 192.124.249.32:0
File type ASCII text, with very long lines (42889)
Hash 453a445adedac16153914d024f3822ea
c95df1f9895a69f009a00b7943ef99f576c90cac
34c772895556408f72878670a616c37e76fbcf7b06497378a625fd856db6f535
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.5.3 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 45510
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:10 GMT
etag: "f80ff4-1e4e6-5e593fa8c3880-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.16.1
192.124.249.32200 OK 287 B URL HTTP/2 www.erabahrain.net/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.16.1
IP 192.124.249.32:0
Hash 9dbe08231f14e4ecb60fe17908018dd3
52b71755cb7994888510fb4068de0b4f49c5edd4
b4e3405eb5450a1af6185deda9358f33c9c756bb3b2bf869da56b349f7821cf0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.16.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 287
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:11 GMT
etag: "f80157-5a9-5e593fa9b7ac0-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/thrive-visual-editor/thrive-dashboard/js/dist/frontend.min.js?ver=3.12
192.124.249.32200 OK 1.2 kB URL HTTP/2 www.erabahrain.net/wp-content/plugins/thrive-visual-editor/thrive-dashboard/js/dist/frontend.min.js?ver=3.12
IP 192.124.249.32:0
File type HTML document, ASCII text, with very long lines (2998), with no line terminators
Hash 281e3751fa416bf88f6bb761e065ef7e
64b05b3d76ce2908a1d333598b4282437269201e
85bcab6d483f8ed103684b0482b67bd7fd66c1d0d8e44635c7a31165eddd5c31
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/thrive-visual-editor/thrive-dashboard/js/dist/frontend.min.js?ver=3.12 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 1219
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Thu, 20 Oct 2022 01:10:28 GMT
etag: "ec12e7-bb6-5eb6cfdb3b135-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
192.124.249.32200 OK 6.8 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
IP 192.124.249.32:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash fcaa8987fae3c9c571ec0eef98c6476c
48ecee4ad6cc641d9a97f2c3dc3460a85e65ec2a
53b64ba30e018b23c555163577085c8171555d6e879ad2eb1b3a28baff8281cf
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.2 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 6809
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:30 GMT
etag: "ea034f-53c0-5ec7976b2e5a1-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
192.124.249.32200 OK 1.0 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2
IP 192.124.249.32:0
File type ASCII text, with very long lines (3224)
Hash 70fa8e4e20665205c1503b15c9f78e64
74e98e2636557de7e2fdba8ff2e017f2c8b7a7d4
968694bc3a3f0b9ee66d05da689c6bb85831f8eb4786efb9c26ff3c0bdd6222b
GET /wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.2 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 1001
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:30 GMT
etag: "ea0351-d4a-5ec7976b2ed71-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.2
192.124.249.32200 OK 4.7 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.2
IP 192.124.249.32:0
File type ASCII text, with very long lines (18142)
Hash d7614141e6015429df5b294788492a31
f01be8c6459918d749ab024ec924d5be9c00de5f
16faf373e8fb3510b455d6608ad13a57a65c3f20b7bfb2cba23536309997492a
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/draggable.min.js?ver=1.13.2 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 4657
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:30 GMT
etag: "ea0355-4794-5ec7976b2e5a1-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/jquery/ui/menu.min.js?ver=1.13.2
192.124.249.32200 OK 2.9 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/jquery/ui/menu.min.js?ver=1.13.2
IP 192.124.249.32:0
File type ASCII text, with very long lines (9937)
Hash 41e7ae90d763e0636fe4834beb3e7ece
e14abec76a2caf88d7bbdb3c486f93d3b0b0c468
d776c68c3cff8254826190fcabf86568d98e351cf476bd997735902ee3be14ac
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/menu.min.js?ver=1.13.2 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 2885
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:30 GMT
etag: "ea035d-2782-5ec7976b2ddd1-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
192.124.249.32200 OK 2.4 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP 192.124.249.32:0
File type ASCII text, with very long lines (6475), with no line terminators
Hash fd9569e5d4d99499e7712f61cd673089
96c465e0479831743968bdd243bd3bcbfaaa6e44
ea064fac3384ce935085b6a08a0b5379be3b747b3ce9ea87b6c9d41d1cd93f02
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 2362
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: "ea0215-194b-5dc5fbf1e6f80-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
192.124.249.32200 OK 6.4 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP 192.124.249.32:0
File type Unicode text, UTF-8 text, with very long lines (17819), with no line terminators
Hash 68ac7f65718f620d2a08c8dd44990aee
51864b639a094231cd78cde224b119cb920d7d11
cfb9e332da756003e32aaf8503cd187ac0307b74742742e38348fe783a655b14
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 6352
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:29 GMT
etag: "ea021e-459f-5ec7976a4f728-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/dist/dom-ready.min.js?ver=392bdd43726760d1f3ca
192.124.249.32200 OK 282 B URL HTTP/2 www.erabahrain.net/wp-includes/js/dist/dom-ready.min.js?ver=392bdd43726760d1f3ca
IP 192.124.249.32:0
File type ASCII text, with very long lines (463)
Hash 026c156883a22d7336abc0da5b349dea
1003dc933aac055602017a46b0e95b6ca3da0cb7
b73c16c488f7d397f0741236d8f8524733f79ef6ec293e9fbb9ff5f986342811
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/dist/dom-ready.min.js?ver=392bdd43726760d1f3ca HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 282
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: "ea0281-1f2-5dc5fbf1e6f80-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
192.124.249.32200 OK 1.6 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
IP 192.124.249.32:0
File type ASCII text, with very long lines (4875)
Hash 6e77b1bf3e2473915b3befb8026b84d1
15f7b7013aa1fb46a8bcc054b13586e9442d69d4
93137953eda434f31a656affa88fbc035ea8780eee3ed3b5636fcc2194ca96a7
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 1574
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: "ea0254-132e-5dc5fbf1e6f80-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
192.124.249.32200 OK 3.7 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
IP 192.124.249.32:0
Hash 6e6532668ca7ef382a54aeba2506c04d
bfdce7aa0af70ef36f55d72ae73d9071043a5e3c
7f3d6787fb15dd949a79c54caca8318fcb38bebc53103d4ee7f732c430e3ecda
GET /wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 3720
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:29 GMT
etag: "ea025c-27f6-5ec7976a4fef8-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/dist/a11y.min.js?ver=ecce20f002eda4c19664
192.124.249.32200 OK 858 B URL HTTP/2 www.erabahrain.net/wp-includes/js/dist/a11y.min.js?ver=ecce20f002eda4c19664
IP 192.124.249.32:0
File type Unicode text, UTF-8 text, with very long lines (2472)
Hash 58a82ef576c88e44159f79a1f5e8c64d
5cf20b9366f043e2e3f8957f4f8e0fec1b6f2e5c
a9979a3e72b47bd9f2258077195a0a3f930f443fd35dc6dca992d7dba94f599a
GET /wp-includes/js/dist/a11y.min.js?ver=ecce20f002eda4c19664 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 858
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
etag: "ea028c-9cc-5dc5fbf1e6f80-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/jquery/ui/autocomplete.min.js?ver=1.13.2
192.124.249.32200 OK 2.7 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/jquery/ui/autocomplete.min.js?ver=1.13.2
IP 192.124.249.32:0
File type ASCII text, with very long lines (8281)
Hash a6ac6ad66eaf6e11d134aa17ccc2ace3
eefc12b3470e5e1f91316e8dcd19cb043bfd5e54
836c90e24160bdda01b59b6905b840a043f7370aad6788ab7789d96031422d10
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/autocomplete.min.js?ver=1.13.2 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 2681
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:30 GMT
etag: "ea0366-2112-5ec7976b2e989-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/style.css?ver=3.8.1
192.124.249.32200 OK 91 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/style.css?ver=3.8.1
IP 192.124.249.32:0
Hash d551f2ddca420937167b36e8707e7e4d
3cc26a2e447d8073d332fb9a8e60652da929260f
6c3af862d6821e464a505032d3a995735efc832d4413c6040dd30c458018d147
GET /wp-content/themes/wpresidence_381/style.css?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: text/css
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fa1003-9019c-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
X-Firefox-Spdy: h2
www.erabahrain.net/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2
192.124.249.32200 OK 10 kB URL HTTP/2 www.erabahrain.net/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2
IP 192.124.249.32:0
File type ASCII text, with very long lines (36548)
Hash 470f6d280bbbece492acdf392922f814
4035af8a8311f90ab6de865997d79c8733715e22
2c552c6b7832342212f3ac9998b3c837e4a1ed42914985c3e074f730b90c7b2d
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.2 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 10518
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 09:28:30 GMT
etag: "ea0389-8f7b-5ec7976b2f159-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-107537550-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-107537550-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash d55b734436c58880b1ba6dcbe4ac4d7a
5e032dd11c218d6999945667ce28b5e516d30a7a
01059e255812635d1cd5639055924b48f119e2f77e2cbd73b6b41aa811c72f8b
GET /gtag/js?id=UA-107537550-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 05 Nov 2022 11:22:02 GMT
expires: Sat, 05 Nov 2022 11:22:02 GMT
cache-control: private, max-age=900
last-modified: Sat, 05 Nov 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43648
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/bootstrap.min.js?ver=3.8.1
192.124.249.32200 OK 9.2 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/bootstrap.min.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (32025)
Hash 5eeeba41d6bcedab11558a78b1cf028a
c3bd9995195edadca8066089b2dc45a073c2e574
e368d4871deee81aa4c983f809ceb9bebad9d74ce6461e857cebb796d473308f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/bootstrap.min.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 9215
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00f9-8c6f-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/anime.min.js?ver=3.8.1
192.124.249.32200 OK 6.2 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/anime.min.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (5324)
Hash 2ef8736445c4202b17b254588a7416bf
2b972a944029a10d1ee7b28b0b2e011dca649fdd
dfd6d0d6685c16ad207d8e59cf7fcd1b7c0fbfced646ec516ea26f87ddebf979
GET /wp-content/themes/wpresidence_381/js/anime.min.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 6228
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00fb-4015-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/jquery.fancybox.pack.js?ver=3.8.1
192.124.249.32200 OK 8.2 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/jquery.fancybox.pack.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (645)
Hash da38460ed7544bb44d7f3c29b6e4b98e
f4d638839a24acade0d3797b5022bb5529e835f7
c3d1d8d6b66d5ef944f3b381380204528259a3ba8cd7bdfdc12a8ed8b66c7b23
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/jquery.fancybox.pack.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 8240
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00e8-5a5f-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/jquery.fancybox-thumbs.js?ver=3.8.1
192.124.249.32200 OK 1.3 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/jquery.fancybox-thumbs.js?ver=3.8.1
IP 192.124.249.32:0
Hash a740c108558c4b63a190bc44fd4e8cdd
5e0f13fa5b01f31ecd97544563444c4a9c52d630
f335720ec64677d1bc948328887310eb0f65617956d9f6602ae7ec32be4379ef
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/jquery.fancybox-thumbs.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 1346
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00e7-efc-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/dense.min.js?ver=3.8.1
192.124.249.32200 OK 983 B URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/dense.min.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (2254), with no line terminators
Hash f3db5c978e0b4a68b3214f683add255e
37d477fbd8d6d0294722ed21b618858efca2e5b1
67d4568085460bdef68ef0aaa0297ea7fefa52fdeb94fff82c208db376dc8172
GET /wp-content/themes/wpresidence_381/js/dense.min.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 983
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00ef-8ce-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/placeholders.min.js?ver=3.8.1
192.124.249.32200 OK 1.5 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/placeholders.min.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (4237)
Hash 74703438c7e0358ded234390f6555e08
2c8b8c34fd94d826bee0d0f0bf9b59775595add0
542d57ac8ccf1102cb2b4de6571d3599ff659b6e8c3c2c9eee1e031486105183
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/placeholders.min.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 1494
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00e0-10aa-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/i18n/datepicker-en-GB.js?ver=3.8.1
192.124.249.32200 OK 555 B URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/i18n/datepicker-en-GB.js?ver=3.8.1
IP 192.124.249.32:0
Hash 32b46d0f6f879e32115c88f89e3e88f2
d04009e3aa552a9a4344f6ea3ae7fe2020de0aa2
2133ffa9ad0d4b3ad2598a14bb079670c5059de96d8e919d2768f55c58ee953b
GET /wp-content/themes/wpresidence_381/js/i18n/datepicker-en-GB.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 555
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00b6-465-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/jquery.ui.touch-punch.min.js?ver=3.8.1
192.124.249.32200 OK 527 B URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/jquery.ui.touch-punch.min.js?ver=3.8.1
IP 192.124.249.32:0
File type Unicode text, UTF-8 text, with very long lines (1090)
Hash 93ee60f5ff8c1ea8efed0e7e46717cd1
d2cdad245f71feaab7175801f2251fb1f337f921
9abd8755d4141562d3d1eac518a01668c5029a8e6de7aade9a377b0626a0df62
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/jquery.ui.touch-punch.min.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 527
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00e4-50b-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/leaflet.js?ver=3.8.1
192.124.249.32200 OK 39 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/leaflet.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (65325)
Hash c3a3bb0c4d1c397d6811c6003d503b95
55e3991e9ae25244c510d3a4398d46b29c9bc97a
b81802706157f3b7c54c670747e2402dc8818e7c432e9addad5943d559e4a971
GET /wp-content/themes/wpresidence_381/js/openstreet/leaflet.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 39050
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00d3-224fc-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2287
Expires: Sat, 05 Nov 2022 12:00:09 GMT
Date: Sat, 05 Nov 2022 11:22:02 GMT
