Report - www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1

Report Overview

Visitedpublic

2024-06-23 17:49:07

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
redfiretoline.com	unknown	2024-03-31	2024-03-31 12:37:03	2024-04-18 09:46:30	1.0 kB	54 kB	172.67.180.163
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-22 18:19:57	2.0 kB	5.3 kB	23.33.119.27
www.lepouffre.com	unknown	2018-09-14	2021-03-01 20:17:46	2024-03-20 08:16:56	11 kB	133 kB	145.239.37.162
js.cdntoswitchspirit.com	unknown	2024-04-29	2024-05-06 09:41:30	2024-05-06 09:41:30	416 B	20 kB	172.67.209.227
bind.bestresulttostart.com	unknown	2024-03-04	2024-03-22 10:31:16	2024-04-26 11:17:55	424 B	15 kB	193.163.7.113
cdn.rdntocdns.com	unknown	unknown	No data	No data	1.0 kB	13 kB	45.9.149.210
rest1.rdntocdns.com	unknown	2024-05-31	2024-06-08 19:08:21	2024-06-08 19:08:22	423 B	7.4 kB	45.9.149.210

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-06-23 17:48:43	high	Client IP	193.163.7.113	ET EXPLOIT_KIT Balada Domain in TLS SNI (bestresulttostart .com)
2024-06-23 17:48:43	high	Client IP	45.9.149.210	ET EXPLOIT_KIT Balada Domain in TLS SNI (rdntocdns .com)
2024-06-23 17:48:44	high	Client IP	45.9.149.210	ET EXPLOIT_KIT Balada Domain in TLS SNI (rdntocdns .com)
2024-06-23 17:48:45	high	Client IP	45.9.149.210	ET EXPLOIT_KIT Balada Domain in TLS SNI (rdntocdns .com)
2024-06-23 17:48:45	high	Client IP	188.114.97.1	ET EXPLOIT_KIT Balada Domain in TLS SNI (specialtaskevents .com)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-06-23	medium	bestresulttostart.com	Sinkholed
2024-06-23	medium	rdntocdns.com	Sinkholed
2024-06-23	medium	rdntocdns.com	Sinkholed
2024-06-23	medium	rdntocdns.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-23	medium	bestresulttostart.com	Sinkholed
2024-06-23	medium	rdntocdns.com	Sinkholed
2024-06-23	medium	rdntocdns.com	Sinkholed
2024-06-23	medium	rdntocdns.com	Sinkholed

ThreatFox

Scan Date	Severity	Indicator	Alert
2024-06-08	medium	cdn.rdntocdns.com	Unknown malware
2024-06-08	medium	cdn.rdntocdns.com	Unknown malware

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims	ScriptElement	704 B	2023-04-07	2025-04-24
URL redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims IP / ASN 172.67.180.163 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-04-07 Last Seen 2025-04-24 Times Seen 842 Size 704 B (704 bytes) MD5 3e855977d9319fb012645fa33b4e654a SHA1 2ddb2c71d3f0373b8685b15e6cf9f66f76a96eb0 SHA256 8b3706b8ce6bb71424b9ee00e64cbe6880ed483677d6bc991a2375c55cc821ff Format Code Loading...

	redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims	ScriptElement	8.2 kB	2024-08-19	2024-08-19
URL redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims IP / ASN 172.67.180.163 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 1 Size 8.2 kB (8213 bytes) MD5 09c02104be23a9ecb431ae56b93c14db SHA1 ae9f2c7c1f38df851e389b2d091db057aca8780c SHA256 a58d84875ce369c91c0c30ed0c8aa1616f4a58ffa562bfcca3a81c9fee80d935 Format Code Loading...

	redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims	ScriptElement	203 B	2023-03-07	2025-04-24
URL redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims IP / ASN 172.67.180.163 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-04-24 Times Seen 842 Size 203 B (203 bytes) MD5 c4824c2a16d2c8bb70469ed7b8508f34 SHA1 783dcaa37fcdd311197de60f0c55ab5367be4fe2 SHA256 f97308b8745f77dc6b279dafa3f98d4e64de2f494681e452a477afaa13b4d1fb Format Code Loading...

	redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims	ScriptElement	29 kB	2023-03-07	2025-04-24
URL redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims IP / ASN 172.67.180.163 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-04-24 Times Seen 842 Size 29 kB (29317 bytes) MD5 ae7f0f1874bd3e9a6a0e9736f3307398 SHA1 f9ea5e0bc3f3f8039b7d2835e9d8aa775621b9d3 SHA256 cf8229ead2362ab9f5b9f608b9eb668414a21aca7c9bcc0c90b138415abf72cf Format Code Loading...

	redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims	ScriptElement	3.1 kB	2023-03-07	2025-04-24
URL redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims IP / ASN 172.67.180.163 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-04-24 Times Seen 842 Size 3.1 kB (3073 bytes) MD5 68e280edf3cadafe4af8ccdc8782024d SHA1 7467ad11f5f3a21a3a4e0ab8556912db67311d90 SHA256 3d8d725c431734a47f6dbbce8a3546d9490407d342cfbb48eba2eeddede260aa Format Code Loading...

HTTP Transactions (32)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-23

Last Seen2024-08-19

Times Seen25208

Size504 B (504 bytes)

MD5116d4d1edb43ea3783c92812f245f108

SHA102c09fc6450c50f5d2f7f6162fed01cf2c4bf6b8

SHA256f661a4c5b81edb82ec095d2d50b655e19536630577352b6abbfc3962adf3454c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F661A4C5B81EDB82EC095D2D50B655E19536630577352B6ABBFC3962ADF3454C"
Last-Modified: Sun, 23 Jun 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16139
Expires: Sun, 23 Jun 2024 22:17:40 GMT
Date: Sun, 23 Jun 2024 17:48:41 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-22

Last Seen2024-08-19

Times Seen34747

Size504 B (504 bytes)

MD531c219b3ac9b4615f1a78cd882995e6c

SHA11bb1aedb59500ceabd4f44ae9b7317c544084afd

SHA2566e8de7454df9b981f3c2bd8746558f3eb5c48599c66fc0f5301169c0ed42c8fe

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6E8DE7454DF9B981F3C2BD8746558F3EB5C48599C66FC0F5301169C0ED42C8FE"
Last-Modified: Sat, 22 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6434
Expires: Sun, 23 Jun 2024 19:35:56 GMT
Date: Sun, 23 Jun 2024 17:48:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-22

Last Seen2024-08-19

Times Seen18088

Size504 B (504 bytes)

MD55921b10ddbe0b24f0a8edead6ec181b2

SHA16691a5ac00a00feed5de61cd277ca741b2c29862

SHA2563c107c0a5dd06bc96ff917c92843ab276923fd751ecd5e48eefafc661b914ae2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3C107C0A5DD06BC96FF917C92843AB276923FD751ECD5E48EEFAFC661B914AE2"
Last-Modified: Sat, 22 Jun 2024 04:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3001
Expires: Sun, 23 Jun 2024 18:38:43 GMT
Date: Sun, 23 Jun 2024 17:48:42 GMT
Connection: keep-alive

www.lepouffre.com/wp-includes/css/buttons.min.css?ver=5.9.9

145.239.37.162

1.5 kB

URL HTTP

www.lepouffre.com/wp-includes/css/buttons.min.css?ver=5.9.9

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeASCII text, with very long lines (5819)

First Seen2023-04-05

Last Seen2025-08-01

Times Seen1613

Size1.5 kB (1453 bytes)

MD561acbb6ebdd2479dcb66e467e3f1d80f

SHA182f9d6c19de343cc39b2c461b4a9a97770699ec8

SHA256a263951ba358b2b766fe5e06c24a5869f2a67aeee53a4ba7d3b1f9d478fc3c34

HTTP Headers

GET /wp-includes/css/buttons.min.css?ver=5.9.9 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: text/css
content-length: 1453
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:20 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-admin/css/l10n.min.css?ver=5.9.9

145.239.37.162

686 B

URL HTTP

www.lepouffre.com/wp-admin/css/l10n.min.css?ver=5.9.9

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeASCII text, with very long lines (2442)

First Seen2023-04-05

Last Seen2025-08-05

Times Seen2969

Size686 B (686 bytes)

MD52b2ed5045b480dcfac2e6babbd2f2007

SHA19d590c9bbc4c357ccec1c8b94ffe9feeeab58d3c

SHA25686669f0412fff3ba05a09c21f077c7a9ec4d9054633216b6ce04eb3c6c57538b

HTTP Headers

GET /wp-admin/css/l10n.min.css?ver=5.9.9 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: text/css
content-length: 686
server: Apache
last-modified: Tue, 11 Dec 2018 16:13:26 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-admin/css/forms.min.css?ver=5.9.9

