r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ad598540c6639aaaa344fb3ce4f3162f
b0b9f86d50de7dc23bdc7aee2f45d79a06165afc
4e9aaff330ce0c9c11f6bb8502fe21296b1845151bace75f73908a3194d5d0a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E9AAFF330CE0C9C11F6BB8502FE21296B1845151BACE75F73908A3194D5D0A1"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6982
Expires: Sat, 24 Dec 2022 15:23:45 GMT
Date: Sat, 24 Dec 2022 13:27:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7e300ca7d2d586dd1ca0c185ef6b0da5
3914cfd3b7aa6e1d1117bf509319479e489ed2a4
91c8810ad137faf4393f7d15f9c619c06d124a7aaebfa21290dca614db2c7757
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91C8810AD137FAF4393F7D15F9C619C06D124A7AAEBFA21290DCA614DB2C7757"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4635
Expires: Sat, 24 Dec 2022 14:44:38 GMT
Date: Sat, 24 Dec 2022 13:27:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 24 Dec 2022 12:34:53 GMT
content-type: application/json
age: 3150
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f7f0ad5c2841a345f98197c2f1e86f4d
84cbfd91934a8715baba4a2da46451f35597c99c
be30540f2e06a3565c9b38bdbb9691f707d692b196bdcef5d671708aa9609795
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE30540F2E06A3565C9B38BDBB9691F707D692B196BDCEF5D671708AA9609795"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13400
Expires: Sat, 24 Dec 2022 17:10:43 GMT
Date: Sat, 24 Dec 2022 13:27:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: t6svWQDHvw6tKdvQxU+M3ZBy/uywbJiBrw2Nl0RVQ+YlfcpxSyq39QRVUoKkpN0YD789276uhPe88WKZhTu7GA==
x-amz-request-id: DMNQYJXB9QSD7CDA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 24 Dec 2022 12:54:28 GMT
age: 1975
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
seemyvideo.realgirl.click/
66.29.132.67301 Moved Permanently 707 B URL HTTP/1.1 seemyvideo.realgirl.click/
IP 66.29.132.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: seemyvideo.realgirl.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sat, 24 Dec 2022 13:27:23 GMT
server: LiteSpeed
location: https://seemyvideo.realgirl.click/
x-turbo-charged-by: LiteSpeed
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 13:27:23 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 24 Dec 2022 13:08:04 GMT
age: 1159
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 851ee89e71fcfcad49155e16918f55f7
23b83fb183033ce93e572df368b7d0d0c88db564
ed56916a5252494d73e7c05e5978fc3d3a86ad428049513c2c610f6b46874bae
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 13:27:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 14:19:09 GMT
Expires: Fri, 30 Dec 2022 14:19:08 GMT
Etag: "23b83fb183033ce93e572df368b7d0d0c88db564"
Cache-Control: max-age=520904,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77e9ac948e08b4f1-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d7938ab2263405a708c44813f3e16cb8
3ba9f4363ecc2834ea1211f761ce2d04e0077ab3
8a8ef4218bcd8ecb1f12ecdb74f3f453a7093be8dd3c233615577dcc9b40fa92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 851
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 13:27:23 GMT
Last-Modified: Sat, 24 Dec 2022 13:13:12 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
seemyvideo.realgirl.click/
66.29.132.67200 OK 231 B URL HTTP/2 seemyvideo.realgirl.click/
IP 66.29.132.67:0
File type HTML document, ASCII text
Hash 5833f1b361fb4d6aead301775890e433
4e722a907c8891fe00c0ead63e3015e72e70534f
5738dfef861f1d23678788a09160641a7065f893fe95ad0f96a217b9211122d3
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: seemyvideo.realgirl.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html
last-modified: Thu, 22 Dec 2022 18:29:00 GMT
accept-ranges: bytes
content-length: 231
date: Sat, 24 Dec 2022 13:27:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.89.217.163101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.217.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yXgTo9uRvRC32P+6QKuSZQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kW/8qQgTFyyj5AFXGDTbAaJt/LI=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8e864ba3c20fd92bd43e7d8a5f1a62a6
e2ad34673751bbdd93428184b48006ba88a18196
38bdef78935a7b3863b2d85acd18ae4743a1fdfd7b235b20189943ba881aea5f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "38BDEF78935A7B3863B2D85ACD18AE4743A1FDFD7B235B20189943BA881AEA5F"
Last-Modified: Fri, 23 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 24 Dec 2022 19:27:24 GMT
Date: Sat, 24 Dec 2022 13:27:24 GMT
Connection: keep-alive
bdabjdi.naughtymets.com/s/6211a7f91b00d
178.162.199.80200 OK 2.0 kB URL HTTP/1.1 bdabjdi.naughtymets.com/s/6211a7f91b00d
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 7d772eb21b54fdfff439ebb3428382bb
ed4ed4ef8f459c0461a23889e45c4d51b43bda17
58d160a629d750bc23bbdfcdaaf0baed582a5a232e9d04f51f99bc42a07ce650
Analyzer Verdict Alert fortinet Phishing
GET /s/6211a7f91b00d HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seemyvideo.realgirl.click/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D; expires=Sun, 25-Dec-2022 13:27:24 GMT; Max-Age=86400; path=/; domain=naughtymets.com
SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtymets.com
ESID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtymets.com
Content-Encoding: gzip
bdabjdi.naughtymets.com/bundle/544/assets/css/style.css
178.162.199.80200 OK 8.8 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/css/style.css
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with CRLF line terminators
Hash 77352f8f4e8467b5c0e6125f19e8768f
c629fc401f21d0ed0db3e62203fdf8fb73072c34
9fdc6a148b0f54172e66dd9ab55889edea7df4df44d8a403df4d14874e0d5e79
GET /bundle/544/assets/css/style.css HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: text/css
Content-Length: 8803
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
Vary: Accept-Encoding
ETag: "61b8bf1f-2263"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 4d98b3a26195b76832941945722cf6be
4faf15fb121f1c6253d96e90af88c6868c70060f
1f2dda38b8dc1a778e963a011b70685ba1791f6fb490cd4418484294f7926a09
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6357
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 13:27:25 GMT
Last-Modified: Sat, 24 Dec 2022 11:41:28 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278
bdabjdi.naughtymets.com/bundle/544/assets/js/functions.js
178.162.199.80200 OK 731 B URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/js/functions.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with CRLF line terminators
Hash 604d251f59390c2d2954a3e6b878cdf9
21c5dacc0df7b9024cdcd319f87fb999b4e3b696
787c04f40c52c71c63bffa8e8754f312ac366f51ee0a1a2266bd73678b0b39c4
Analyzer Verdict Alert fortinet Phishing
GET /bundle/544/assets/js/functions.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 731
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:24 GMT
Vary: Accept-Encoding
ETag: "61b8bf20-2db"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/js/click.js?8
178.162.199.80200 OK 5.3 kB URL HTTP/1.1 bdabjdi.naughtymets.com/js/click.js?8
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
Hash 8207d083c909c6386927c5197eff584c
a5f1148a0e9923191d3f8ed4c1750240374af2a9
f71ae9723255b00dcc8e3631fe419cbbb56a80b3034f184ca5292127d7b3eea9
GET /js/click.js?8 HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 5260
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 12:52:41 GMT
Vary: Accept-Encoding
ETag: "63a5a499-148c"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/544/assets/js/jquery.min.js
178.162.199.80200 OK 87 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/js/jquery.min.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (32058)
Hash c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Analyzer Verdict Alert fortinet Phishing
GET /bundle/544/assets/js/jquery.min.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 86659
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:25 GMT
Vary: Accept-Encoding
ETag: "61b8bf21-15283"
Accept-Ranges: bytes
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
104.18.11.207200 OK 25 kB URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (65324)
Hash 2efc50f9c8bb8bd7376169a7b4e4b8f7
eaa2ee2cb16530d631fd637a450d1ed0877dd221
9755f04f63c08d18b6aa68fa74ad2bf232335e3cb989d2b7575efe913257026c
GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bdabjdi.naughtymets.com
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Dec 2022 13:27:25 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"a15c2ac3234aa8f6064ef9c1f7383c37"
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 08/15/2022 13:52:49
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 14e04e76cdc966cceb98988d996f3cd1
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77e9ac9d8b99fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bdabjdi.naughtymets.com/bundle/544/assets/js/bootstrap.min.js
178.162.199.80200 OK 58 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/js/bootstrap.min.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (57791)
Hash e1d98d47689e00f8ecbc5d9f61bdb42e
6778fed3cf095a318141a31f455c8f4663885bde
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
Analyzer Verdict Alert fortinet Phishing
GET /bundle/544/assets/js/bootstrap.min.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 58072
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:24 GMT
Vary: Accept-Encoding
ETag: "61b8bf20-e2d8"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/544/assets/images/23592236.webp
178.162.199.80200 OK 13 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/images/23592236.webp
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 600x850, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e6d3810834ac9b1acdfa15d2221135af
03a49668e020ae0b2123c1da426f63b678c13ba3
a16cd9ba0e94d70cd56d6ed01a6c918ae90d47651b9ad11f16097a24410aef05
Analyzer Verdict Alert fortinet Phishing
GET /bundle/544/assets/images/23592236.webp HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/webp
Content-Length: 13110
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
ETag: "61b8bf1f-3336"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/544/assets/images/23623572.webp
178.162.199.80200 OK 9.7 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/images/23623572.webp