Connection: keep-alive
www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/leaflet.markercluster.js?ver=3.8.1
192.124.249.32200 OK 8.5 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/openstreet/leaflet.markercluster.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (32045)
Hash 47ad73e70fccb9b3cfe3bf27557320e8
f4a7c07f0e3df0bde062dddc7643f071449455d9
6131ee97446ce971ff98ef528f9e519f7bee7d6f1bae83cbbe05d9c99f64d806
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/openstreet/leaflet.markercluster.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 8474
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00d2-83bc-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/google_js/mapfunctions.js?ver=3.8.1
192.124.249.32200 OK 16 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/google_js/mapfunctions.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (337)
Hash a5a55e6f57564cbc59f90493a284a7b1
b4b02cdaa14d8fbe13202aeae2f8a3b0de66f1c0
2a1773cde8c9de30ced257ba4620e40130e742c97678a5e57d6de6e72ad11eb0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/google_js/mapfunctions.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 15915
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc006d-16bdf-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2287
Expires: Sat, 05 Nov 2022 12:00:09 GMT
Date: Sat, 05 Nov 2022 11:22:02 GMT
Connection: keep-alive
www.erabahrain.net/wp-content/themes/wpresidence_381/js/google_js/maps_base.js?ver=3.8.1
192.124.249.32200 OK 6.5 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/google_js/maps_base.js?ver=3.8.1
IP 192.124.249.32:0
Hash 4016cab18dcb72661d9662b93b30038d
2ef0dd8581e3ca9ac19211626e3deb8ee6ac7344
990e85a768254dc58c03cf136b397e27a7b371f09a2370e6fcf45a7c73fdc9b0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/google_js/maps_base.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 6496
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc006b-7b93-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/slick.min.js?ver=3.8.1
192.124.249.32200 OK 10 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/slick.min.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (42862)
Hash f5c8ef1d8e856fabc1e3af956448d67b
db3cb2e948f0cb79b200ce8076a2c49071da6a12
9b4160f32e3e54321d6ded0d1a9f98adde28f285e039debaf5e2b374760d6d60
GET /wp-content/themes/wpresidence_381/js/slick.min.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 10108
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00db-a76f-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/control.js?ver=3.8.1
192.124.249.32200 OK 23 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/control.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (654)
Hash a9e1c5cd5edd3d21e1a7b81a700d05cc
052220113993d994fc2cfc45411cbf2c2cc84823
ab17edb2d8dca40c243ad6c8670f019ffa3ae750362e9de1567b3aa2d102e075
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/js/control.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 23275
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc00f3-23c71-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/js/ajaxcalls.js?ver=3.8.1
192.124.249.32200 OK 14 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/js/ajaxcalls.js?ver=3.8.1
IP 192.124.249.32:0
File type ASCII text, with very long lines (372)
Hash df836ca551510577556e6c88b0df6f30
79536416cc1f615560ff5fac984976b207439aff
427e5c1b80c3cdc810d301294f98fb88d351bbbd0d66eb9ead7ee8b0c17d561f
GET /wp-content/themes/wpresidence_381/js/ajaxcalls.js?ver=3.8.1 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 14515
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fc0101-1b724-5e593faaabd00-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash a2f6c296003d839bdee766ef4082e376
013ae64b10cb1355ae9b6ba38dcfa79f71a9b505
703d6582ab3344d6e4a0d5b7e0c9983b8f7e8179d73dd6584c37bbccc8c84308
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d65c94a3bfe8605059e5e626ea0fa57e
b0fbc3577331b82efc8e320095b8d8705a6360d3
0878edd256a972f526d7053cdebceb28241db5662cc7660a10f1b4c3430c43c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ee5640e4bbe5e2c0dd4aa0698a3ce62
a175340e4e1a0a2e3d33fa5b113e3990e5a6dfef
938899f21fdf4e477f02c6f7f32cbed05bb1df35e3b221c3a37e8c214b2dc946
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "938899F21FDF4E477F02C6F7F32CBED05BB1DF35E3B221C3A37E8C214B2DC946"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2287
Expires: Sat, 05 Nov 2022 12:00:09 GMT
Date: Sat, 05 Nov 2022 11:22:02 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255683f8-a0b6-411a-a41e-4d042746780e.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255683f8-a0b6-411a-a41e-4d042746780e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c7c9c908e891e7277f21a914fea9aa25
596c3c084ae3d850a5dc28e549b4e22f2b8cc71f
709c217b3ac09712d2af4366316c8977b1a4e2a73f887b3e30f10df1ed50bacd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255683f8-a0b6-411a-a41e-4d042746780e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9150
x-amzn-requestid: 7c179507-20a7-4fa3-993b-f79b3e7949ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apwiGHD_IAMFQZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2e0d-337623ce79dc53c864632c72;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:06:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OM3hc6Jfl5pDWPikIlcQOexIScQavqJh9h-N-EvIGNpicWJwHMPKIA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 14:36:51 GMT
age: 74711
etag: "596c3c084ae3d850a5dc28e549b4e22f2b8cc71f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F877911e5-70a1-471d-b418-3ee8665daf00.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F877911e5-70a1-471d-b418-3ee8665daf00.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f787d03ccf6f14f05b9fb00149a92f49
0d3c7535f83ced168b1efb0f849e353de31d40db
bda8d5d8dee8c1b3b9a0dd81407bc920a3a2a737dceaaebf75e8554ef1cdcec8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F877911e5-70a1-471d-b418-3ee8665daf00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8016
x-amzn-requestid: 971369d4-3728-4fef-9d82-794fd184d26d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0S3FbeIAMFceg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63643412-0efd014e4b25ed9c4aed13cb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BI6P-hqVe3KVF3U6exESeqAo-32WC1ihJrB0qZFmcv7WLhSyBww0Mg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:54:12 GMT
age: 48470
etag: "0d3c7535f83ced168b1efb0f849e353de31d40db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3fDf4aoep5tTAusisXhIdAf0A6SbpM5fYtYaiXtNSb0-VRJo5nu8Vg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 06:27:59 GMT
age: 17643
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca6c7517d7015fbc35fa290c1c2d6afd
594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I6mALhsUwtQqMP_p_HxFaiCyfRDTtVzPIJjeDrKSEq7Tc_d5EcNw3Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:52:32 GMT
age: 48570
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb68c0e1f-9b4b-402d-adfb-63432679006f.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb68c0e1f-9b4b-402d-adfb-63432679006f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 67e74cf7d9a4e6049faf9397c2622535
0bbd0adfc82650ad86e4b01345f2278a7201b01c
9aec0c1a5d04337c3919a12c75d76134c2c37d3e16766e3240afea78d588aaee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb68c0e1f-9b4b-402d-adfb-63432679006f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8618
x-amzn-requestid: 332a89c0-3d2d-4bb6-860c-2074d6a1abcb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bAhw5G6EIAMFbPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6363499f-37d9ad8d715f395e433e3f28;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 04:54:55 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CS1JWEbjGWf6g1-qB3iAD_8ihn0LmX8RTMNMQ-HFyq5I49wtAZw5uw==
via: 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 10:07:15 GMT
age: 4487
etag: "0bbd0adfc82650ad86e4b01345f2278a7201b01c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0453d131-50e3-4ed1-9eca-d50f3a35aac9.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0453d131-50e3-4ed1-9eca-d50f3a35aac9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 28e9689b11b8d4027ca06e75b4768239
b9762da0cfd3d775a241d2614df355e208a624cc
94dbd9594a3b9db3b6c01a99dae442e8c3447171b739cabe995ffa4aee9b33af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0453d131-50e3-4ed1-9eca-d50f3a35aac9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10361
x-amzn-requestid: b786d01a-4389-4b21-a0f2-8f2ec3c613fe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bGHlcFRDoAMFXiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63658622-291c68e7793e8bbb52ffc126;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 21:37:38 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: J0hzsldrJTm5wICP54w-EHnPH4VlCint6RGgEtGIuGqHs7UtHSuCYA==
via: 1.1 33d72803ad26b392c1b578a2b1276580.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 21:52:21 GMT
age: 48581
etag: "b9762da0cfd3d775a241d2614df355e208a624cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 16980, version 1.0\012- data
Hash 8a97f720d330e75ccdbda9ae0e9f5e90
8e4fee916581ab48d385187705667cebc7500afe
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787
GET /s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Nov 2022 15:21:33 GMT
expires: Wed, 01 Nov 2023 15:21:33 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 09 May 2022 18:33:54 GMT
content-type: font/woff2
age: 331229
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Hash 7e344afc10a492d516789f072fa6edfd
f38bd0b4e9d0577528f533b8ecd80801a0c6340f
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3
GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 21:48:45 GMT
expires: Thu, 02 Nov 2023 21:48:45 GMT
cache-control: public, max-age=31536000
age: 221597
last-modified: Mon, 09 May 2022 18:33:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17116, version 1.0\012- data
Hash bcf3a3fb620dfbee774f84e2c8e71530
40a79d240acdd7e5a95e165515ac7c0958a37971
280aaa8929329764ac3213ca093c63505cfcc665347939c79905c426d33867c5
GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17116
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 31 Oct 2022 21:55:31 GMT
expires: Tue, 31 Oct 2023 21:55:31 GMT
cache-control: public, max-age=31536000
age: 393991
last-modified: Mon, 09 May 2022 18:31:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17324, version 1.0\012- data
Hash 51ca5ce70497b58a8cc96b2b26ce2e19
7eb7e4f38f8ebe09b504f6dcc3226a8de63a9042
6fce8ebc3557b63496f8fafe1c182f2aa8669550f9398b4d9beebddd43306ed3
GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17324
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 16:44:28 GMT
expires: Fri, 03 Nov 2023 16:44:28 GMT
cache-control: public, max-age=31536000
age: 153454
last-modified: Mon, 09 May 2022 18:31:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontawesome/webfonts/fa-brands-400.woff2
192.124.249.32200 OK 77 kB URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontawesome/webfonts/fa-brands-400.woff2
IP 192.124.249.32:0
File type Web Open Font Format (Version 2), TrueType, length 76612, version 331.524\012- data
Hash a06da7f0950f9dd366fc9db9d56d618a
509988477da79c146cb93fb728405f18e923c2de
5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/css/fontawesome/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontawesome/css/all.css?ver=6.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: font/woff2
content-length: 76612
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fa0ebd-12b44-5e593faaabd00"
vary: Accept-Encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/uploads/2022/06/Web-Logo.png
192.124.249.32200 OK 1.8 kB URL HTTP/2 www.erabahrain.net/wp-content/uploads/2022/06/Web-Logo.png
IP 192.124.249.32:0
File type PNG image data, 155 x 103, 8-bit colormap, non-interlaced\012- data
Hash 46337c1be408771a509d429a95c8a503
c328bfba2488663275ffe255765dd6ba310df9ea
f71a63beea4dbe7717f652e61480671d9e147a78773fbe043cdcc1a7da7b200f
GET /wp-content/uploads/2022/06/Web-Logo.png HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: image/png
content-length: 1836
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "f6419b-72c-5e593faaabd00"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
chimpstatic.com/mcjs-connected/js/users/79b19d42df50a8ce2e50e4f47/3817bef4e163ddc5d46e0091d.js
96.6.17.210200 OK 653 B URL HTTP/1.1 chimpstatic.com/mcjs-connected/js/users/79b19d42df50a8ce2e50e4f47/3817bef4e163ddc5d46e0091d.js
IP 96.6.17.210:0
Hash 5c4175ac0e0e6d95ac18d804b263153a
66985f07a251a4cb15b7570f57ae7eb30ab0e180
58bde7a88d8aa4d7f183b4749b2f747cda33ed54035190f10ba81c9312ba25d7
GET /mcjs-connected/js/users/79b19d42df50a8ce2e50e4f47/3817bef4e163ddc5d46e0091d.js HTTP/1.1
Host: chimpstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: wspK6nNL73k3cQfKvh6id7+UGJxJrJj6ETJvvlFHE/TW5+AMTBQAE8kZGE48Ctfro57mHuJ83O4=
x-amz-request-id: TTEGY5X5D1PMVSN8
Last-Modified: Thu, 28 Jul 2022 13:11:42 GMT
ETag: "4b60d3ea13c42468679685c32a1680ac"
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
X-EdgeConnect-MidMile-RTT: 18
X-EdgeConnect-Origin-MEX-Latency: 95
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1800
Expires: Sat, 05 Nov 2022 11:52:02 GMT
Date: Sat, 05 Nov 2022 11:22:02 GMT
Content-Length: 653
Connection: keep-alive
www.erabahrain.net/wp-content/uploads/2022/09/Whatsapp-icon-white-tiny.png
192.124.249.32200 OK 4.3 kB URL HTTP/2 www.erabahrain.net/wp-content/uploads/2022/09/Whatsapp-icon-white-tiny.png
IP 192.124.249.32:0
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash ab23eab4c372c5805e33ab62a3845c4f
18e1990e3ca57325430066c97bfe128c455427ea
a6f2c245ad8d04a7919ab08ce5fd6ffbabbab7c6c88801b2d87f3f151e917761
GET /wp-content/uploads/2022/09/Whatsapp-icon-white-tiny.png HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: image/png
content-length: 4327
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 03 Sep 2022 12:04:40 GMT
etag: "f80806-10e7-5e7c4a6b7c0af"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash b75dd35527f310d31789daae3141b9df
15e28b7fc075535caef7d756c0f97c73686fc5c8
a992d67021c5c630b0ff20c7d2c5fb70c4598ddad7bab4235ca0472465894270
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 11:22:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 08:49:07 GMT
Expires: Thu, 10 Nov 2022 08:49:06 GMT
Etag: "15e28b7fc075535caef7d756c0f97c73686fc5c8"
Cache-Control: max-age=422222,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76553599b81bb4f9-OSL
fonts.googleapis.com/css?family=Nunito+Sans%3A300%2C400%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&ver=6.1
142.250.74.10200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Nunito+Sans%3A300%2C400%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&ver=6.1
IP 142.250.74.10:0
Hash 91023deb118302fca1ceff916eb59675
84172490f0b4941023ce3136ce6b76a669b2a845
28018e05c79cface5c27481d08f2efa6359a2a1c508104d31404b0b5c0f6a1fc
GET /css?family=Nunito+Sans%3A300%2C400%2C600%2C700%2C800%2C900&subset=latin%2Clatin-ext&ver=6.1 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 05 Nov 2022 11:22:02 GMT
date: Sat, 05 Nov 2022 11:22:02 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
salesiq.zoho.in/widget
169.148.148.94200 34 kB IP 169.148.148.94:0