145.239.37.162

6.2 kB

URL HTTP

www.lepouffre.com/wp-admin/css/forms.min.css?ver=5.9.9

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeASCII text, with very long lines (25334)

First Seen2023-04-06

Last Seen2025-07-02

Times Seen84

Size6.2 kB (6211 bytes)

MD5f2035d7783548837063f378d90a39c98

SHA13cef73e0fac87074dd00498973cf9a4a23ede2f8

SHA256a56bde4ff2dfc7ae7f081828a728514e80606e1d555f58babb469050a5756630

HTTP Headers

GET /wp-admin/css/forms.min.css?ver=5.9.9 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: text/css
content-length: 6211
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:15 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-admin/css/login.min.css?ver=5.9.9

145.239.37.162

2.2 kB

URL HTTP

www.lepouffre.com/wp-admin/css/login.min.css?ver=5.9.9

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeASCII text, with very long lines (6280)

First Seen2023-04-05

Last Seen2025-07-28

Times Seen650

Size2.2 kB (2157 bytes)

MD5327c0a1e1130f01ead36730293810c1a

SHA119b8dfcca682bc85fe21fdb5e609e9c3e84728ed

SHA25638a7a5628e536d54062615d2b9b779b885facd3c488ec4b25a6ec6ec5347d0af

HTTP Headers

GET /wp-admin/css/login.min.css?ver=5.9.9 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: text/css
content-length: 2157
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:14 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1

145.239.37.162

3.3 kB

URL HTTP

www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeHTML document, Unicode text, UTF-8 text, with very long lines (620)

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size3.3 kB (3316 bytes)

MD5008f6c2f7cda64cb098a6f818bbec8bd

SHA1a61fbc11ad5e28fbf02a20cdf4c7d3dbefb01b76

SHA256f7d190750cd428a9ef96cbc8489512a65e52b86603d1cfebfb193b9ac95d31da

HTTP Headers

GET /wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:42 GMT
content-type: text/html; charset=UTF-8
server: Apache
x-powered-by: PHP/7.2
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-frame-options: SAMEORIGIN
set-cookie: wordpress_test_cookie=WP+Cookie+check; path=/; secure
wordpress_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/wp-admin
wordpress_sec_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/wp-admin
wordpress_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/wp-content/plugins
wordpress_sec_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/wp-content/plugins
wordpress_logged_in_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wordpress_logged_in_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wp-settings-0=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wp-settings-time-0=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wordpress_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wordpress_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wordpress_sec_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wordpress_sec_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wordpressuser_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wordpresspass_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wordpressuser_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wordpresspass_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
wp-postpass_c77eb791f9de4f9639be1036d92293bb=+; expires=Sat, 24-Jun-2023 17:48:42 GMT; Max-Age=0; path=/
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

145.239.37.162

4.5 kB

URL HTTP

www.lepouffre.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (11126)

First Seen2024-08-19

Last Seen2024-08-19

Times Seen2

Size4.5 kB (4515 bytes)

MD5d8eed1819eb8b4d8050ccd92ccae7d6d

SHA1d4aaa2de5af229273f78dd22ee65fe92a26a813b

SHA2565f755357c26de8bd5fcba9b1b4e5e1692d54e7e6579ab6166959526a9be28767

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 4515
server: Apache
last-modified: Sat, 06 Apr 2024 10:27:03 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9

145.239.37.162

2.4 kB

URL HTTP

www.lepouffre.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (6494), with no line terminators

First Seen2023-03-07

Last Seen2025-08-06

Times Seen22584

Size2.4 kB (2422 bytes)

MD564e89b93b02055fb75ea0913089ded0b

SHA19ccf854a6acedb27496725fa7570a670fd7bd572

SHA256a3e64300797e8078baa41dbc49e2affc1d2bedd04a470f0c929ed7fac698fbcd

HTTP Headers

GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 2422
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:19 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

145.239.37.162

32 kB

URL HTTP

www.lepouffre.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (63603)

First Seen2024-06-23

Last Seen2024-08-19

Times Seen5

Size32 kB (31658 bytes)

MD5cdc174e02bb43d53b373a65bdb07c2f3

SHA178ed052e0241476f9a66689e85ca172faa7a405a

SHA256c72cf106a7f8e6837375954b408cbba6a52e4446bbbb6ebc14101e1ba2096544

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 31658
server: Apache
last-modified: Mon, 29 Apr 2024 15:40:35 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