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 600x850, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3fafdbbfb28989e6011a49fcc7d269fc
6baa82c199322cb1e6460e911c51b03ba9c601de
ce102ab44ba3181db8a99c384dbfc4be7e177ef3020ea6736377d35d9ab0f6db
Analyzer Verdict Alert fortinet Phishing
GET /bundle/544/assets/images/23623572.webp HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/webp
Content-Length: 9698
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
ETag: "61b8bf1f-25e2"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/544/assets/images/23695857.webp
178.162.199.80200 OK 18 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/images/23695857.webp
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 600x850, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash eab53105ffbbbc0a7065c4080435e443
7624e928909d8f5fc2aa8f4349ad8e8d225c4212
193fc92167dc889d65b8320225bc1dab67c29d583ec6a0cbfd27f842cb712ca0
Analyzer Verdict Alert fortinet Phishing
GET /bundle/544/assets/images/23695857.webp HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/webp
Content-Length: 17626
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
ETag: "61b8bf1f-44da"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/544/assets/images/22535598.webp
178.162.199.80200 OK 28 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/images/22535598.webp
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 600x850, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0494d3a33c5efab1dfee492f406b74b2
cad892595a3165bab87b21187702b5009529b6a6
ae74086142c700112bb19f1e1dd9ef660e5269721b70a9c2fd7d220ddc90a8b9
Analyzer Verdict Alert fortinet Phishing
GET /bundle/544/assets/images/22535598.webp HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/webp
Content-Length: 28204
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
ETag: "61b8bf1f-6e2c"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/544/assets/images/24513351.gif
178.162.199.80200 OK 842 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/images/24513351.gif
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type GIF image data, version 89a, 197 x 350\012- data
Size 842 kB (842292 bytes)
Hash e5ed941db0c6a1abd2d72896119505c4
39111ab9674fa8703ff3a5b47fb1cee50eca1143
08f0879155859c61691fd95893277524547a20e24e9541b69f50b5336719b103
GET /bundle/544/assets/images/24513351.gif HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/gif
Content-Length: 842292
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:24 GMT
ETag: "61b8bf20-cda34"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/js/fp2.min.js
178.162.199.80200 OK 31 kB URL HTTP/1.1 bdabjdi.naughtymets.com/js/fp2.min.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (30507)
Hash e7d6b85edb141824af8951e19333337c
76600b2cb1978ca24d9fe39b1412f052da855ddb
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e
Analyzer Verdict Alert fortinet Phishing
GET /js/fp2.min.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D; CF=w/o3jmGLL5t8AZe37dt9nQ__
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 30685
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 12:52:41 GMT
Vary: Accept-Encoding
ETag: "63a5a499-77dd"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d90b80ebad103c48c3043c8d5e4c3ca
ab36c9309ce13b2a3d075461c2445f76bfc582aa
2287a6db0a6a58c570930c1f94c3b36d7acf383b26cdfa42261eb254598fa7c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7669
x-amzn-requestid: 4b35e79d-21c8-48d7-b11b-44bd820e29d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnROG4UoAMFZdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f3a-765739ad7e9063781ccb12b2;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:35:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lhQA2yVBNtJ04goTms0KXhX6Q4v86TEe4EUioQs3eJzzMsCxbVmykw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:39:58 GMT
age: 56847
etag: "ab36c9309ce13b2a3d075461c2445f76bfc582aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ebee3d-1399-4100-87ce-23d8990b97d2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ebee3d-1399-4100-87ce-23d8990b97d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 33d7fa2f0af62e65eb23c36297749038
d28362f2babfde4ca02f309b80be75bfc520de9a
070da72e06d4492a954b130ff6bef5ca5fd625f0fcfee81e801ef26a03d07e2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ebee3d-1399-4100-87ce-23d8990b97d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7478
x-amzn-requestid: b9f7f6d8-fada-45fd-80a7-3ac122dae6fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnoYlEbVIAMF_lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a62103-15601045320b166c295d24d2;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:43:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1lxJbDYXaWwexDy9roJuh8FUu85Vi7qHtkZYBze8SbE2dWCCxH7duw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:49:01 GMT
age: 56304
etag: "d28362f2babfde4ca02f309b80be75bfc520de9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38cc82b5e5d8c2fee6f51021e156ec81
eafb4e029313caabcdbdc1002abcab95f66e91b1