ASN #56201 Zoho Corporation Pvt. Ltd
File type ASCII text, with very long lines (65536), with no line terminators
Hash eab8c9e66dd23d1dba17a4efe9374817
e26e30668a29b4427f49ebdbb0372af68786fa05
63dbb9a406099aabc1b010920766745ad12838d95d56e8763cfff726a3cef16a
GET /widget HTTP/1.1
Host: salesiq.zoho.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: ZGS
Date: Sat, 05 Nov 2022 11:22:03 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: 1f2feb5d84=ae2e5e646cacb5aed569028e4076bb26; Path=/
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate
Pragma:
Expires: Sat, 05 Nov 2022 11:27:03 GMT
ETag: W/13c26c805fa2f322ada14e138f65f14e69256228396fc4d2b0a1fcca3e270f73
vary: accept-encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
www.erabahrain.net/wp-content/uploads/2022/06/logo-white-2-300x300.png
192.124.249.32200 OK 3.4 kB URL HTTP/2 www.erabahrain.net/wp-content/uploads/2022/06/logo-white-2-300x300.png
IP 192.124.249.32:0
File type PNG image data, 300 x 300, 8-bit colormap, non-interlaced\012- data
Hash d7e51c6d6f8254edb25e73682e289dfc
9da3383fb2106c2639d0bacc99a2a53209b2c91e
87a9c19a6f70c72c622b29ed3c18d014f2f58122022bba609a496740ec198f19
GET /wp-content/uploads/2022/06/logo-white-2-300x300.png HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Cookie: _gcl_au=1.1.134892703.1667647322
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: image/png
content-length: 3439
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "f6424c-d6f-5e593faaabd00"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/uploads/2022/06/logo-white-2-36x36.png
192.124.249.32200 OK 515 B URL HTTP/2 www.erabahrain.net/wp-content/uploads/2022/06/logo-white-2-36x36.png
IP 192.124.249.32:0
File type PNG image data, 36 x 36, 8-bit colormap, non-interlaced\012- data
Hash 9f5282d715e8db5003b1b5bdc8ea5979
5ca758fc4a93d22cb50d5fa9bf940e61651f7f96
e991393ad891c8516a9441e6b9fdc7680d93d917d4dffb9eeafbf8a19b7676c3
GET /wp-content/uploads/2022/06/logo-white-2-36x36.png HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Cookie: _gcl_au=1.1.134892703.1667647322
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: image/png
content-length: 515
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "f6423f-203-5e593faaabd00"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s.adroll.com/j/TLCQVSMX7BG4HG7G3QHIUB/roundtrip.js
143.204.55.84200 OK 18 kB URL HTTP/1.1 s.adroll.com/j/TLCQVSMX7BG4HG7G3QHIUB/roundtrip.js
IP 143.204.55.84:0
File type ASCII text, with very long lines (1326)
Hash 1469d976dc1d707be4451a0fd1969a26
1e6fac4f883d53a7453d95140a8d0b018024964a
e6890671ec05b1b3fcba56e2a299f90282273906bcc8bd11ce93e323c6254b3f
GET /j/TLCQVSMX7BG4HG7G3QHIUB/roundtrip.js HTTP/1.1
Host: s.adroll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 08:45:45 GMT
X-Amz-Server-Side-Encryption: AES256
X-Amz-Version-Id: VYu2.8SD8GKEeHIPV_nIBXZ1JC_hFmKf
Server: AmazonS3
Content-Encoding: gzip
Date: Sat, 05 Nov 2022 10:47:12 GMT
Cache-Control: max-age=3600, must-revalidate
Etag: W/"027b6eaaadf4d367aca74fde4ffda61b"
Vary: Accept-Encoding
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
Age: 2092
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uD6c0TLX-QIPSPx93ZhouE_gLXDj2QITjl9xf_9un7svaIQtgcRVXA==
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 05 Nov 2022 10:41:09 GMT
expires: Sat, 05 Nov 2022 12:41:09 GMT
cache-control: public, max-age=7200
age: 2454
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 077022401d8540421bf44becb30813d2
557dd02a253b32d9f8a82fe3f0975f28ee86fb19
e098b711056a5cbf52a167c8e845a373c83e849a8b9f202ced2752aa6c205d96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4591
Cache-Control: max-age=140123
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:03 GMT
Etag: "6365b5c7-1d7"
Expires: Mon, 07 Nov 2022 02:17:26 GMT
Last-Modified: Sat, 05 Nov 2022 01:00:55 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 989d9a981e20fbf6339d66b6e0c8bb32
8ee34d81f7a6dd04266ad80f1f2ff74b1c350e9c
ffc6ad41f4bf5aba827e780ba699e176b592cf6d1dad3417b3a23e4a3960253b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1631
Cache-Control: max-age=107307
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:03 GMT
Etag: "63654127-139"
Expires: Sun, 06 Nov 2022 17:10:30 GMT
Last-Modified: Fri, 04 Nov 2022 16:43:19 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
gum.criteo.com/syncframe?topUrl=www.erabahrain.net&origin=onetag
178.250.0.157200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?topUrl=www.erabahrain.net&origin=onetag
IP 178.250.0.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash cbd19f60ad793aa809d92c94480176df
b88921c338d09de5c2c3ffef7aad12fe3869bc12
340671888142139b99cb90ad338110c90ba27e09db521b9b4ce7d34647854ce2
GET /syncframe?topUrl=www.erabahrain.net&origin=onetag HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=ffa50ffd-cdea-4963-9104-30c45eb69a9e; expires=Thu, 30 Nov 2023 11:22:03 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 625936
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.240.1200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.240.1:0
File type ASCII text, with very long lines (64348)
Hash 0ac10debd3a9ea8147a26d045bb93e6e
ff45f3442508e8695f2303701682ebdb6e016464
5dee7b453b2c72c07ff1d62432493a044507835a8031ea62edf2fa7cc26219b9
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: tgob0UFyfA8J2RcZzxF/g/jaPGFgpR+Jzei7EJwTwpPTH6ngg+TMiz8dTusE3td+7+BDQk8OmmuPkhpfbPd7Dw==
content-length: 27337
x-fb-trip-id: 1679558926
date: Sat, 05 Nov 2022 11:22:03 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 077022401d8540421bf44becb30813d2
557dd02a253b32d9f8a82fe3f0975f28ee86fb19
e098b711056a5cbf52a167c8e845a373c83e849a8b9f202ced2752aa6c205d96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4591
Cache-Control: max-age=140123
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:03 GMT
Etag: "6365b5c7-1d7"
Expires: Mon, 07 Nov 2022 02:17:26 GMT
Last-Modified: Sat, 05 Nov 2022 01:00:55 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 632fee60e8de673337ea4d57a9a0c5e7
4ed258934308767241536f6ebd89ecf71e6bdcdc
1ddb35705859250c31ab9c2161499aa8c41e1c649c08e192d88544fbba20b7b7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3108
Cache-Control: max-age=167449
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:03 GMT
Etag: "63662650-139"
Expires: Mon, 07 Nov 2022 09:52:52 GMT
Last-Modified: Sat, 05 Nov 2022 09:01:04 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
analytics.tiktok.com/i18n/pixel/identify.js
23.36.79.32200 OK 31 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/identify.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Hash 594c7a9fc7eaa0800daba6ca1a06aeb1
8beae0cfa5a9afc436d3c5b120342f92c16e7292
a65de684e8dc0c477fd60b60bfad1483ea75187832f7737232b5dde41cc8fbdb
GET /i18n/pixel/identify.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 2022110511220329E37E886309710FA735
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60459c918a449af51d55daa38da0f8465beeebfaa23e7c4f229401f6382b9710dd9c81de8e59d43c2cc9ac5da5f95a3dec419fd27b811e2c1a9afc153bc8401f76
content-encoding: gzip
expires: Sat, 05 Nov 2022 11:22:03 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 05 Nov 2022 11:22:03 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
vary: Accept-Encoding
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=103
x-origin-response-time: 103,23.36.79.28
x-akamai-request-id: 1c879d61
X-Firefox-Spdy: h2
salesiq.zoho.in/visitor/v2/channels/website?widgetcode=717628a61e699ae0e43918d0fc6157f2513cc03cae0f20c2a7ddd1abdd08d0bbe78c127c93eecccbe39b93a60985cb42&internal_channel_req=true&language_api=true&browser_language=en¤t_domain=https%3A%2F%2Ferabahrain.net&pagetitle=Page%20not%20found%20-%20Era%20Bahrain%20-%20Apartment%20For%20Rent%20%26%20Sale%20in%20Bahrain&include_fields=avuid
169.148.148.94200 7.8 kB URL HTTP/1.1 salesiq.zoho.in/visitor/v2/channels/website?widgetcode=717628a61e699ae0e43918d0fc6157f2513cc03cae0f20c2a7ddd1abdd08d0bbe78c127c93eecccbe39b93a60985cb42&internal_channel_req=true&language_api=true&browser_language=en¤t_domain=https%3A%2F%2Ferabahrain.net&pagetitle=Page%20not%20found%20-%20Era%20Bahrain%20-%20Apartment%20For%20Rent%20%26%20Sale%20in%20Bahrain&include_fields=avuid
IP 169.148.148.94:0
ASN #56201 Zoho Corporation Pvt. Ltd
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (18976), with no line terminators
Hash e4f53bdd0c3213e120365cc18d403f2f
76f1312e4f5dfa9921543ea4f8ab30e3237e17bd
68e5b84b718de7f2cace180cd07edfad7d938fc735563cda3f12b20621e80f88
GET /visitor/v2/channels/website?widgetcode=717628a61e699ae0e43918d0fc6157f2513cc03cae0f20c2a7ddd1abdd08d0bbe78c127c93eecccbe39b93a60985cb42&internal_channel_req=true&language_api=true&browser_language=en¤t_domain=https%3A%2F%2Ferabahrain.net&pagetitle=Page%20not%20found%20-%20Era%20Bahrain%20-%20Apartment%20For%20Rent%20%26%20Sale%20in%20Bahrain&include_fields=avuid HTTP/1.1
Host: salesiq.zoho.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: ZGS
Date: Sat, 05 Nov 2022 11:22:03 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Content-Type-Options: nosniff
Encoding: UTF-8
X-XSS-Protection: 1
Set-Cookie: 1f2feb5d84=8d59d4d1586c6e22c5880421d5a5b649; Path=/
LS_CSRF_TOKEN=e243da2d-5c46-42ad-beaf-beb8ace10d45;path=/;SameSite=None;Secure;priority=high
_zcsr_tmp=e243da2d-5c46-42ad-beaf-beb8ace10d45;path=/;SameSite=Strict;Secure;priority=high
uesign=269e85afec31d9381a5f4e1ec8889597b9f141569bec19dde1bc5a4535b79af24dbc775fb2acb67c9300b50173b059fa;Max-Age=2592000;Path=/;Secure;SameSite=None;priority=high
Content-Security-Policy: frame-ancestors 'self' https://integration-qa.gofrugalretail.com https://integration.gofrugal.com
Access-Control-Allow-Headers: Content-Type,x-siq-internal-channel
Access-Control-Allow-Origin: https://www.erabahrain.net
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Content-Language: en-US
Strict-Transport-Security: max-age=63072000
Content-Encoding: gzip
analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC5NI1RC77UBH2MMADRG&lib=ttq
23.36.79.32200 OK 45 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=CC5NI1RC77UBH2MMADRG&lib=ttq
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Hash 4c3fe17e0cc3db7584170f85760ef254
1999d021eb8d6d4ef79290515cc948da6e93d2f0
e2de78a610c2b44e63e9787ff7d305c6c01c420454e95fdfcebdb15b83379d0a
GET /i18n/pixel/events.js?sdkid=CC5NI1RC77UBH2MMADRG&lib=ttq HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 2022110511220302DFD897E1D39D12501C
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60459c918a449af51d55daa38da0f8465baf33db78a213d2a3775aa634af0f9dcdc39ef6e64d95aff7e13e9ea8d650515341b24dcbc58e60e7fbb239cca8d92513
content-encoding: gzip
expires: Sat, 05 Nov 2022 11:22:03 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 05 Nov 2022 11:22:03 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
vary: Accept-Encoding
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=111
x-origin-response-time: 111,23.36.79.28
x-akamai-request-id: 1c879acd
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
185.235.84.194200 OK 39 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.194:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b8c3e7357362c8f33bd0cb229bf3217d
2eb7f5e0eb9b673b13b19e57f20aaa267fad2748
39e2319d94b647982cd15ed6f00639ef8491690dbfcc813324461b1dabb31c57
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 98693
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
s.adroll.com/j/exp/index.js
143.204.55.84200 OK 28 B URL HTTP/1.1 s.adroll.com/j/exp/index.js
IP 143.204.55.84:0
File type ASCII text, with no line terminators
Hash 5816cced8568d223aa09d889f300692b
95cab5e474d7391762c3da5c7dc50fcf05df529f
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
GET /j/exp/index.js HTTP/1.1
Host: s.adroll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.erabahrain.net/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 28
Connection: keep-alive
Last-Modified: Fri, 02 Sep 2022 17:25:28 GMT
X-Amz-Server-Side-Encryption: AES256
X-Amz-Version-Id: VS8aSrwndm.MeiNnyJ10ruHH56v74CIF
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 05 Nov 2022 07:04:36 GMT
Etag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
Age: 15568
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fWZu7lsCmusLWg3U1KvXIyyqXvk0RydnE943olmZWFtKKtEHpqJ0OA==
analytics.tiktok.com/api/v2/pixel
23.36.79.32200 OK 0 B URL HTTP/2 analytics.tiktok.com/api/v2/pixel
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/pixel HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 795
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://www.erabahrain.net/
Cookie: _ttp=2H7sBpsKccgXCKeNTuV1CGcAm5G
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/octet-stream
content-length: 0
access-control-allow-origin: *
x-tt-logid: 20221105112203CF7BDD4E7E31880E0E78
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60459c918a449af51d55daa38da0f8465b60e41bc4f9c425152c32e6adea5f5d4e6ea29220ee9b80417e0901fad44be1d3a641bf46845159e3f7fddc492320cc0d
expires: Sat, 05 Nov 2022 11:22:03 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 05 Nov 2022 11:22:03 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=59, cdn-cache; desc=MISS, edge; dur=4, origin; dur=154
x-origin-response-time: 154,23.36.79.28
x-akamai-request-id: 1c879e78
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash b20f18d95cb26140a918e1df4009a795
8471fdaa542042b36f093617e46bcb69e36d8abe
ece80444c541b1407cfaaa966b79fbd4eb256ef57b9a5a76ac9dcb0b0d11862a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 11:22:03 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 03:09:33 GMT
Expires: Fri, 11 Nov 2022 03:09:32 GMT
Etag: "8471fdaa542042b36f093617e46bcb69e36d8abe"
Cache-Control: max-age=488248,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7655359e4d46b4f9-OSL
js.zohocdn.com/salesiq/js/floatbutton1_9654b1b73aaf9cd6679fd36c6390fa83_.js
185.20.209.147200 OK 12 kB URL HTTP/2 js.zohocdn.com/salesiq/js/floatbutton1_9654b1b73aaf9cd6679fd36c6390fa83_.js
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type ASCII text, with very long lines (36028), with no line terminators
Hash 051eb9de0741939a33a2187810467a70
a59a9ef4d840e14738d66b96c0ab9553f03d3b0c
7e34192c639509423d239502d1406d0c1bd17cf666983efc20e952aaf72fbcdc
GET /salesiq/js/floatbutton1_9654b1b73aaf9cd6679fd36c6390fa83_.js HTTP/1.1
Host: js.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: application/javascript;charset=UTF-8
content-length: 12382
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "051eb9de0741939a33a2187810467a70"
content-language: en-US
last-modified: Sat, 29 Oct 2022 12:22:33 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: 94445aaad470fb45878963d4a8c316f4
z-origin-id: ex1-757cd508b30149e4ba1ba9a70540fde9
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 788b18e702719bdad8aa06a43c3a234a
054095e532b96849788966e71bade26887806105
7111d9a3a0152308d91459e34469006976c87eae8454f2d21dc1bab67b927382
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=107749
Date: Sat, 05 Nov 2022 11:22:03 GMT
Etag: "63654815-1d7"
Expires: Sun, 06 Nov 2022 17:17:52 GMT
Last-Modified: Fri, 04 Nov 2022 17:12:53 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: csd5cNvqxc1NRA_vVDsfRYOZa7pBwL-RdEobZlzDwmBTQcBeQmyKZQ==