145.239.37.162

7.0 kB

URL HTTP

www.lepouffre.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (19111)

First Seen2023-04-05

Last Seen2025-03-01

Times Seen987

Size7.0 kB (7013 bytes)

MD51b0fe9b37e9e47e0c8919cb618792bf5

SHA15d1c1e03e3e773e572db2ad86f9771caa7286369

SHA256e20ddb9ed1fa044cb624f0253bb06b13c92ed9915063bd63a5806440c6b1ce7c

HTTP Headers

GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 7013
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:19 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-includes/js/wp-util.min.js?ver=5.9.9

145.239.37.162

705 B

URL HTTP

www.lepouffre.com/wp-includes/js/wp-util.min.js?ver=5.9.9

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (1305)

First Seen2023-03-07

Last Seen2025-08-05

Times Seen2213

Size705 B (705 bytes)

MD58637362089372427b52fa10a43d8109c

SHA16009bed674718329dce6055ab09fa95181162d81

SHA256b8e78b48acc08ce31457aff168d6fb2c814d51a8739a97693cdba585d60f5b35

HTTP Headers

GET /wp-includes/js/wp-util.min.js?ver=5.9.9 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 705
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:18 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c

145.239.37.162

1.9 kB

URL HTTP

www.lepouffre.com/wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (5655)

First Seen2023-03-07

Last Seen2025-08-05

Times Seen963

Size1.9 kB (1869 bytes)

MD57935d6e0f5c1a8dabaf92fa17cc5e513

SHA12623f058ab2e57ad10120675d941c9b78eba82e8

SHA256e5935466216a250bb06338805b32ffb19eeda9042ead790ebc6e5dda27820adb

HTTP Headers

GET /wp-includes/js/dist/hooks.min.js?ver=1e58c8c5a32b2e97491080c5b10dc71c HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 1869
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:19 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-admin/js/password-strength-meter.min.js?ver=5.9.9

145.239.37.162

621 B

URL HTTP

www.lepouffre.com/wp-admin/js/password-strength-meter.min.js?ver=5.9.9

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeASCII text, with very long lines (1088)

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5297

Size621 B (621 bytes)

MD5b2e45ac2d733c572ee0b3b5dd53c7cc0

SHA1f0d35678945439784d91ded2f48936c0396095dc

SHA256fcbe9e9ff2d1c20cab10bf43dc49914e188b44ae21f34257b4a0ef5cae90f7ac

HTTP Headers

GET /wp-admin/js/password-strength-meter.min.js?ver=5.9.9 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 621
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:16 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-admin/js/user-profile.min.js?ver=5.9.9

145.239.37.162

2.3 kB

URL HTTP

www.lepouffre.com/wp-admin/js/user-profile.min.js?ver=5.9.9

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (6067)

First Seen2023-03-07

Last Seen2025-07-02

Times Seen42

Size2.3 kB (2295 bytes)

MD5397fa1e293ed06397aa6e8eeb43c61fc

SHA15881f4e8bfec2c9b551daec3338e2203efb8ca9e

SHA256b0e9b99d170703cb961022b52ebb7fcaf216448efc08f4d8b6dd7902bb562c2b

HTTP Headers

GET /wp-admin/js/user-profile.min.js?ver=5.9.9 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 2295
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:17 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-includes/js/underscore.min.js?ver=1.13.1

145.239.37.162

7.3 kB

URL HTTP

www.lepouffre.com/wp-includes/js/underscore.min.js?ver=1.13.1

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (19034)

First Seen2023-03-07

Last Seen2025-08-05

Times Seen1890

Size7.3 kB (7316 bytes)

MD547e07d05e0e32338ed2e112d3f46cac1

SHA1331fa3259ce673bf92047a25542305242eb6f35f

SHA2564f6366518c3d992d6a9a3aee342675532822d6b1d66217df7b284bb450dbb99a

HTTP Headers

GET /wp-includes/js/underscore.min.js?ver=1.13.1 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 7316
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:19 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834

145.239.37.162

4.0 kB

URL HTTP

www.lepouffre.com/wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typedata

First Seen2023-03-07

Last Seen2025-08-05

Times Seen900

Size4.0 kB (3968 bytes)