b8cad011e1a98ee4e896f00263495aab7f9cab986736a7a5b4187b8e94c46493
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11939
x-amzn-requestid: a00e5ab5-ad16-4576-b046-381e36456998
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dkUhqE94oAMFu5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a4ce0a-28687ad51eea1f6f3ce8cc86;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 21:37:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uIDvI3BVK0v68x1jkgw9GB0U1i3l2kyW81q2Kiy3ZDREqQmyUTXCnQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:38:32 GMT
age: 56933
etag: "eafb4e029313caabcdbdc1002abcab95f66e91b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46c838f6-5365-43bb-981e-8ddefc5f3f14.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46c838f6-5365-43bb-981e-8ddefc5f3f14.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2d4cf077d410b94f1326e942304f9e9b
98fb13feecfada3cc8b467aa48d7cdf1ed8ab001
ec82cd83bfd4da849888b0535c9764cd4d462ef9e12c5934512858375908dfe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46c838f6-5365-43bb-981e-8ddefc5f3f14.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5659
x-amzn-requestid: bc225a93-868b-42d4-aa94-c8fa16ef2c64
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dk33gHUqIAMFg1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a50696-7710727f0f086a791a0e7939;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 01:38:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Es7YaIRVfiybyKGY41ZE5UYSN0bfn6LmOUqcYZASi9QsXQqR9NSwTA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 07:07:36 GMT
age: 22789
etag: "98fb13feecfada3cc8b467aa48d7cdf1ed8ab001"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e532075-b8a0-41ff-8f08-8512cbb1b3d4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e532075-b8a0-41ff-8f08-8512cbb1b3d4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3071a834e874a992c3b14f7a3f91b30f
559014c7e6e5019097b7da8b3a820a80a1f55b6c
4f8e29303936b4168f0ad765d8a2773a7247f249396147f68f6f9639b1ad1208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e532075-b8a0-41ff-8f08-8512cbb1b3d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10356
x-amzn-requestid: 32dbf731-a18f-4150-b3cd-f30d2ab3c6a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnoi1GY2oAMFesg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a62145-55a5f14a6ea6e7dc3754a8be;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:44:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DC1Eu98-ihibH4I6ZY03Af2PxBrywSyjnoJRR2N453KiYvsa6hGefw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:49:04 GMT
age: 56301
etag: "559014c7e6e5019097b7da8b3a820a80a1f55b6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a63236113546a7bfb369d741c2b76e2
737f6730f63deff51a39ef094fa1a263b91db89b
b811838126a7d3e814415c3b869f9f224361ef468c08c4c7d5e385371149263a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8078
x-amzn-requestid: 0fa11c0d-584a-4790-83fe-d10780dd6df9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnncXGjDIAMFvfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f82-452f8acd148122756a8f0230;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZsYREhlLzv_oHiB1qgGuelsC8t99SUMILEGgU42tKWeugQUU5iFgBA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:47:42 GMT
age: 56383
etag: "737f6730f63deff51a39ef094fa1a263b91db89b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bdabjdi.naughtymets.com/bundle/544/assets/images/favicon.png
178.162.199.80200 OK 5.5 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/544/assets/images/favicon.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Hash 30c9e792a1ad6251ab3437d7da76e293
d440c16e6948c307382f67677d3561652b26275b
312e2177186abb7f162c20d5530fd4a4462e48ec6f611f374a497e73752ad523
GET /bundle/544/assets/images/favicon.png HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D; CF=w/o3jmGLL5t8AZe37dt9nQ__
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/png
Content-Length: 5533
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:24 GMT
ETag: "61b8bf20-159d"
Accept-Ranges: bytes
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98adc653-f9a6-4ecb-ac9e-bc2f050bce18.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98adc653-f9a6-4ecb-ac9e-bc2f050bce18.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f8c72ec1e9749463326e11f003982211
a76cc3e7d6ca04b4e1d1c947c25ad10a11e9750c
afeea88b39c0fa6957e58d13562222415705d408f89583adcf428a02140abbdd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98adc653-f9a6-4ecb-ac9e-bc2f050bce18.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8691
x-amzn-requestid: e8b31f4c-cf9e-4027-ba28-86dcc5ac5190
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnRDHvSIAMF9Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f39-06c81a124ae007023d03c375;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:35:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K4yo4xbEQJQh6HZOfia0oQeSLF0UCRjP6_2utECzhCITAQIEGvGWjw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:50:48 GMT
age: 56204
etag: "a76cc3e7d6ca04b4e1d1c947c25ad10a11e9750c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2