Age: 299
d.adroll.com/consent/check/TLCQVSMX7BG4HG7G3QHIUB?arrfrr=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&_s=139278ab37c77c5bcecefe88bea097d0&_b=2
54.77.187.228200 OK 446 B URL HTTP/2 d.adroll.com/consent/check/TLCQVSMX7BG4HG7G3QHIUB?arrfrr=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&_s=139278ab37c77c5bcecefe88bea097d0&_b=2
IP 54.77.187.228:0
File type ASCII text, with very long lines (446), with no line terminators
Hash 19c9296b0a8ce8678eb41a402959fb9a
72cae54b8cc3ed0180ca741f323eeab37d50ac01
fcde532832a8b14dca8b8dcaa27b7ee60a23b59735ef62a5ce1a557a57281d8f
GET /consent/check/TLCQVSMX7BG4HG7G3QHIUB?arrfrr=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&_s=139278ab37c77c5bcecefe88bea097d0&_b=2 HTTP/1.1
Host: d.adroll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: application/javascript
content-length: 446
server: nginx/1.22.0
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=bf009d3ddc4cf46e2b919b229abad829-a_1667647323; Version=1; Expires=Tue, 05-Dec-2023 11:22:03 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure
__adroll_shared=bf009d3ddc4cf46e2b919b229abad829-a_1667647323; Version=1; Expires=Tue, 05-Dec-2023 11:22:03 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash b20f18d95cb26140a918e1df4009a795
8471fdaa542042b36f093617e46bcb69e36d8abe
ece80444c541b1407cfaaa966b79fbd4eb256ef57b9a5a76ac9dcb0b0d11862a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 11:22:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 03:09:33 GMT
Expires: Fri, 11 Nov 2022 03:09:32 GMT
Etag: "8471fdaa542042b36f093617e46bcb69e36d8abe"
Cache-Control: max-age=488247,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7655359e5dfa0b41-OSL
dnacdn.net/dna
178.250.0.157200 OK 5.2 kB IP 178.250.0.157:0
Hash 25a01e5e60667b36e08919a12e4a8fd5
cd09e025e43f34545ab5f007a6ff0e69d75f92b7
e292a1df11b56346a21015c72e3ba75d158fc5d8fd900b16839c69a258626c55
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=1qTXu180M0RITmhlJTJCZkMwOUJGQlhaMUN2c3gxZFlCRnJiWGZzRkF3U2x5Y1p6d3hOYTk4cXRNb0o3Tm5mUjhBWnJIelI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=qoZryV80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3gxZFlCRnJiWGZzRkF3U2x5Y1p6d3o5Rm9lMzNyT3pSTU8xVDJiRWllYXQ; expires=Thu, 30 Nov 2023 11:22:03 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 389768
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
d.adroll.com/segment/TLCQVSMX7BG4HG7G3QHIUB/HCFWQMQR3JBJ7MY5D47SOZ?adroll_fpc=48b602df70b74b65cd0f7543d76a5eb0-1667647322553&arrfrr=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&pv=58220096139.77919&cookie=&adroll_s_ref=&keyw=&adroll_external_data=&adroll_version=2.0
54.77.187.228200 OK 42 B URL HTTP/2 d.adroll.com/segment/TLCQVSMX7BG4HG7G3QHIUB/HCFWQMQR3JBJ7MY5D47SOZ?adroll_fpc=48b602df70b74b65cd0f7543d76a5eb0-1667647322553&arrfrr=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&pv=58220096139.77919&cookie=&adroll_s_ref=&keyw=&adroll_external_data=&adroll_version=2.0
IP 54.77.187.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /segment/TLCQVSMX7BG4HG7G3QHIUB/HCFWQMQR3JBJ7MY5D47SOZ?adroll_fpc=48b602df70b74b65cd0f7543d76a5eb0-1667647322553&arrfrr=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&pv=58220096139.77919&cookie=&adroll_s_ref=&keyw=&adroll_external_data=&adroll_version=2.0 HTTP/1.1
Host: d.adroll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: image/gif
content-length: 42
server: nginx/1.22.0
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://www.erabahrain.net
access-control-expose-headers: X-Conversion-Value, X-Conversion-Currency, X-Advertisable-Eid, X-Segment-Eid, X-Rule-Type, X-Pixel-Eid
access-control-request-methods: GET
cache-control: no-store, no-cache, must-revalidate
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
set-cookie: __adroll=6794fe8fa9270f1052408fe3a4c7fd11-a_1667647324; Version=1; Expires=Tue, 05-Dec-2023 11:22:03 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure
__adroll_shared=6794fe8fa9270f1052408fe3a4c7fd11-a_1667647324; Version=1; Expires=Tue, 05-Dec-2023 11:22:03 GMT; Max-Age=34128000; Path=/; HttpOnly; SameSite=None; Secure; Domain=adroll.com
x-advertisable-eid: TLCQVSMX7BG4HG7G3QHIUB
x-conversion-currency:
x-conversion-value: 0.0
x-pixel-eid: HCFWQMQR3JBJ7MY5D47SOZ
x-rule: *
x-rule-type: p
x-segment-display-name: Visitors to Unsegmented Pages
x-segment-eid: KHXOEFPZQRAXNJBHTWBCVO
x-segment-name: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash a6913d09d2b8cbd80ef370c1997143ec
61873208c5852b9f13b1a60d408ec8b239c48c81
291bfcf11419acdfafebb4a1d789302bcbae25eff3a3a847a251e912ef5854b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=2971946886467165&ev=PageView&dl=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&rl=&if=false&ts=1667647322462&sw=1280&sh=1024&v=2.9.89&r=stable&a=wordpress-6.1-3.0.8&ec=0&o=30&fbp=fb.1.1667647322461.967349821&it=1667647322190&coo=false&rqm=GET
157.240.240.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2971946886467165&ev=PageView&dl=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&rl=&if=false&ts=1667647322462&sw=1280&sh=1024&v=2.9.89&r=stable&a=wordpress-6.1-3.0.8&ec=0&o=30&fbp=fb.1.1667647322461.967349821&it=1667647322190&coo=false&rqm=GET
IP 157.240.240.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2971946886467165&ev=PageView&dl=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&rl=&if=false&ts=1667647322462&sw=1280&sh=1024&v=2.9.89&r=stable&a=wordpress-6.1-3.0.8&ec=0&o=30&fbp=fb.1.1667647322461.967349821&it=1667647322190&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 05 Nov 2022 11:22:04 GMT
X-Firefox-Spdy: h2
css.zohocdn.com/salesiq/styles/fonts/float/float_6cd76475d822e7b44efcf2b1413f4967_.ttf
185.20.209.147200 OK 642 B URL HTTP/2 css.zohocdn.com/salesiq/styles/fonts/float/float_6cd76475d822e7b44efcf2b1413f4967_.ttf
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Hash 15d0d2c51b3a4a041315e923266ad678
470e24ba14cb76265a9744b5cfd5a24b2a7e5605
888285394032a49d30182d50663b7343e91af3352fd2d9b6c699d0691847d688
GET /salesiq/styles/fonts/float/float_6cd76475d822e7b44efcf2b1413f4967_.ttf HTTP/1.1
Host: css.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://css.zohocdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: font/ttf
content-length: 642
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
access-control-expose-headers: *
access-control-allow-origin: *
etag: "15d0d2c51b3a4a041315e923266ad678"
content-language: en-US
last-modified: Thu, 30 Dec 2021 10:15:21 GMT
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: b6d86522bfdfe5dc05e93c1ad296d982
z-origin-id: ex1-30a947e48d3f4e138d549e3df00d19bd
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2971946886467165&ev=PageView&dl=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&rl=&if=false&ts=1667647322465&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=30&fbp=fb.1.1667647322461.967349821&it=1667647322190&coo=false&tm=1&rqm=GET
157.240.240.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2971946886467165&ev=PageView&dl=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&rl=&if=false&ts=1667647322465&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=30&fbp=fb.1.1667647322461.967349821&it=1667647322190&coo=false&tm=1&rqm=GET
IP 157.240.240.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2971946886467165&ev=PageView&dl=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&rl=&if=false&ts=1667647322465&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmSimo-GTM-WebTemplate&ec=1&o=30&fbp=fb.1.1667647322461.967349821&it=1667647322190&coo=false&tm=1&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 05 Nov 2022 11:22:04 GMT
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-107537550-1&cid=949081048.1667647322&jid=674028754&gjid=1130812155&_gid=1063178770.1667647322&_u=YEBAAUAAAAAAACAAI~&z=670872343
64.233.165.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-107537550-1&cid=949081048.1667647322&jid=674028754&gjid=1130812155&_gid=1063178770.1667647322&_u=YEBAAUAAAAAAACAAI~&z=670872343
IP 64.233.165.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-107537550-1&cid=949081048.1667647322&jid=674028754&gjid=1130812155&_gid=1063178770.1667647322&_u=YEBAAUAAAAAAACAAI~&z=670872343 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.erabahrain.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 05 Nov 2022 11:22:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sslwidget.criteo.com/event?a=97957&v=5.12.1&p0=e%3Dce%26m%3D%255B%252523%252523Email%252520Address%252523%252523%255D%26h%3D%2523%2523Hash%2520Method%2523%2523&p1=e%3Dexd%26site_type%3Dd%26z%3D%2523%2523Zip%2520Code%2523%2523&p2=e%3Dvh&p3=e%3Dvpg&p4=e%3Ddis&adce=1&bundle=888hwV9uR2ZLd29oUUF4YWklMkZTYSUyRk96WFRuaUZoNzUlMkZJNVBmZlBBRVhRUXZWa0ZURiUyRjZGdUc4QUtPUGVoWDVuR2VDWEhaeU5MTHdXc29FTm1PTjZuWE5ib294WkxFV0lvUERaMW9KZm1UV040NmRWWEJHdlJOeCUyQm03YnNhd2drd1dadm43M2tSSzlhRmtUTWF1SDU5UWMyWGhBJTNEJTNE&tld=erabahrain.net&dy=1&fu=https%253A%252F%252Fwww.erabahrain.net%252Fqco%252Fu1J%252FQMU%252FwHZ%252FuY3UPll.zip&dtycbr=14825
178.250.0.163200 OK 4.2 kB URL HTTP/2 sslwidget.criteo.com/event?a=97957&v=5.12.1&p0=e%3Dce%26m%3D%255B%252523%252523Email%252520Address%252523%252523%255D%26h%3D%2523%2523Hash%2520Method%2523%2523&p1=e%3Dexd%26site_type%3Dd%26z%3D%2523%2523Zip%2520Code%2523%2523&p2=e%3Dvh&p3=e%3Dvpg&p4=e%3Ddis&adce=1&bundle=888hwV9uR2ZLd29oUUF4YWklMkZTYSUyRk96WFRuaUZoNzUlMkZJNVBmZlBBRVhRUXZWa0ZURiUyRjZGdUc4QUtPUGVoWDVuR2VDWEhaeU5MTHdXc29FTm1PTjZuWE5ib294WkxFV0lvUERaMW9KZm1UV040NmRWWEJHdlJOeCUyQm03YnNhd2drd1dadm43M2tSSzlhRmtUTWF1SDU5UWMyWGhBJTNEJTNE&tld=erabahrain.net&dy=1&fu=https%253A%252F%252Fwww.erabahrain.net%252Fqco%252Fu1J%252FQMU%252FwHZ%252FuY3UPll.zip&dtycbr=14825
IP 178.250.0.163:0
Hash 971f4256a2a4f344b777af0d39099b69
87129d262cd24506b42e7f1d1c11403aedd1aad3
0eedc518439c49649dc4adcb7567d1d0376b30a838665a41d77252cd668b42ed
GET /event?a=97957&v=5.12.1&p0=e%3Dce%26m%3D%255B%252523%252523Email%252520Address%252523%252523%255D%26h%3D%2523%2523Hash%2520Method%2523%2523&p1=e%3Dexd%26site_type%3Dd%26z%3D%2523%2523Zip%2520Code%2523%2523&p2=e%3Dvh&p3=e%3Dvpg&p4=e%3Ddis&adce=1&bundle=888hwV9uR2ZLd29oUUF4YWklMkZTYSUyRk96WFRuaUZoNzUlMkZJNVBmZlBBRVhRUXZWa0ZURiUyRjZGdUc4QUtPUGVoWDVuR2VDWEhaeU5MTHdXc29FTm1PTjZuWE5ib294WkxFV0lvUERaMW9KZm1UV040NmRWWEJHdlJOeCUyQm03YnNhd2drd1dadm43M2tSSzlhRmtUTWF1SDU5UWMyWGhBJTNEJTNE&tld=erabahrain.net&dy=1&fu=https%253A%252F%252Fwww.erabahrain.net%252Fqco%252Fu1J%252FQMU%252FwHZ%252FuY3UPll.zip&dtycbr=14825 HTTP/1.1
Host: sslwidget.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: application/x-javascript
server: Kestrel
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
expires: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
timing-allow-origin: *
server-processing-duration-in-ticks: 26859787
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/official-facebook-pixel/js/openbridge_plugin.js
192.124.249.32200 OK 56 kB URL HTTP/2 www.erabahrain.net/wp-content/plugins/official-facebook-pixel/js/openbridge_plugin.js
IP 192.124.249.32:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash b3d6669adbf2fa9b81d0c565d0533faf
2bce4d8c627b53b49f1f72d5713b3f33fb2885de
36e5ff941db96bfdbf841f18c87cbef3aabd93833c918c30934d7eaa6f263e44
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/official-facebook-pixel/js/openbridge_plugin.js HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Cookie: _gcl_au=1.1.134892703.1667647322; _ga=GA1.2.949081048.1667647322; _gid=GA1.2.1063178770.1667647322; _gat_gtag_UA_107537550_1=1; _tt_enable_cookie=1; _ttp=68967d78-6826-45bb-962d-e6145c79b825; _fbp=fb.1.1667647322461.967349821; __adroll_fpc=48b602df70b74b65cd0f7543d76a5eb0-1667647322553; __ar_v4=%7CTLCQVSMX7BG4HG7G3QHIUB%3A20221105%3A1%7CHCFWQMQR3JBJ7MY5D47SOZ%3A20221105%3A1; cto_bundle=888hwV9uR2ZLd29oUUF4YWklMkZTYSUyRk96WFRuaUZoNzUlMkZJNVBmZlBBRVhRUXZWa0ZURiUyRjZGdUc4QUtPUGVoWDVuR2VDWEhaeU5MTHdXc29FTm1PTjZuWE5ib294WkxFV0lvUERaMW9KZm1UV040NmRWWEJHdlJOeCUyQm03YnNhd2drd1dadm43M2tSSzlhRmtUTWF1SDU5UWMyWGhBJTNEJTNE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: application/javascript
content-length: 55750
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Wed, 02 Nov 2022 13:06:57 GMT
etag: "ec0951-2d799-5ec7c83fa121d-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8813bd652e27dee15ac0277bcce75d69
da1d92e052021c7231c6bc4524bfcbc2be97b80e
7ec870186870ad507a506909190bcf03a290fe6b685cc7fd19c6a9d547e73500
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 11:22:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 13:17:22 GMT
Expires: Fri, 11 Nov 2022 13:17:21 GMT
Etag: "da1d92e052021c7231c6bc4524bfcbc2be97b80e"
Cache-Control: max-age=524716,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7655359fbecdb4f9-OSL
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d9b08c38f0415438f5f92380ecb902bb
521f94256b2e677cebf32404641ea8b23c18b2a4
696a8fc71eb173d6434e990a93fca753df22378de0e3014f529db7654d27cf77
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 5de5a7ee16d3f3164758282fbecef0a3
82fb2ac7d306e1f9724adc0ba2ef9e549baa9100
ad55f91c5fb1f872310a5f5777a65b79a338138d241a674449da2e0edde1f2ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-107537550-1&cid=949081048.1667647322&jid=674028754&_u=YEBAAUAAAAAAACAAI~&z=1702325017
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-107537550-1&cid=949081048.1667647322&jid=674028754&_u=YEBAAUAAAAAAACAAI~&z=1702325017
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-107537550-1&cid=949081048.1667647322&jid=674028754&_u=YEBAAUAAAAAAACAAI~&z=1702325017 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 05 Nov 2022 11:22:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-107537550-1&cid=949081048.1667647322&jid=674028754&_u=YEBAAUAAAAAAACAAI~&z=1702325017
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-107537550-1&cid=949081048.1667647322&jid=674028754&_u=YEBAAUAAAAAAACAAI~&z=1702325017
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-107537550-1&cid=949081048.1667647322&jid=674028754&_u=YEBAAUAAAAAAACAAI~&z=1702325017 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 05 Nov 2022 11:22:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d9b08c38f0415438f5f92380ecb902bb
521f94256b2e677cebf32404641ea8b23c18b2a4
696a8fc71eb173d6434e990a93fca753df22378de0e3014f529db7654d27cf77
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9e2bebcb5d11d045895bee61cc7a9d75
ce83df1fb1dda6a22bf2843267cbabbe40912181
cdb70f056511de2f5a38a878398e02de912e786eeec8f010ac606acbe93f04cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CDB70F056511DE2F5A38A878398E02DE912E786EEEC8F010AC606ACBE93F04CB"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3861
Expires: Sat, 05 Nov 2022 12:26:25 GMT
Date: Sat, 05 Nov 2022 11:22:04 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 4a9066e8faeec7f06d9a7e91bef8ff52
699ce1c29412a4c3f9018f4deceb3db399ddcd29
46461d19bf1ea06f23d89c4179135eaca9d7c8753a91e913b3adaf2615bee36f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
matching.ivitrack.com/sync?realm=criteo&uid=k-jqaJX1nnmdrnbFDjem0TjoLmDdMx6h1RF6KPFg
34.117.157.22200 OK 42 B URL HTTP/2 matching.ivitrack.com/sync?realm=criteo&uid=k-jqaJX1nnmdrnbFDjem0TjoLmDdMx6h1RF6KPFg