MD567e56dc626cd9e14d5f0cef38d0c36f7

SHA10c03a4781237e2c86248b562b64e78afe3817c42

SHA25622c90613db09ef65c964b143e6adbe584b42eae85c9b7a75fa27c22b25cccb90

HTTP Headers

GET /wp-includes/js/dist/i18n.min.js?ver=30fcecb428a0e8383d3776bcdd3a7834 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript
content-length: 3968
server: Apache
last-modified: Thu, 07 Apr 2022 13:50:19 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

www.lepouffre.com/wp-admin/images/wordpress-logo.svg?ver=20131107

145.239.37.162

1.5 kB

URL HTTP

www.lepouffre.com/wp-admin/images/wordpress-logo.svg?ver=20131107

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typeSVG Scalable Vector Graphics image

First Seen2023-04-30

Last Seen2025-08-04

Times Seen4051

Size1.5 kB (1521 bytes)

MD5f34ef6259364f7ef0ccf67cd1dddc970

SHA118b563726b3d24a73552791fff91f61077ae1ec5

SHA256a0bbefd626f1e76f9245ec6c6101b679ba27412b71b32fc43eccda9db40f394b

HTTP Headers

GET /wp-admin/images/wordpress-logo.svg?ver=20131107 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.lepouffre.com/wp-admin/css/login.min.css?ver=5.9.9
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: image/svg+xml
content-length: 1521
server: Apache
last-modified: Sun, 05 Apr 2015 21:20:27 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
X-Firefox-Spdy: h2

js.cdntoswitchspirit.com/source/split.js

172.67.209.227

20 kB

URL HTTP

js.cdntoswitchspirit.com/source/split.js

IP / ASN

172.67.209.227

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (48629), with no line terminators

First Seen2024-06-02

Last Seen2024-08-19

Times Seen350

Size20 kB (19559 bytes)

MD5686a1411eb12a24f8a67880ad8acfbc6

SHA12ec72d311de460a19f4496ff7774e65f47407d7e

SHA25633defd33b886a02fd3620983a3fcf9d09b311982f44df73a6781845405ba9c40

HTTP Headers

GET /source/split.js HTTP/1.1
Host: js.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 19559
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 3809
last-modified: Sun, 23 Jun 2024 16:45:14 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UJRcXNjadXXTI59doFa%2BBkrjaNVcAyJmiVqfCRN0BHFVq3gOPX9EMEEb0EoLjBSChWt9HyxdgKE6CpyTr14AOAjs8qb6byNPXfj535Xxt1ItviIJrPQesPaMYpGiEqVgjhUsq1iC7rGinew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89864f830b0e5687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.lepouffre.com/wp-content/uploads/2021/03/icon_lepoufre.png

145.239.37.162

4.0 kB

URL HTTP

www.lepouffre.com/wp-content/uploads/2021/03/icon_lepoufre.png

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typePNG image data, 100 x 100, 8-bit colormap, non-interlaced

First Seen2024-06-23

Last Seen2024-08-19

Times Seen6

Size4.0 kB (4035 bytes)

MD57e5667bc0504abfec95128860cbce252

SHA13da14bbc67403912197b2e6e81f08255d9f1dc11

SHA2565b824a1ac388c1b924bad4374776bb6fc8567a534197cbd597b82573ba1c4888

HTTP Headers

GET /wp-content/uploads/2021/03/icon_lepoufre.png HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: image/png
content-length: 4035
server: Apache
last-modified: Fri, 10 Mar 2023 14:10:14 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
X-Firefox-Spdy: h2

www.lepouffre.com/wp-content/uploads/2021/03/icon_lepoufre.png

145.239.37.162

4.0 kB

URL HTTP

www.lepouffre.com/wp-content/uploads/2021/03/icon_lepoufre.png

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typePNG image data, 100 x 100, 8-bit colormap, non-interlaced

First Seen2024-06-23

Last Seen2024-08-19

Times Seen6

Size4.0 kB (4035 bytes)

MD57e5667bc0504abfec95128860cbce252

SHA13da14bbc67403912197b2e6e81f08255d9f1dc11

SHA2565b824a1ac388c1b924bad4374776bb6fc8567a534197cbd597b82573ba1c4888

HTTP Headers

GET /wp-content/uploads/2021/03/icon_lepoufre.png HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
DNT: 1
Connection: keep-alive
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: image/png
content-length: 4035
server: Apache
last-modified: Fri, 10 Mar 2023 14:10:14 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
X-Firefox-Spdy: h2

bind.bestresulttostart.com/scripts/statistics.js

193.163.7.113

15 kB

URL HTTP

bind.bestresulttostart.com/scripts/statistics.js

IP / ASN

193.163.7.113

#204601 Zomro B.V.