IP 34.117.157.22:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /sync?realm=criteo&uid=k-jqaJX1nnmdrnbFDjem0TjoLmDdMx6h1RF6KPFg HTTP/1.1
Host: matching.ivitrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: istio-envoy
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: image/gif
content-length: 42
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
vts.zohopublic.in/watchws?x-e=era_projects&x-s=inspiriondigitalsolutions&cpage=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&ptitle=Page%20not%20found%20-%20Era%20Bahrain%20-%20Apartment%20For%20Rent%20%26%20Sale%20in%20Bahrain&localtime=GMT%2B0000%20(Coordinated%20Universal%20Time)&gmttime=GMT%2B0000&resolution=1280x1024&lsid=57825000000005001&lang_embed=en&con_id=1667647322344&connection_count=1
169.148.149.190101 Switching Protocols 0 B URL HTTP/1.1 vts.zohopublic.in/watchws?x-e=era_projects&x-s=inspiriondigitalsolutions&cpage=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&ptitle=Page%20not%20found%20-%20Era%20Bahrain%20-%20Apartment%20For%20Rent%20%26%20Sale%20in%20Bahrain&localtime=GMT%2B0000%20(Coordinated%20Universal%20Time)&gmttime=GMT%2B0000&resolution=1280x1024&lsid=57825000000005001&lang_embed=en&con_id=1667647322344&connection_count=1
IP 169.148.149.190:0
ASN #56201 Zoho Corporation Pvt. Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watchws?x-e=era_projects&x-s=inspiriondigitalsolutions&cpage=https%3A%2F%2Fwww.erabahrain.net%2Fqco%2Fu1J%2FQMU%2FwHZ%2FuY3UPll.zip&ptitle=Page%20not%20found%20-%20Era%20Bahrain%20-%20Apartment%20For%20Rent%20%26%20Sale%20in%20Bahrain&localtime=GMT%2B0000%20(Coordinated%20Universal%20Time)&gmttime=GMT%2B0000&resolution=1280x1024&lsid=57825000000005001&lang_embed=en&con_id=1667647322344&connection_count=1 HTTP/1.1
Host: vts.zohopublic.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://www.erabahrain.net
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: upb/11X3ruc0AgLoa0h/DA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Strict-Transport-Security: max-age=15768000
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dahk602eJry2drDImmge2j9FoRQ=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9e2bebcb5d11d045895bee61cc7a9d75
ce83df1fb1dda6a22bf2843267cbabbe40912181
cdb70f056511de2f5a38a878398e02de912e786eeec8f010ac606acbe93f04cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CDB70F056511DE2F5A38A878398E02DE912E786EEEC8F010AC606ACBE93F04CB"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3861
Expires: Sat, 05 Nov 2022 12:26:25 GMT
Date: Sat, 05 Nov 2022 11:22:04 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash ec53cfdb20d21c8d7a979d850d13adb4
cb46cbf46bd81301aac5e4b6c93d2c10807019e2
dc31e8a5b3ad56c5fd5dbd50390d85b13091c99cc7e748c87d6744a400fe5f8f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=153885
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "6365e415-1d7"
Expires: Mon, 07 Nov 2022 06:06:49 GMT
Last-Modified: Sat, 05 Nov 2022 04:18:29 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Y31YYDsPV-OODHi0NUrQM5OAgcczqGvaw7i7i467SmV3o785mMSp9w==
Age: 6500
gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
178.250.0.157302 Found 0 B URL HTTP/2 gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 11:22:03 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
location: https://dpm.demdex.net/ibs:dpid=28645&dpuuid=
server-processing-duration-in-ticks: 1023838
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-o7PpQFnnmdrnbFDjem0TjoLmDdPEObEKAn8xag
23.38.200.22200 OK 45 B URL HTTP/2 contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-o7PpQFnnmdrnbFDjem0TjoLmDdPEObEKAn8xag
IP 23.38.200.22:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 99cceceaed4d575484b69ddaf9ed66a7
1e3a3b15296b585833a22d987a387aa58aa1642d
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
GET /cksync.php?cs=3&type=crt&ovsid=k-o7PpQFnnmdrnbFDjem0TjoLmDdPEObEKAn8xag HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-length: 45
content-type: image/gif
set-cookie: visitor-id=3106489243580245000V10; Expires=Sun, 05 Nov 2023 11:22:04 GMT; domain=.media.net; Path=/;
data-c-ts=1667647324;Expires=Mon, 05 Dec 2022 11:22:04 GMT;path=/;domain=.media.net;
data-c=k-o7PpQFnnmdrnbFDjem0TjoLmDdPEObEKAn8xag~~3;Expires=Mon, 05 Dec 2022 11:22:04 GMT;path=/;domain=.media.net;
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=31536000
x-mnet-hl2: E
expires: Sat, 05 Nov 2022 11:22:04 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 05 Nov 2022 11:22:04 GMT
X-Firefox-Spdy: h2
r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-YkLfRVnnmdrnbFDjem0TjoLmDdPKiEotBFWhRA
104.18.19.126302 Found 0 B URL HTTP/2 r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-YkLfRVnnmdrnbFDjem0TjoLmDdPKiEotBFWhRA
IP 104.18.19.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rum?cm_dsp_id=20&external_user_id=k-YkLfRVnnmdrnbFDjem0TjoLmDdPKiEotBFWhRA HTTP/1.1
Host: r.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 11:22:04 GMT
content-length: 0
location: /rum?cm_dsp_id=20&external_user_id=k-YkLfRVnnmdrnbFDjem0TjoLmDdPKiEotBFWhRA&C=1
cf-ray: 765535a2da220b02-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=Y2ZHXPxADL6VFlmbGPWPSQAA; Path=/; Domain=casalemedia.com; Expires=Sun, 05 Nov 2023 11:22:04 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=688; Path=/; Domain=casalemedia.com; Expires=Fri, 03 Feb 2023 11:22:04 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=688; Path=/; Domain=casalemedia.com; Expires=Fri, 03 Feb 2023 11:22:04 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=68s5ZujXDa8Qrjf1kya4AAqFewPHrUlpUeNyQM6TTH2vNG7%2FQEgeIdqlaGVqe4Volq4KZHvlYnwHndH5mkV3t4f3MlCVPVGEp2Qs0EEDRHeLeyB7dEBz2p1xvN60z%2BTufTVn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_cm&google_hm=ay1LQ3NMNFZubm1kcm5iRkRqZW0wVGpvTG1EZE9kdXpLLXhpbXMzZw
216.58.211.2302 Found 440 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_cm&google_hm=ay1LQ3NMNFZubm1kcm5iRkRqZW0wVGpvTG1EZE9kdXpLLXhpbXMzZw
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash c97641fa3f976ce2f260788d1d7f0b63
6e8f088b1bc5c11fd38518c81a9b2ccbc3423a6a
59a5e57faa6aa97b4493e2fd1d3f4ba8297149769fe131e72878f59a26c8535b
GET /pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_cm&google_hm=ay1LQ3NMNFZubm1kcm5iRkRqZW0wVGpvTG1EZE9kdXpLLXhpbXMzZw HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_cm=&google_hm=ay1LQ3NMNFZubm1kcm5iRkRqZW0wVGpvTG1EZE9kdXpLLXhpbXMzZw&google_tc=
date: Sat, 05 Nov 2022 11:22:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 440
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 05-Nov-2022 11:37:04 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ddc6a0cfefdd9a13363f6399a532c121
6cefb6aa5c2e43f48e71e6d3622f2346a6a6e37b
bc243a1df25ca688919bea318afef2e8691969b9b97888cb32b8a4cc2429e27e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5315
Cache-Control: max-age=137608
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "6365a921-1d7"
Expires: Mon, 07 Nov 2022 01:35:32 GMT
Last-Modified: Sat, 05 Nov 2022 00:06:57 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_cm=&google_hm=ay1LQ3NMNFZubm1kcm5iRkRqZW0wVGpvTG1EZE9kdXpLLXhpbXMzZw&google_tc=
216.58.211.2302 Found 332 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_cm=&google_hm=ay1LQ3NMNFZubm1kcm5iRkRqZW0wVGpvTG1EZE9kdXpLLXhpbXMzZw&google_tc=
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6728e58ee3c9efb4a90c38d944b4d456
49d39cb524dbf2e167641766f05784ba617a7d4f
05655cd6a71e6b389179151272de8fcec27633f3287e6dbc91aaa8820ecf0542
GET /pixel?google_nid=cjp&google_sc=&google_ula=913071&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_cm=&google_hm=ay1LQ3NMNFZubm1kcm5iRkRqZW0wVGpvTG1EZE9kdXpLLXhpbXMzZw&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_error=3
date: Sat, 05 Nov 2022 11:22:04 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 332
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a779f833ddcc626b2c1d90f162cfb73e
ec98a1afcd98dd60e32a5e6099b5354a73c4b904
7cd9fa352d68a7d9ab1fd3eccac2fde329da66c3683e15894db6f9d77557c90d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4146
Cache-Control: max-age=167013
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "6366208f-1d7"
Expires: Mon, 07 Nov 2022 09:45:37 GMT
Last-Modified: Sat, 05 Nov 2022 08:36:31 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-YkLfRVnnmdrnbFDjem0TjoLmDdPKiEotBFWhRA&C=1
104.18.19.126200 OK 43 B URL HTTP/2 r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-YkLfRVnnmdrnbFDjem0TjoLmDdPKiEotBFWhRA&C=1
IP 104.18.19.126:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /rum?cm_dsp_id=20&external_user_id=k-YkLfRVnnmdrnbFDjem0TjoLmDdPKiEotBFWhRA&C=1 HTTP/1.1
Host: r.casalemedia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: image/gif
content-length: 43
cf-ray: 765535a32a7d0b02-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NEbcBVbjMa3xC0AMESVSPvgnw1dPcaDwPOyeoAHkASc2EsmPxcbmN%2BsNO7mPb4wYZsLpiDShJ%2FzVSROHKe92pAyLSId8SzKcbtyN2KcPuws56YdPc3trKho9Lp3xv1Mw%2Brcy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-zani9lnnmdrnbFDjem0TjoLmDdMj0mvFI81UyQ&expires=30
213.19.162.80204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-zani9lnnmdrnbFDjem0TjoLmDdMj0mvFI81UyQ&expires=30
IP 213.19.162.80:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=6434&nid=2149&put=k-zani9lnnmdrnbFDjem0TjoLmDdMj0mvFI81UyQ&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d5c7d31e505103f093db6d1ed70deaa2
Content-Type: image/gif
ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
185.89.211.12307 Redirection 0 B URL HTTP/1.1 ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
IP 185.89.211.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 05 Nov 2022 11:22:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
AN-X-Request-Uuid: f1b58c2f-8ac4-40da-9f5a-764cb1441130
Set-Cookie: uuid2=6102395879040425144; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 03-Feb-2023 11:22:04 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-7hb0nFnnmdrnbFDjem0TjoLmDdMUz-yLFun6Ng
185.64.189.110200 OK 42 B URL HTTP/2 simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-7hb0nFnnmdrnbFDjem0TjoLmDdMUz-yLFun6Ng
IP 185.64.189.110:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-7hb0nFnnmdrnbFDjem0TjoLmDdMUz-yLFun6Ng HTTP/1.1
Host: simage2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_97=3385-uid:k-7hb0nFnnmdrnbFDjem0TjoLmDdMUz-yLFun6Ng&KRTB&23144-uid:k-7hb0nFnnmdrnbFDjem0TjoLmDdMUz-yLFun6Ng&KRTB&23286-uid:k-7hb0nFnnmdrnbFDjem0TjoLmDdMUz-yLFun6Ng&KRTB&23287-uid:k-7hb0nFnnmdrnbFDjem0TjoLmDdMUz-yLFun6Ng; domain=pubmatic.com; secure; expires=Mon, 05-Dec-2022 11:22:03 GMT; path=/
PugT=1667647323; domain=pubmatic.com; secure; expires=Mon, 05-Dec-2022 11:22:03 GMT; path=/
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2
criteo-sync.teads.tv/um?eid=80&uid=k-_OOAtVnnmdrnbFDjem0TjoLmDdPwJHU7vy3LWA
23.195.255.234200 OK 23 B URL HTTP/2 criteo-sync.teads.tv/um?eid=80&uid=k-_OOAtVnnmdrnbFDjem0TjoLmDdPwJHU7vy3LWA
IP 23.195.255.234:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash da5b449fff36752a93779fa4067cd2eb
71a96eea77f21ab5f1819b96c4cedd5cd34476ca
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
GET /um?eid=80&uid=k-_OOAtVnnmdrnbFDjem0TjoLmDdPwJHU7vy3LWA HTTP/1.1
Host: criteo-sync.teads.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
server: akka-http/10.2.9
content-length: 23
expires: Sat, 05 Nov 2022 11:22:04 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 05 Nov 2022 11:22:04 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 4e890957a491cd8815298d33cc4aea03
bb9d30ebfb8f52b2e8f39359868a688fff7f98d8
717352e16d5f0dc93badcc854df5ea94306b1149d8b4175ab666df5d1aa0062b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=152156
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "6365dfe9-1d7"
Expires: Mon, 07 Nov 2022 05:38:00 GMT
Last-Modified: Sat, 05 Nov 2022 04:00:41 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SWeXB1Tu0WQLqj3ahNXqVurok4mK0UwBsZ38NvpuCCFtCHJutAsAdA==
Age: 5839
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash e23d0b41d5484b8a774c49d0cb864022
dc8edb0bfd145ed44a5fa55cd8e88eddc941c12f
3bff6b7857fff46d3a9fee29d6084a2c31de0c516435bcbd53f7f363bbade149
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6179
Cache-Control: max-age=105332
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "636527ad-139"
Expires: Sun, 06 Nov 2022 16:37:36 GMT
Last-Modified: Fri, 04 Nov 2022 14:54:37 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 313
match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-7e0bKVnnmdrnbFDjem0TjoLmDdPhx5v_xnAT5w
52.57.80.202204 No Content 0 B URL HTTP/2 match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-7e0bKVnnmdrnbFDjem0TjoLmDdPhx5v_xnAT5w
IP 52.57.80.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-7e0bKVnnmdrnbFDjem0TjoLmDdPhx5v_xnAT5w HTTP/1.1
Host: match.sharethrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 05 Nov 2022 11:22:04 GMT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 2f75d606d78f1bb1899625dd8cf247a7
2a29750c52f72412d1cfcb75ee403c1c75ad30f6
227d7501f2b10c85afbee42f15b770372301d3cd7832558533fbbfc6f3e78536
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 11:22:04 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 05 Nov 2022 01:56:50 GMT
Expires: Sat, 12 Nov 2022 01:56:49 GMT
Etag: "2a29750c52f72412d1cfcb75ee403c1c75ad30f6"
Cache-Control: max-age=570284,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 765535a3daf0b4f9-OSL
ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
185.89.211.12302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
IP 185.89.211.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Sat, 05 Nov 2022 11:22:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=0
AN-X-Request-Uuid: 9b30ef9e-c87d-43f7-b92e-51ec65d83d34
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-1OWKOVnnmdrnbFDjem0TjoLmDdNtiuuYeTpF3w
185.86.137.110200 OK 43 B URL HTTP/1.1 rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-1OWKOVnnmdrnbFDjem0TjoLmDdNtiuuYeTpF3w
IP 185.86.137.110:0
ASN #201081 SmartAdServer SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /redir/?partnerid=79&partneruserid=k-1OWKOVnnmdrnbFDjem0TjoLmDdNtiuuYeTpF3w HTTP/1.1
Host: rtb-csync.smartadserver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
content-type: image/gif
date: Sat, 05 Nov 2022 11:22:04 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: pid=4600947359325031117; expires=Tue, 05 Dec 2023 11:22:04 GMT; domain=smartadserver.com; path=/
TestIfCookieP=ok; expires=Tue, 05 Dec 2023 11:22:04 GMT; domain=smartadserver.com; path=/
csync=79:k-1OWKOVnnmdrnbFDjem0TjoLmDdNtiuuYeTpF3w; expires=Sun, 05 Nov 2023 11:22:04 GMT; domain=smartadserver.com; path=/
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0962ab09955ca093411af25c4bc9b49c
ae4c048f057270675963cbfff17af5211b093b1d
4b682535559f123a25c244ab113876b0ca6d1f32a3fef2c94b13f5e56faa08ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3768
Cache-Control: max-age=99314
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "63651996-1d7"
Expires: Sun, 06 Nov 2022 14:57:18 GMT
Last-Modified: Fri, 04 Nov 2022 13:54:30 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d82c05303099a87c4e3183baa9b4c44c
6bd70a1f572a12e130874a3d93032bcd74f4af07
b634e237c197dadd26534f4d7416a82be5db8087f2f5c57ae37f07578ce61ad4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2751
Cache-Control: max-age=99372
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "63651dc9-1d7"
Expires: Sun, 06 Nov 2022 14:58:16 GMT
Last-Modified: Fri, 04 Nov 2022 14:12:25 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
cm.adform.net/pixel?adform_pid=15&adform_pc=k-OvB3TVnnmdrnbFDjem0TjoLmDdMYgVCdySZiLA
37.157.6.241200 OK 43 B URL HTTP/2 cm.adform.net/pixel?adform_pid=15&adform_pc=k-OvB3TVnnmdrnbFDjem0TjoLmDdMYgVCdySZiLA
IP 37.157.6.241:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /pixel?adform_pid=15&adform_pc=k-OvB3TVnnmdrnbFDjem0TjoLmDdMYgVCdySZiLA HTTP/1.1
Host: cm.adform.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: image/gif
content-length: 43
last-modified: Thu, 11 Apr 2019 06:08:57 GMT
etag: "5caed9f9-2b"
accept-ranges: bytes
X-Firefox-Spdy: h2
x.bidswitch.net/sync?dsp_id=46&user_id=k-a1bpTFnnmdrnbFDjem0TjoLmDdNGqudeS1mxDA&expires=30
3.123.248.151302 Moved Temporarily 0 B URL HTTP/1.1 x.bidswitch.net/sync?dsp_id=46&user_id=k-a1bpTFnnmdrnbFDjem0TjoLmDdNGqudeS1mxDA&expires=30
IP 3.123.248.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?dsp_id=46&user_id=k-a1bpTFnnmdrnbFDjem0TjoLmDdNGqudeS1mxDA&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Date: Sat, 05 Nov 2022 11:22:04 GMT
Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-a1bpTFnnmdrnbFDjem0TjoLmDdNGqudeS1mxDA&expires=30
Set-Cookie: tuuid=4a34bb34-eba6-49a1-908d-4ba0355ee2ec; path=/; expires=Sun, 05-Nov-2023 11:22:04 GMT; domain=.bidswitch.net; samesite=none; secure
c=1667647324; path=/; expires=Sun, 05-Nov-2023 11:22:04 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1667647324; path=/; expires=Sun, 05-Nov-2023 11:22:04 GMT; domain=.bidswitch.net; samesite=none; secure
c=1667647324; path=/; expires=Sun, 05-Nov-2023 11:22:04 GMT; domain=.bidswitch.net; samesite=none; secure
Content-Length: 0
Connection: keep-alive
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 240de02057b18f9b46f3b3f6191f6d60
b3e38125683ec6a209f22d83cef9ba848d3b43db
1434bcb1ca7667728a408978abd2967f9e166116b0e576e0ccd479a219627524
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5219
Cache-Control: max-age=89991
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "6364ef80-1d7"
Expires: Sun, 06 Nov 2022 12:21:55 GMT
Last-Modified: Fri, 04 Nov 2022 10:54:56 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ad.yieldlab.net/m?dt_id=8664&ext_id=k-cFmpnFnnmdrnbFDjem0TjoLmDdPFCF5D4_kRXA
23.13.245.180204 No Content 0 B URL HTTP/1.1 ad.yieldlab.net/m?dt_id=8664&ext_id=k-cFmpnFnnmdrnbFDjem0TjoLmDdPFCF5D4_kRXA
IP 23.13.245.180:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /m?dt_id=8664&ext_id=k-cFmpnFnnmdrnbFDjem0TjoLmDdPFCF5D4_kRXA HTTP/1.1
Host: ad.yieldlab.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
x-application-context: application
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Fri, 04 Nov 2022 11:22:04 GMT
Date: Sat, 05 Nov 2022 11:22:04 GMT
Connection: keep-alive
Set-Cookie: id=ea9c95c9-b5ff-4a75-8091-c67b9e810b47; Path=/; Domain=yieldlab.net; Expires=Sun, 05-Nov-2023 11:22:04 GMT; Max-Age=31536000; Secure; SameSite=None
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3cbb792a7d6b0889885189d27875a112
befa6d3ffa3ba1aa611025247bc9a268577cfecb
c2f5c9667e2dcf486301c0d73eb6b180dfafce19b917bc7994397994593dce4f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2F5C9667E2DCF486301C0D73EB6B180DFAFCE19B917BC7994397994593DCE4F"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12876
Expires: Sat, 05 Nov 2022 14:56:40 GMT
Date: Sat, 05 Nov 2022 11:22:04 GMT
Connection: keep-alive
ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-XjwJ1lnnmdrnbFDjem0TjoLmDdNciHzoDlYyaQ
3.126.56.137302 Found 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-XjwJ1lnnmdrnbFDjem0TjoLmDdNciHzoDlYyaQ
IP 3.126.56.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58301/sync?_origin=1&uid=k-XjwJ1lnnmdrnbFDjem0TjoLmDdNciHzoDlYyaQ HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 11:22:04 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-XjwJ1lnnmdrnbFDjem0TjoLmDdNciHzoDlYyaQ&verify=true
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBFxHZmMCEAy4fT9BQ-J4maFd3jblITUFEgEBAQGYZ2NwYwAAAAAA_eMAAA&S=AQAAAgZlu6Wqg25Frucy6mt_PbY; Expires=Sun, 5 Nov 2023 17:22:04 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
css.zohocdn.com/salesiq/styles/floatbuttonpostload_f1220b7c9b22ce1312e9acd2dd6c3f30_.css
185.20.209.147200 OK 14 kB URL HTTP/2 css.zohocdn.com/salesiq/styles/floatbuttonpostload_f1220b7c9b22ce1312e9acd2dd6c3f30_.css
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type ASCII text, with very long lines (65216), with no line terminators
Hash 53c814bde4ddfdd6081f2cbd020a7645
3b4d7f016e1f61d1577ba68f0fbb09cbc3128dfe
3d1359d09629042b9fbc9abb7f90d504ce366e04b21c1657909eb5822162beec
GET /salesiq/styles/floatbuttonpostload_f1220b7c9b22ce1312e9acd2dd6c3f30_.css HTTP/1.1
Host: css.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: text/css;charset=UTF-8
content-length: 14409
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "53c814bde4ddfdd6081f2cbd020a7645"
content-language: en-US
last-modified: Mon, 19 Sep 2022 16:06:40 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: 72c28d04147af7c34e79399a253746c0
z-origin-id: ex1-e1901be96ba34cf9b53ad6489370bc1a
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash b84517f6f7679d660354c6eed89ac8ba
5e07fc8de9f4ad6e91e80a6bd2453cbc7c19d54b
656b1d76d8279a84ec47792d3f48775bb41ebc5f4739431798322bb3befe3e16
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=134572
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "6365a222-1d7"
Expires: Mon, 07 Nov 2022 00:44:56 GMT
Last-Modified: Fri, 04 Nov 2022 23:37:06 GMT
Server: ECS (bsa/EB1C)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: p5Kqkjzg8RYVdMUqhZoTCdOd0-59o_MyrRqvG2XW1xbhevs4xYOzkg==
Age: 4070
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d53c9b96691b127b62a68514afd188b7
bc9e4bc823a7578c9aa8b92f70cea05c4e50bfed
8833bc593b7eaf853029862bdd25c5f13227d530a9c6b307cc0e71bb36255e25
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4451
Cache-Control: max-age=154739
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "6365ef6c-1d7"
Expires: Mon, 07 Nov 2022 06:21:03 GMT
Last-Modified: Sat, 05 Nov 2022 05:06:52 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
id5-sync.com/s/966/9.gif?puid=k-UNxzwFnnmdrnbFDjem0TjoLmDdOjA2XS2jBqtg
141.95.98.64200 43 B URL HTTP/1.1 id5-sync.com/s/966/9.gif?puid=k-UNxzwFnnmdrnbFDjem0TjoLmDdOjA2XS2jBqtg
IP 141.95.98.64:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /s/966/9.gif?puid=k-UNxzwFnnmdrnbFDjem0TjoLmDdOjA2XS2jBqtg HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Sat, 05-Nov-2022 11:27:04 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Sat, 05-Nov-2022 11:27:04 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Sat, 05-Nov-2022 11:27:04 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Sat, 05-Nov-2022 11:27:04 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Sat, 05-Nov-2022 11:27:04 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Sat, 05-Nov-2022 11:27:04 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Sat, 05 Nov 2022 11:22:04 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 1b72e68f34ad2d91e76c32364dad56b4
8cf97300fda9498d01fad847405b86b5090c9cb2
cf90275b67af69844a7e85b92d25c51d8d06e8a38641506c374138c565a28d61
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=93402
Date: Sat, 05 Nov 2022 11:22:04 GMT
Etag: "6364ff0c-1d7"
Expires: Sun, 06 Nov 2022 13:18:46 GMT
Last-Modified: Fri, 04 Nov 2022 12:01:16 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cXZQZq_Q-bGtztmFTsgtpo56RrmiURBa2rBPKswjETWpVYpNPrM5iw==
Age: 4650
ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-XjwJ1lnnmdrnbFDjem0TjoLmDdNciHzoDlYyaQ&verify=true
3.126.56.137204 No Content 0 B URL HTTP/2 ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-XjwJ1lnnmdrnbFDjem0TjoLmDdNciHzoDlYyaQ&verify=true
IP 3.126.56.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ups/58301/sync?_origin=1&uid=k-XjwJ1lnnmdrnbFDjem0TjoLmDdNciHzoDlYyaQ&verify=true HTTP/1.1
Host: ups.analytics.yahoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 05 Nov 2022 11:22:04 GMT
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
strict-transport-security: max-age=31536000
age: 0
server: ATS/9.1.10.25
set-cookie: A3=d=AQABBFxHZmMCEDhOGpxKx-QSRWL8QeH02T0FEgEBAQGYZ2NwYwAAAAAA_eMAAA&S=AQAAAvgfVn6shxTznsBCfPZ_8no; Expires=Sun, 5 Nov 2023 17:22:04 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
css.zohocdn.com/salesiq/styles/newembedtheme_558bf05f672cf235b93c3ace5e2b13a3_.css
185.20.209.147200 OK 48 kB URL HTTP/2 css.zohocdn.com/salesiq/styles/newembedtheme_558bf05f672cf235b93c3ace5e2b13a3_.css
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type ASCII text, with very long lines (65536), with no line terminators
Hash 73f962d512cf22d867608411a0cd3345
c24a29e0fe84bc517712820ad9d5aa0efcd3f9a3
6dc65ba8e40d8b5e63215181b8732cecb8a30d8c7507b10178b0cc256c25c83c
GET /salesiq/styles/newembedtheme_558bf05f672cf235b93c3ace5e2b13a3_.css HTTP/1.1
Host: css.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: text/css;charset=UTF-8
content-length: 48034
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "73f962d512cf22d867608411a0cd3345"
content-language: en-US
last-modified: Sat, 29 Oct 2022 12:22:42 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: c72521cccd52d63c25f58b97319725b6
z-origin-id: ex1-5004f1f54af34dfa8a9f0e940648c713
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-hrKDf1nnmdrnbFDjem0TjoLmDdOOCF4Q2hUdTw
35.156.110.97302 Found 0 B URL HTTP/2 ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-hrKDf1nnmdrnbFDjem0TjoLmDdOOCF4Q2hUdTw
IP 35.156.110.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?publisher_dsp_id=38&external_user_id=k-hrKDf1nnmdrnbFDjem0TjoLmDdOOCF4Q2hUdTw HTTP/1.1
Host: ad.360yield.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: text/plain
content-length: 0
location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-hrKDf1nnmdrnbFDjem0TjoLmDdOOCF4Q2hUdTw
set-cookie: tuuid=083d671d-4d05-4675-9a45-98b5e37436b1; Expires=Fri, 03 Feb 2023 11:22:04 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure
tuuid_lu=1667647324; Expires=Fri, 03 Feb 2023 11:22:04 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Firefox-Spdy: h2
js.zohocdn.com/ichat/js/Sep_19_2022_wmsliteapi.js
185.20.209.147200 OK 7.0 kB URL HTTP/2 js.zohocdn.com/ichat/js/Sep_19_2022_wmsliteapi.js
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type ASCII text, with very long lines (19805)
Hash 02d06670a159b51d02f634796b7aa6f8
46c1c0e5286e3553a7a20912fec36a458fbde2a6
6264a9e7d41156ef86657069b5090e1288dd24ab0e476754bf989f35b7b81a36
GET /ichat/js/Sep_19_2022_wmsliteapi.js HTTP/1.1
Host: js.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: application/javascript;charset=UTF-8
content-length: 6962
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "02d06670a159b51d02f634796b7aa6f8"
content-language: en-US
last-modified: Mon, 19 Sep 2022 05:18:31 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: ceffa12531930b3505e56ebc5cf77bf0
z-origin-id: ex1-98a7ad72e6434d67865153e0ae4ca55d
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-a1bpTFnnmdrnbFDjem0TjoLmDdNGqudeS1mxDA&expires=30
3.123.248.151200 OK 43 B URL HTTP/1.1 x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-a1bpTFnnmdrnbFDjem0TjoLmDdNGqudeS1mxDA&expires=30
IP 3.123.248.151:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=46&user_id=k-a1bpTFnnmdrnbFDjem0TjoLmDdNGqudeS1mxDA&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sat, 05 Nov 2022 11:22:04 GMT
Content-Length: 43
Connection: keep-alive
eb2.3lift.com/xuid?mid=2711&xuid=k-9Ozo41nnmdrnbFDjem0TjoLmDdP_ex4xu9zSWw&dongle=013b
13.248.245.213200 OK 37 B URL HTTP/2 eb2.3lift.com/xuid?mid=2711&xuid=k-9Ozo41nnmdrnbFDjem0TjoLmDdP_ex4xu9zSWw&dongle=013b
IP 13.248.245.213:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3eacd0132310ea44cad756b378a3bc07
e2216a7e9b73f5cb0279351c78ce61c33475cea7
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
GET /xuid?mid=2711&xuid=k-9Ozo41nnmdrnbFDjem0TjoLmDdP_ex4xu9zSWw&dongle=013b HTTP/1.1
Host: eb2.3lift.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: image/gif
content-length: 37
cache-control: no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=28645&dpuuid=
18.202.164.188302 Found 86 kB URL HTTP/1.1 dpm.demdex.net/ibs:dpid=28645&dpuuid=
IP 18.202.164.188:0
File type gzip compressed data, from Unix\012- data
Hash a9e95234c46bc6e707964365a3158942
17700bc88201fc14f4efd86da90b8bea134c9b49
2bf0fe0bc2dc309b11ff8796ac778cd40fa6227bb791dab5cadbcccbd5674bb8
GET /ibs:dpid=28645&dpuuid= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0305a06ee.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=21002450608552859293977785185551403511; Max-Age=15552000; Expires=Thu, 04 May 2023 11:22:04 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: U/xX0gOjTzI=
Content-Length: 0
Connection: keep-alive
sync.outbrain.com/cookie-sync?p=criteo&uid=k-uGA2i1nnmdrnbFDjem0TjoLmDdOY_evqTgkZOw
70.42.32.63200 OK 0 B URL HTTP/1.1 sync.outbrain.com/cookie-sync?p=criteo&uid=k-uGA2i1nnmdrnbFDjem0TjoLmDdOY_evqTgkZOw
IP 70.42.32.63:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cookie-sync?p=criteo&uid=k-uGA2i1nnmdrnbFDjem0TjoLmDdOY_evqTgkZOw HTTP/1.1
Host: sync.outbrain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 11:22:04 GMT
Content-Length: 0
Cache-Control: no-cache
X-TraceId: 6d85059167ddec1bb73371391d42f9ad
ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-hrKDf1nnmdrnbFDjem0TjoLmDdOOCF4Q2hUdTw
35.156.110.97200 OK 43 B URL HTTP/2 ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-hrKDf1nnmdrnbFDjem0TjoLmDdOOCF4Q2hUdTw
IP 35.156.110.97:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/match?publisher_dsp_id=38&external_user_id=k-hrKDf1nnmdrnbFDjem0TjoLmDdOOCF4Q2hUdTw HTTP/1.1
Host: ad.360yield.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Firefox-Spdy: h2
js.zohocdn.com/salesiq/js/siqnewchatwindow_68da5ee701ca4137951a1a071e61f8c3_.js
185.20.209.147200 OK 318 kB URL HTTP/2 js.zohocdn.com/salesiq/js/siqnewchatwindow_68da5ee701ca4137951a1a071e61f8c3_.js
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size 318 kB (317601 bytes)
Hash e83d014d220b09c5506d4135e60e2a4b
427b98f75f2f0d46ed7c6fe6cd0e6e108be272d4
39a99bcf297857a6a9310dbf6d4ecb33d0923880cf966b4bbbd4e3da95a1edb1
GET /salesiq/js/siqnewchatwindow_68da5ee701ca4137951a1a071e61f8c3_.js HTTP/1.1
Host: js.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: application/javascript;charset=UTF-8
content-length: 317601
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "e83d014d220b09c5506d4135e60e2a4b"
content-language: en-US
last-modified: Sat, 29 Oct 2022 12:22:58 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: 9a41da2646900bbd3d3ec88ac41944d8
z-origin-id: ex1-61952805fcd040a090ab64e16197335e
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
js.zohocdn.com/salesiq/js/resource/embed/resource_a0c93d7335e2e5f617e944fe8cec7397_.js
185.20.209.147200 OK 13 kB URL HTTP/2 js.zohocdn.com/salesiq/js/resource/embed/resource_a0c93d7335e2e5f617e944fe8cec7397_.js