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (36986), with no line terminators

First Seen2024-06-01

Last Seen2024-08-19

Times Seen903

Size15 kB (14956 bytes)

MD567931d4afa6241cb9dcd43f372d11eb6

SHA1873e636f1e1190156d1eda637092f0ea607dc6af

SHA256f0045fac6f511f58f5aa2600ddcecc0e60bc47cda0851d856e648270b658fa61

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /scripts/statistics.js HTTP/1.1
Host: bind.bestresulttostart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 14956
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000;
X-Firefox-Spdy: h2

cdn.rdntocdns.com/rthrttu.php

45.9.149.210

6.0 kB

URL HTTP

cdn.rdntocdns.com/rthrttu.php

IP / ASN

45.9.149.210

#49447 Nice IT Services Group Inc.

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (14233), with no line terminators

First Seen2024-06-01

Last Seen2024-08-19

Times Seen1170

Size6.0 kB (6026 bytes)

MD56c899067b95977c68fc5f8501428d1bd

SHA167700832cf8e0d6f21a57dbcdb315cedf7ff9504

SHA25699c8d8e412d2f42c88eb77204937bb8e92aad289d959618e507dee5dcb7bfea6

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /rthrttu.php HTTP/1.1
Host: cdn.rdntocdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
Origin: https://www.lepouffre.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 6026
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.rdntocdns.com/rthrttu.php

45.9.149.210

6.0 kB

URL HTTP

cdn.rdntocdns.com/rthrttu.php

IP / ASN

45.9.149.210

#49447 Nice IT Services Group Inc.

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (14233), with no line terminators

First Seen2024-06-01

Last Seen2024-08-19

Times Seen1170

Size6.0 kB (6026 bytes)

MD56c899067b95977c68fc5f8501428d1bd

SHA167700832cf8e0d6f21a57dbcdb315cedf7ff9504

SHA25699c8d8e412d2f42c88eb77204937bb8e92aad289d959618e507dee5dcb7bfea6

Detections

Analyzer	Verdict	Alert
ThreatFox	malicious	Unknown malware
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /rthrttu.php HTTP/1.1
Host: cdn.rdntocdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 82
Origin: https://www.lepouffre.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Jun 2024 17:48:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 6026
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-23

Last Seen2024-08-19

Times Seen25848

Size504 B (504 bytes)

MD5fe36e270c1ecfa3891cc7b505e7894b6

SHA1ce43401e7146eb139a1e3caf7db957e6b9531dc3

SHA256bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802"
Last-Modified: Sun, 23 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10302
Expires: Sun, 23 Jun 2024 20:40:26 GMT
Date: Sun, 23 Jun 2024 17:48:44 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-23

Last Seen2024-08-19

Times Seen25848

Size504 B (504 bytes)

MD5fe36e270c1ecfa3891cc7b505e7894b6

SHA1ce43401e7146eb139a1e3caf7db957e6b9531dc3

SHA256bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802"
Last-Modified: Sun, 23 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10302
Expires: Sun, 23 Jun 2024 20:40:26 GMT
Date: Sun, 23 Jun 2024 17:48:44 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-23

Last Seen2024-08-19

Times Seen25848

Size504 B (504 bytes)

MD5fe36e270c1ecfa3891cc7b505e7894b6

SHA1ce43401e7146eb139a1e3caf7db957e6b9531dc3

SHA256bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802"
Last-Modified: Sun, 23 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10302
Expires: Sun, 23 Jun 2024 20:40:26 GMT
Date: Sun, 23 Jun 2024 17:48:44 GMT
Connection: keep-alive

www.lepouffre.com/wp-includes/css/dashicons.min.css?ver=5.9.9

145.239.37.162

40 kB

URL HTTP

www.lepouffre.com/wp-includes/css/dashicons.min.css?ver=5.9.9

IP / ASN

145.239.37.162

#16276 OVH SAS

Requested byN/A

Resource Info

File typegzip compressed data, from Unix

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size40 kB (39560 bytes)