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type ASCII text, with very long lines (43851), with no line terminators
Hash 5de6de8414335d99cd836fb6bb5d3afa
c7b14959f7c402870ef05b736e022dec23db85b2
cbb9df93d80ddcfe8af82fac95daeb855a8d5df2c91952ee293dba02e381e218
GET /salesiq/js/resource/embed/resource_a0c93d7335e2e5f617e944fe8cec7397_.js HTTP/1.1
Host: js.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: application/javascript;charset=UTF-8
content-length: 13147
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "5de6de8414335d99cd836fb6bb5d3afa"
content-language: en-US
last-modified: Sat, 29 Oct 2022 12:22:36 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: d9827f0fce18d866f08a36fa318e04b1
z-origin-id: ex1-6d58815649d34c63acb5fca937a463c9
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
css.zohocdn.com/salesiq/styles/fonts/float/siq_df7a33e7f9075cf8e624bd35984c7262_.ttf
185.20.209.147200 OK 8.2 kB URL HTTP/2 css.zohocdn.com/salesiq/styles/fonts/float/siq_df7a33e7f9075cf8e624bd35984c7262_.ttf
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, Revamp \012- data
Hash 7d0cf6743b92dec00144647c374f0639
78664ccb22099da1aad347f2c47d68b510d94345
92a1a2d43ddd970b4abc1b65e89de57cf421789d7edc1daf300acd3e27b9912d
GET /salesiq/styles/fonts/float/siq_df7a33e7f9075cf8e624bd35984c7262_.ttf HTTP/1.1
Host: css.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://css.zohocdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: font/ttf
content-length: 8214
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
access-control-expose-headers: *
access-control-allow-origin: *
etag: "7d0cf6743b92dec00144647c374f0639"
content-language: en-US
last-modified: Tue, 01 Mar 2022 17:15:31 GMT
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: bd07ad00069497185878ea60cb3d1642
z-origin-id: ex1-459fd82a6e7140f9bd5c8164c215fae7
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
js.zohocdn.com/ichat/js/430eca65_wmsbridge.js
185.20.209.147200 OK 4.6 kB URL HTTP/2 js.zohocdn.com/ichat/js/430eca65_wmsbridge.js
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type ASCII text, with very long lines (15218), with no line terminators
Hash 82c9a89a0bdba3d6a7c9d7aed067b1c6
6c5ba311b13654beb8a09b91145372ca2352f5d5
84b07e0d05401523e15a983a040664a4c08e9c5a0d0ade90c2c7f1441126bd34
GET /ichat/js/430eca65_wmsbridge.js HTTP/1.1
Host: js.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: application/javascript;charset=UTF-8
content-length: 4597
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "82c9a89a0bdba3d6a7c9d7aed067b1c6"
content-language: en-US
last-modified: Thu, 15 Sep 2022 12:04:11 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: 2fabfab383a76787e9da5c4182acfb4d
z-origin-id: ex1-baa6bfb8f4384b0cbbfca0fa72d15aac
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=
18.202.164.188200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=
IP 18.202.164.188:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-027dff91d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 8GSFy5BzT/Y=
Content-Length: 59
Connection: keep-alive
css.zohocdn.com/webfonts/latoregular/font.woff
185.20.209.147200 OK 38 kB URL HTTP/2 css.zohocdn.com/webfonts/latoregular/font.woff
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type Web Open Font Format, TrueType, length 37676, version 0.0\012- data
Hash cbdddd82da22c6cbdd41ea4342266abf
080a92c0fe8ff513ee966a446be89128fa31e79a
251d58cc997156886bac2cefc52d1330129544d5f1d6c2a4722242fe3eaa7e9d
GET /webfonts/latoregular/font.woff HTTP/1.1
Host: css.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://css.zohocdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:05 GMT
content-type: font/woff
content-length: 37676
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=5184000, immutable
access-control-expose-headers: *
access-control-allow-origin: *
etag: "f73a195cf160c3c1c1eaf8fcf8eabc04"
content-language: en-US
last-modified: Wed, 28 Jul 2021 14:29:16 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: fd3928a7e6febe3fc7d1164427ec3ef5
z-origin-id: ex1-48437087d89e4640a370748876dda19e
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-pc10NFnnmdrnbFDjem0TjoLmDdMxr30E2x14qQ
185.255.84.152200 OK 49 B URL HTTP/2 visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-pc10NFnnmdrnbFDjem0TjoLmDdMxr30E2x14qQ
IP 185.255.84.152:0
ASN #200271 Iguane Solutions SAS
File type GIF image data, version 89a, 1 x 1\012- data
Hash 4408efc0174f07ad685c456f1de521ca
e3bc3250f8f32bd98dc7b05fd8940b74617eb8d1
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
GET /visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-pc10NFnnmdrnbFDjem0TjoLmDdMxr30E2x14qQ HTTP/1.1
Host: visitor.omnitagjs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
expires: 0
p3p: CP="CAO PSA OUR"
pragma: no-cache
set-cookie: ayl_visitor=67a2f970fe7207619a3fd8bc7778adc2; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
date: Sat, 05 Nov 2022 11:22:04 GMT
content-length: 49
x-envoy-upstream-service-time: 3
server: ayl-lb-fra02
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
178.250.0.157302 Found 0 B URL HTTP/2 gum.criteo.com/sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=83&r=1&a=1&u=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcriteo%26partner_uid%3D%40USERID%40 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 11:22:05 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
location: https://beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=
server-processing-duration-in-ticks: 992823
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
sync-criteo.ads.yieldmo.com/sync?id=k-ZCiqM1nnmdrnbFDjem0TjoLmDdPq09dpOtse4w&pn_id=criteo&ext=1
52.17.209.100200 OK 43 B URL HTTP/2 sync-criteo.ads.yieldmo.com/sync?id=k-ZCiqM1nnmdrnbFDjem0TjoLmDdPq09dpOtse4w&pn_id=criteo&ext=1
IP 52.17.209.100:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?id=k-ZCiqM1nnmdrnbFDjem0TjoLmDdPq09dpOtse4w&pn_id=criteo&ext=1 HTTP/1.1
Host: sync-criteo.ads.yieldmo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:05 GMT
content-type: image/gif
content-length: 43
set-cookie: yieldmo_id=g192493cb2c4163d79e2%7C1667647325112%7C0%7C; Domain=.yieldmo.com; Expires=Sun, 05-Nov-2023 11:22:05 GMT; Path=/; Secure; SameSite=None; Secure
ptrcriteo=k-ZCiqM1nnmdrnbFDjem0TjoLmDdPq09dpOtse4w; Domain=ads.yieldmo.com; Expires=Sun, 05-Nov-2023 11:22:05 GMT; Path=/; Secure; SameSite=None; Secure
access-control-allow-origin: *
access-control-request-headers: Cache-Control, Pragma
access-control-allow-methods: GET, OPTIONS
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bfdcee9abea38f7372f1a174da6e7228
bb15f79aefb199b398f34872c52806a79bdb94f7
d8bce781658a5483c819452c70e6f02b8800ac049317fdb4ed6340d29bf75d7d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3636
Cache-Control: max-age=88774
Content-Type: application/ocsp-response
Date: Sat, 05 Nov 2022 11:22:05 GMT
Etag: "6364f0ef-1d7"
Expires: Sun, 06 Nov 2022 12:01:39 GMT
Last-Modified: Fri, 04 Nov 2022 11:01:03 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=
52.16.235.253204 No Content 0 B URL HTTP/2 beacon.krxd.net/usermatch.gif?partner=criteo&partner_uid=
IP 52.16.235.253:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch.gif?partner=criteo&partner_uid= HTTP/1.1
Host: beacon.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 05 Nov 2022 11:22:05 GMT
set-cookie: _kuid_=PLjgKnVM; Expires=Thu, 04-May-23 11:22:05 GMT; Max-Age=15552000; Domain=.krxd.net; Path=/
cache-control: private, no-cache, no-store
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-served-by: beacon-n014-dub-prod.krxd.net
x-request-time: D=24 t=1667647325
X-Firefox-Spdy: h2
css.zohocdn.com/salesiq/images/cw/online-chat_156f4465f7031faa672da42fb9596199_.svg
185.20.209.147200 OK 2.2 kB URL HTTP/2 css.zohocdn.com/salesiq/images/cw/online-chat_156f4465f7031faa672da42fb9596199_.svg
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ee2de94d5f69ac6e059112c523a74c8f
486cb5f112a5574e144d7b3d18f80007d3d0e1e5
b770968f420b392a9ebda4f777c8061e57f0856826de95fe358546bb61ad0323
GET /salesiq/images/cw/online-chat_156f4465f7031faa672da42fb9596199_.svg HTTP/1.1
Host: css.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://css.zohocdn.com/salesiq/styles/newembedtheme_558bf05f672cf235b93c3ace5e2b13a3_.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:05 GMT
content-type: image/svg+xml
content-length: 2156
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "ee2de94d5f69ac6e059112c523a74c8f"
content-language: en-US
last-modified: Fri, 02 Jul 2021 08:06:15 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: 79e9227dde524407f26bf08c64e7dca5
z-origin-id: ex1-de9149561bde4f97a4e665c0f6d8f2af
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
178.250.0.157302 Found 0 B URL HTTP/2 gum.criteo.com/sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?c=10&r=1&u=https%3A%2F%2Fs.thebrighttag.com%2Fcs%3Fbtt%3D0%26tp%3Dcr%26uid%3D%40USERID%40 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Sat, 05 Nov 2022 11:22:04 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
location: https://s.thebrighttag.com/cs?btt=0&tp=cr&uid=
server-processing-duration-in-ticks: 223208
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash e799603cd32b82bb03fe24a6727ad9fa
e6e46b188121e24e8ae72fc87e49ae2f1e038ab9
03fe33368d5df9fa136b8cc8fee1692d3ad0f7ed11b2d746f59d50ad52c6208a
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "03FE33368D5DF9FA136B8CC8FEE1692D3AD0F7ED11B2D746F59D50AD52C6208A"
Last-Modified: Sat, 05 Nov 2022 08:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=2168
Expires: Sat, 05 Nov 2022 11:58:13 GMT
Date: Sat, 05 Nov 2022 11:22:05 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash cf84091df069182405968b73f06ccb69
f79ef087aec07216142ed2ff661c73602a26f8e2
86b53b30febde2795f37ba9f9a2ae33421f6863e7fe17985b1203bc81c20773a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 05 Nov 2022 11:22:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 04 Nov 2022 00:01:44 GMT
Expires: Fri, 11 Nov 2022 00:01:43 GMT
Etag: "f79ef087aec07216142ed2ff661c73602a26f8e2"
Cache-Control: max-age=476977,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 765535a8e8a4b4f9-OSL
s.thebrighttag.com/cs?btt=0&tp=cr&uid=
3.23.184.187200 OK 35 B URL HTTP/2 s.thebrighttag.com/cs?btt=0&tp=cr&uid=
IP 3.23.184.187:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /cs?btt=0&tp=cr&uid= HTTP/1.1
Host: s.thebrighttag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:05 GMT
content-type: image/gif
content-length: 35
x-bt-requestid: 14200470-5cfc-11ed-9041-0000ac170305
cache-control: private, must-revalidate
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin:
server: nginx
p3p: CP=NOI DSP COR NID
X-Firefox-Spdy: h2
css.zohocdn.com/salesiq/images/cw/header_pattern_08e3ad24bb4d5ca2c7d6121bfcdb608d_.svg
185.20.209.147200 OK 6.4 kB URL HTTP/2 css.zohocdn.com/salesiq/images/cw/header_pattern_08e3ad24bb4d5ca2c7d6121bfcdb608d_.svg
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash f8981f78768faa45dbec1080709344f4
648e6bf4ed0e8079bb35ec449307e70d0bd2e510
74064bb853699f862508552f84e05b2d930fd421a15ab76051d264d81280420f
GET /salesiq/images/cw/header_pattern_08e3ad24bb4d5ca2c7d6121bfcdb608d_.svg HTTP/1.1
Host: css.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://css.zohocdn.com/salesiq/styles/newembedtheme_558bf05f672cf235b93c3ace5e2b13a3_.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:05 GMT
content-type: image/svg+xml
content-length: 6367
x-content-type-options: nosniff
x-xss-protection: 1
etag: "f8981f78768faa45dbec1080709344f4"
content-language: en-US
last-modified: Wed, 03 Jun 2020 01:43:13 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
cache-control: public, max-age=7776000, must-revalidate, proxy-revalidate
timing-allow-origin: *
x-cache: HIT
nb-request-id: 67e5fe8de0a440add50747f88270c56d
z-origin-id: ex1-5f60bf900f80b71736847896
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
css.zohocdn.com/salesiq/styles/fonts/cw/siq_1fee8a295aea2c30efe2113b7af4e0f7_.ttf
185.20.209.147200 OK 20 kB URL HTTP/2 css.zohocdn.com/salesiq/styles/fonts/cw/siq_1fee8a295aea2c30efe2113b7af4e0f7_.ttf
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon \012- data
Hash d28e16679e0f181b99fc5c324d164778
1ab692684658719345c711c478848d68e5975d0f
1e6b3bfa5506ba820561b77d02e08ad9f563a01e730825087c54aefe8115bcda
GET /salesiq/styles/fonts/cw/siq_1fee8a295aea2c30efe2113b7af4e0f7_.ttf HTTP/1.1
Host: css.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://css.zohocdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:05 GMT
content-type: font/ttf
content-length: 20456
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
access-control-expose-headers: *
access-control-allow-origin: *
etag: "d28e16679e0f181b99fc5c324d164778"
content-language: en-US
last-modified: Mon, 19 Sep 2022 16:06:31 GMT
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: 1fce3ed332ddbaad898a0f808cb82e6e
z-origin-id: ex1-74f8f792066a430b9dfcef0d555d281c
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
static.zohocdn.com/salesiq/MEDIA_14/sound/ping_e69e7799466b7f62fc1640e8028f922d_.mp3
185.20.209.147206 Partial Content 32 kB URL HTTP/2 static.zohocdn.com/salesiq/MEDIA_14/sound/ping_e69e7799466b7f62fc1640e8028f922d_.mp3
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 64 kbps, 44.1 kHz, JntStereo\012- data
Hash e69e7799466b7f62fc1640e8028f922d
18f9c61b71bb14679e92b774108bf8a9be40e113
c5de65925f229d445ed1e05cb7cdb239d12678e79a7196cc3411894c24fe0b76
GET /salesiq/MEDIA_14/sound/ping_e69e7799466b7f62fc1640e8028f922d_.mp3 HTTP/1.1
Host: static.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: ZGS
date: Sat, 05 Nov 2022 11:22:05 GMT
content-type: audio/mpeg
content-length: 31969
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=5184000, immutable
etag: "a241a34a25cb89437bd243000a91704c"
content-language: en-US
last-modified: Thu, 01 Apr 2021 05:42:19 GMT
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: 5f9ec189fe8b233eb65842376e553951
z-origin-id: ex1-a3ae345ff318443292e94575db1a4c12
cross-origin-resource-policy: cross-origin
content-range: bytes 0-31968/31969
X-Firefox-Spdy: h2
salesiq.zohopublic.in/visitor/v2/inspiriondigitalsolutions/conversations?avuid=9953cd6a-aa3b-4d84-b3cc-f2a5ac9ef8f3&app_id=e6d5bcb350039d5ac5464d030f592da251e98963d8b1ccd7
169.148.148.66200 0 B URL HTTP/1.1 salesiq.zohopublic.in/visitor/v2/inspiriondigitalsolutions/conversations?avuid=9953cd6a-aa3b-4d84-b3cc-f2a5ac9ef8f3&app_id=e6d5bcb350039d5ac5464d030f592da251e98963d8b1ccd7
IP 169.148.148.66:0
ASN #56201 Zoho Corporation Pvt. Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /visitor/v2/inspiriondigitalsolutions/conversations?avuid=9953cd6a-aa3b-4d84-b3cc-f2a5ac9ef8f3&app_id=e6d5bcb350039d5ac5464d030f592da251e98963d8b1ccd7 HTTP/1.1
Host: salesiq.zohopublic.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-siq-channel
Referer: https://www.erabahrain.net/
Origin: https://www.erabahrain.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: ZGS
Date: Sat, 05 Nov 2022 11:22:06 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: 1f2feb5d84=8d59d4d1586c6e22c5880421d5a5b649; Path=/
X-Content-Type-Options: nosniff
Encoding: UTF-8