MD5fb5f722639c844a46bb5e1f3b372c083

SHA163b4588365fceb98b286b7daf29ab36d8e484c85

SHA25678df1c133ce0474d6281194fa998cdbd6b8d2c06e8ef8c0a83cd4f70cf330e34

HTTP Headers

GET /wp-includes/css/dashicons.min.css?ver=5.9.9 HTTP/1.1
Host: www.lepouffre.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.lepouffre.com/wp-login.php?redirect_to=https://lepouffre.com/wp-admin/admin.php?page=litespeed-cache/&reauth=1
Cookie: wordpress_test_cookie=WP+Cookie+check
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:43 GMT
content-type: text/css
server: Apache
last-modified: Thu, 15 Apr 2021 06:04:51 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Sun, 23 Jun 2024 18:03:43 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

rest1.rdntocdns.com/DGC4PH?r1=www.lepouffre.com

45.9.149.210

6.7 kB

URL HTTP

rest1.rdntocdns.com/DGC4PH?r1=www.lepouffre.com

IP / ASN

45.9.149.210

#49447 Nice IT Services Group Inc.

Requested byN/A

Resource Info

File typegzip compressed data

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size6.7 kB (6681 bytes)

MD5547f70f68568d7dbcc393aadcaf89fd0

SHA11844aeb0727fa45f46a8cee58862f042cc2b61dc

SHA256918d57509d678fbe1eb6cf1d99192257f4aab539a7ccec903590fbc3936b8c19

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /DGC4PH?r1=www.lepouffre.com HTTP/1.1
Host: rest1.rdntocdns.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.lepouffre.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 23 Jun 2024 17:48:44 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: Sun, 23 Jun 2024 17:48:44 GMT
set-cookie: _subid=376l60jnfr3ad; expires=Wed, 24 Jul 2024 17:48:44 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjY2XCI6MTcxOTE2NDkyNH0sXCJjYW1wYWlnbnNcIjp7XCIxN1wiOjE3MTkxNjQ5MjR9LFwidGltZVwiOjE3MTkxNjQ5MjR9In0.lXhpF70kEadqyERzZud9QriQKUur_QhYHQ-7lhol_28; expires=Fri, 16 Dec 2078 11:37:28 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET redfiretoline.com/favicon.ico

172.67.180.163

204 No Content

0 B

URL GET HTTPS

redfiretoline.com/favicon.ico

IP / ASN

172.67.180.163

#13335 CLOUDFLARENET

Requested byhttps://redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691118

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectredfiretoline.com

Fingerprint92:4D:E3:5B:C8:7B:70:D7:F0:25:5A:6C:54:93:14:B5:1F:B4:F5:2D

ValidityWed, 29 May 2024 09:05:48 GMT - Tue, 27 Aug 2024 09:05:47 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: redfiretoline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims
Cookie: uuid=c537617b-22a3-4321-95dc-b7b48c405c33
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
date: Sun, 23 Jun 2024 17:48:46 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5985
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yWFxYUjbkl644uEh2Oa3M2yLKVBTRXQYjiUjv25C6j71yiH4OE%2B2T9nQG9R9C3u4W7Y14bXN5gVQUeuoIqgpPSix3wy1ojEPM1ncqyRCSGd5CdMocBqCHxIab%2F%2BlXqRkowIKjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89864f94bb5056be-OSL
alt-svc: h3=":443"; ma=86400

GET redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims

172.67.180.163

200 OK

53 kB

URL User Request GET HTTPS

redfiretoline.com/?p=gjswkm3bha5gi3bpha3teoi&sub2=sims

IP / ASN

172.67.180.163

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691118

Size53 kB (53036 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectredfiretoline.com

Fingerprint92:4D:E3:5B:C8:7B:70:D7:F0:25:5A:6C:54:93:14:B5:1F:B4:F5:2D

ValidityWed, 29 May 2024 09:05:48 GMT - Tue, 27 Aug 2024 09:05:47 GMT

HTTP Headers

GET /?p=gjswkm3bha5gi3bpha3teoi&sub2=sims HTTP/1.1
Host: redfiretoline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 23 Jun 2024 17:48:46 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=c537617b-22a3-4321-95dc-b7b48c405c33; expires=Tue, 23-Jul-2024 17:48:45 GMT; Max-Age=2592000; path=/; domain=redfiretoline.com
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nTDZpNRACSJ54Z%2BI2%2FxgsA1LsxzrFR5cT82P3uTQs7KXgBP5xkeTKb09eoEnMCp8SljoWksPXxYRqN%2FE1F9byxrkCDqoljJE4gbm51i3bF8Vq39YTCZRjMXiNrZZrsRcg9pE%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89864f9338bf7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2