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors 'self' https://integration-qa.gofrugalretail.com https://integration.gofrugal.com
Access-Control-Allow-Headers: Content-Type,X-SIQ-Channel
Access-Control-Allow-Origin: https://www.erabahrain.net
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Strict-Transport-Security: max-age=63072000
salesiq.zohopublic.in/inspiriondigitalsolutions/userimg/57825000000165289/photo.ls?nocache=1&nps=202
169.148.148.66202 0 B URL HTTP/1.1 salesiq.zohopublic.in/inspiriondigitalsolutions/userimg/57825000000165289/photo.ls?nocache=1&nps=202
IP 169.148.148.66:0
ASN #56201 Zoho Corporation Pvt. Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /inspiriondigitalsolutions/userimg/57825000000165289/photo.ls?nocache=1&nps=202 HTTP/1.1
Host: salesiq.zohopublic.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 202
Server: ZGS
Date: Sat, 05 Nov 2022 11:22:06 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 0
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Set-Cookie: 1f2feb5d84=8d59d4d1586c6e22c5880421d5a5b649; Path=/
LS_CSRF_TOKEN=dc5709a0-4ad2-4163-92eb-145720fdb908;path=/;SameSite=None;Secure;priority=high
_zcsr_tmp=dc5709a0-4ad2-4163-92eb-145720fdb908;path=/;SameSite=Strict;Secure;priority=high
Cache-Control: max-age=31536000
Pragma: cache
Expires: Sun, 5 Nov 2023 16:52:06 IST
Content-Security-Policy: frame-ancestors 'self' https://integration-qa.gofrugalretail.com https://integration.gofrugal.com
Access-Control-Allow-Origin: *
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
css.zohocdn.com/salesiq/images/cw/siq_bot_14a50b142909e8b828027c61107d1af6_.svg
185.20.209.147200 OK 1.7 kB URL HTTP/2 css.zohocdn.com/salesiq/images/cw/siq_bot_14a50b142909e8b828027c61107d1af6_.svg
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d106677b670efa98c9b8e6bbe78766cf
4cb1186fffa2992bfa77b1b0cc3536d773c04348
289354fb3d3ebaebdd04872f4b0d5c966c9f85f1c998a12288c5b52e0f99414a
GET /salesiq/images/cw/siq_bot_14a50b142909e8b828027c61107d1af6_.svg HTTP/1.1
Host: css.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://css.zohocdn.com/salesiq/styles/newembedtheme_558bf05f672cf235b93c3ace5e2b13a3_.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:06 GMT
content-type: image/svg+xml
content-length: 1707
x-content-type-options: nosniff
x-xss-protection: 1
etag: "d106677b670efa98c9b8e6bbe78766cf"
content-language: en-US
last-modified: Wed, 03 Jun 2020 01:43:13 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
cache-control: public, max-age=7776000, must-revalidate, proxy-revalidate
timing-allow-origin: *
x-cache: HIT
nb-request-id: 347c884641b742338a1d9be130ff79f5
z-origin-id: ex1-5f636ec00f80b71736870e03
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
js.zohocdn.com/zohosecurity/v5_0/js/security-html-sanitizer.min.js
185.20.209.147200 OK 11 kB URL HTTP/2 js.zohocdn.com/zohosecurity/v5_0/js/security-html-sanitizer.min.js
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type ASCII text, with very long lines (27512)
Hash 16e09f706d00343e3265b1dd7a230dd5
a36eea1eb727eeabb2936aa1e581cc544d5b780c
ad61440a00c80f500ab8428fdd354301cf6c31839c9d7a377a91923ddc69cfda
GET /zohosecurity/v5_0/js/security-html-sanitizer.min.js HTTP/1.1
Host: js.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:06 GMT
content-type: application/javascript;charset=UTF-8
content-length: 10688
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "16e09f706d00343e3265b1dd7a230dd5"
content-language: en-US
last-modified: Thu, 26 Aug 2021 06:14:01 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: bc0abcc9048c69132298ee5c348d8f58
z-origin-id: ex1-6f99957a72a34ecca487b23fce31cd57
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
js.zohocdn.com/zohosecurity/v5_0/js/security-url-validator.min.js
185.20.209.147200 OK 2.6 kB URL HTTP/2 js.zohocdn.com/zohosecurity/v5_0/js/security-url-validator.min.js
IP 185.20.209.147:0
ASN #41913 Computerline GmbH
File type ASCII text, with very long lines (5439)
Hash 3904d1666958afd66ede81e6a18aba4b
c42c5068a3323e151dffb66c241ee6af12c11c04
f6887368993764b1c968676bbed273e6d076b8b958f68927628a918d0f1981be
GET /zohosecurity/v5_0/js/security-url-validator.min.js HTTP/1.1
Host: js.zohocdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ZGS
date: Sat, 05 Nov 2022 11:22:06 GMT
content-type: application/javascript;charset=UTF-8
content-length: 2641
x-content-type-options: nosniff
x-xss-protection: 1
cache-control: public, max-age=7776000, immutable
etag: "3904d1666958afd66ede81e6a18aba4b"
content-language: en-US
last-modified: Thu, 26 Aug 2021 06:14:01 GMT
content-encoding: br
access-control-expose-headers: *
access-control-allow-origin: *
vary: Accept-Encoding
strict-transport-security: max-age=15768000
timing-allow-origin: *
x-cache: HIT
nb-request-id: bc6a60be0321e6ff57aac8207ba762f1
z-origin-id: ex1-b4beefc9cc87451abc0ed2ca9ca8d5f4
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
X-Firefox-Spdy: h2
salesiq.zohopublic.in/visitor/v2/inspiriondigitalsolutions/conversations?avuid=9953cd6a-aa3b-4d84-b3cc-f2a5ac9ef8f3&app_id=e6d5bcb350039d5ac5464d030f592da251e98963d8b1ccd7
169.148.148.66200 115 B URL HTTP/1.1 salesiq.zohopublic.in/visitor/v2/inspiriondigitalsolutions/conversations?avuid=9953cd6a-aa3b-4d84-b3cc-f2a5ac9ef8f3&app_id=e6d5bcb350039d5ac5464d030f592da251e98963d8b1ccd7
IP 169.148.148.66:0
ASN #56201 Zoho Corporation Pvt. Ltd
File type JSON data\012- , ASCII text, with no line terminators
Hash 9269bb56e28c3923e8b6562680bde8a3
126884445416f25650e74f3b0102b80bc1cd9e94
ae4aa277b12ab85bb73734516899bcb939e04d09828df1e421fe8d0517892497
GET /visitor/v2/inspiriondigitalsolutions/conversations?avuid=9953cd6a-aa3b-4d84-b3cc-f2a5ac9ef8f3&app_id=e6d5bcb350039d5ac5464d030f592da251e98963d8b1ccd7 HTTP/1.1
Host: salesiq.zohopublic.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-SIQ-Channel: website
Origin: https://www.erabahrain.net
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: ZGS
Date: Sat, 05 Nov 2022 11:22:06 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 115
Connection: keep-alive
X-Content-Type-Options: nosniff
Encoding: UTF-8
X-XSS-Protection: 1
Set-Cookie: 1f2feb5d84=c789abda38a6206a825dce83c9cd8177; Path=/
LS_CSRF_TOKEN=c47c03ce-50bd-4d3c-85f4-07ec56b8960f;path=/;SameSite=None;Secure;priority=high
_zcsr_tmp=c47c03ce-50bd-4d3c-85f4-07ec56b8960f;path=/;SameSite=Strict;Secure;priority=high
Content-Security-Policy: frame-ancestors 'self' https://integration-qa.gofrugalretail.com https://integration.gofrugal.com
Access-Control-Allow-Headers: Content-Type,X-SIQ-Channel
Access-Control-Allow-Origin: https://www.erabahrain.net
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
ETag: -82513527
Content-Language: en-US
Strict-Transport-Security: max-age=63072000
criteo-partners.tremorhub.com/sync?UICR=k-HjDmt1nnmdrnbFDjem0TjoLmDdPniIgDFeaE4A
44.197.31.165200 OK 7.8 kB URL HTTP/2 criteo-partners.tremorhub.com/sync?UICR=k-HjDmt1nnmdrnbFDjem0TjoLmDdPniIgDFeaE4A
IP 44.197.31.165:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 286029b2683daa1cd630b74404d5b1da
ba296abd42566076850e37daa3409bb16287c504
f9f7bca81a88b6942d6d25e6fd20766169f896fd49166e93e813762bf76f67f4
GET /sync?UICR=k-HjDmt1nnmdrnbFDjem0TjoLmDdPniIgDFeaE4A HTTP/1.1
Host: criteo-partners.tremorhub.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:05 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.3
192.124.249.32200 OK 0 B URL HTTP/2 www.erabahrain.net/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.3
IP 192.124.249.32:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.5.3 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript
content-length: 91493
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:10 GMT
etag: "f80ff3-5b06f-5e593fa8c3880-br"
vary: Accept-Encoding
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_error=3
178.250.0.163200 OK 0 B URL HTTP/2 dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_error=3
IP 178.250.0.163:0
GET /dis/rtb/google/cookiematch.aspx?id=&CriteoUserId=k-KCsL4VnnmdrnbFDjem0TjoLmDdOduzK-xims3g&google_error=3 HTTP/1.1
Host: dis.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
timing-allow-origin: *
server-processing-duration-in-ticks: 335008
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontawesome/webfonts/fa-solid-900.woff2
192.124.249.32200 OK 0 B URL HTTP/2 www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontawesome/webfonts/fa-solid-900.woff2
IP 192.124.249.32:0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/wpresidence_381/css/fontawesome/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.erabahrain.net/wp-content/themes/wpresidence_381/css/fontawesome/css/all.css?ver=6.1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: font/woff2
content-length: 79444
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "fa0eb3-13654-5e593faaabd00"
vary: Accept-Encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
dynamic.criteo.com/js/ld/ld.js?a=97957
178.250.0.147200 OK 0 B URL HTTP/2 dynamic.criteo.com/js/ld/ld.js?a=97957
IP 178.250.0.147:0
GET /js/ld/ld.js?a=97957 HTTP/1.1
Host: dynamic.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: application/javascript; charset=utf-8
server: Kestrel
cache-control: public,max-age=10800
content-encoding: br
vary: Origin, Accept-Encoding
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
178.250.6.6200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP 178.250.6.6:0
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 103446
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-9yftY1nnmdrnbFDjem0TjoLmDdN2tddMzboqHyDK2ZcIMHrG
3.66.59.30200 OK 0 B URL HTTP/2 exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-9yftY1nnmdrnbFDjem0TjoLmDdN2tddMzboqHyDK2ZcIMHrG
IP 3.66.59.30:0
GET /usersync/push?partner=criteo&partnerId=k-9yftY1nnmdrnbFDjem0TjoLmDdN2tddMzboqHyDK2ZcIMHrG HTTP/1.1
Host: exchange.mediavine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: text/html; charset=utf-8
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
cache-control: private, no-cache
set-cookie: mv_tokens=%7B%22mv_uuid%22%3A%2213708a90-5cfc-11ed-95ca-25d1000a6d9b%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Sat, 19 Nov 2022 11:22:04 GMT; Secure; SameSite=None
mv_tokens_eu-v1=%7B%22mv_uuid%22%3A%2213708a90-5cfc-11ed-95ca-25d1000a6d9b%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Sat, 19 Nov 2022 11:22:04 GMT; Secure; SameSite=None
am_tokens=%7B%22mv_uuid%22%3A%2213708a90-5cfc-11ed-95ca-25d1000a6d9b%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Sat, 19 Nov 2022 11:22:04 GMT; Secure; SameSite=None
am_tokens_eu-v1=%7B%22mv_uuid%22%3A%2213708a90-5cfc-11ed-95ca-25d1000a6d9b%22%2C%22version%22%3A%22eu-v1%22%7D; Path=/; Expires=Sat, 19 Nov 2022 11:22:04 GMT; Secure; SameSite=None
criteo=%7B%22id%22%3A%22k-9yftY1nnmdrnbFDjem0TjoLmDdN2tddMzboqHyDK2ZcIMHrG%22%2C%22version%22%3A%22criteo%22%7D; Path=/; Expires=Sat, 19 Nov 2022 11:22:04 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-3tDxwFnnmdrnbFDjem0TjoLmDdMRz7V1OItC0A
141.226.228.48200 OK 0 B URL HTTP/2 sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-3tDxwFnnmdrnbFDjem0TjoLmDdMRz7V1OItC0A
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
GET /sg/criteortb-network/1/rtb-h/?taboola_hm=k-3tDxwFnnmdrnbFDjem0TjoLmDdMRz7V1OItC0A HTTP/1.1
Host: sync-t1.taboola.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:05 GMT
x-fastly-to-nlb-rtt: 22105
access-control-allow-credentials: true
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=onetag&domain=erabahrain.net&sn=FirefoxSyncframe&so=0&topUrl=www.erabahrain.net&info=qoZryV80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3gxZFlCRnJiWGZzRkF3U2x5Y1p6d3o5Rm9lMzNyT3pSTU8xVDJiRWllYXQ&idsd=2043625115,-1255089435&cw=1&lsw=1
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=onetag&domain=erabahrain.net&sn=FirefoxSyncframe&so=0&topUrl=www.erabahrain.net&info=qoZryV80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3gxZFlCRnJiWGZzRkF3U2x5Y1p6d3o5Rm9lMzNyT3pSTU8xVDJiRWllYXQ&idsd=2043625115,-1255089435&cw=1&lsw=1
IP 178.250.0.157:0
GET /sid/json?origin=onetag&domain=erabahrain.net&sn=FirefoxSyncframe&so=0&topUrl=www.erabahrain.net&info=qoZryV80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3gxZFlCRnJiWGZzRkF3U2x5Y1p6d3o5Rm9lMzNyT3pSTU8xVDJiRWllYXQ&idsd=2043625115,-1255089435&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?topUrl=www.erabahrain.net&origin=onetag
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:03 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 847075
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/config.js?sdkid=CC5NI1RC77UBH2MMADRG&hostname=www.erabahrain.net
23.36.79.32200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/config.js?sdkid=CC5NI1RC77UBH2MMADRG&hostname=www.erabahrain.net
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
GET /i18n/pixel/config.js?sdkid=CC5NI1RC77UBH2MMADRG&hostname=www.erabahrain.net HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 202211051122031F5B064C149FC86515A7
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60459c918a449af51d55daa38da0f8465b37c68b021be14b3fb4371b9a5b962a46e2cf9a0a39a4adb6c5c2b09ff81f37abc21b0948406250a504c1c7011c767e36
content-encoding: gzip
expires: Sat, 05 Nov 2022 11:22:03 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 05 Nov 2022 11:22:03 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
vary: Accept-Encoding
set-cookie: _ttp=2H7sBpsKccgXCKeNTuV1CGcAm5G; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=102
x-origin-response-time: 102,23.36.79.28
x-akamai-request-id: 1c879d7d
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Marcellus%3A400&ver=1666619866
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Marcellus%3A400&ver=1666619866
IP 142.250.74.10:0
GET /css?family=Marcellus%3A400&ver=1666619866 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 05 Nov 2022 11:22:02 GMT
date: Sat, 05 Nov 2022 11:22:02 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.erabahrain.net/wp-content/uploads/2022/06/web-logo-color-01.png
192.124.249.32200 OK 0 B URL HTTP/2 www.erabahrain.net/wp-content/uploads/2022/06/web-logo-color-01.png
IP 192.124.249.32:0
GET /wp-content/uploads/2022/06/web-logo-color-01.png HTTP/1.1
Host: www.erabahrain.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.erabahrain.net/qco/u1J/QMU/wHZ/uY3UPll.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 05 Nov 2022 11:22:02 GMT
content-type: image/png
content-length: 15725
x-sucuri-id: 19032
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
last-modified: Sat, 06 Aug 2022 15:10:12 GMT
etag: "f6419c-3d6d-5e593faaabd00"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-sucuri-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=0
178.250.0.163200 OK 0 B URL HTTP/2 dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=0
IP 178.250.0.163:0
GET /dis/rtb/appnexus/cookiematch.aspx?appnxsid=0 HTTP/1.1
Host: dis.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 05 Nov 2022 11:22:04 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
cross-origin-resource-policy: cross-origin
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
timing-allow-origin: *
server-processing-duration-in-ticks: 524979
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2