Overview

URL fraudfyi.blogspot.com/2015_06_01_archive.html
IP216.58.207.193
ASNAS15169 Google Inc.
Location United States
Report completed2018-12-17 06:44:54 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-17 2 fraudfyi.blogspot.com/2015_06_01_archive.html Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 216.58.207.193

Date UQ / IDS / BL URL IP
2019-02-21 00:58:05 +0100
0 - 0 - 2 naked-sex-porn.blogspot.com/search/label/Chel (...) 216.58.207.193
2019-02-20 23:55:23 +0100
0 - 0 - 2 75478623785437.blogspot.no/ 216.58.207.193
2019-02-20 23:52:42 +0100
0 - 1 - 3 kang-ewin.blogspot.com/2015/05/cara-mendaftar (...) 216.58.207.193
2019-02-20 23:22:05 +0100
0 - 0 - 0 https://pokupkiali.blogspot.com/2019/02/blog- (...) 216.58.207.193
2019-02-20 20:50:52 +0100
0 - 0 - 0 countrynotebookproject.blogspot.com/2018/08/l (...) 216.58.207.193
2019-02-20 17:16:36 +0100
0 - 0 - 6 hackwithfarhan.blogspot.no/2012 216.58.207.193
2019-02-20 17:15:37 +0100
0 - 0 - 2 nude-naked-porn.blogspot.no/search/label/anna (...) 216.58.207.193
2019-02-20 11:38:46 +0100
0 - 0 - 2 akusajaboys.blogspot.no/search/label/Hunter%2 (...) 216.58.207.193
2019-02-20 11:38:41 +0100
0 - 0 - 2 akusajaboys.blogspot.no/search/label/one%20pi (...) 216.58.207.193
2019-02-20 11:35:28 +0100
0 - 0 - 2 quizparampaa.blogspot.no/search/label/clue%20 (...) 216.58.207.193

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2019-02-21 01:38:19 +0100
0 - 1 - 0 r1---sn-5uaezndl.gvt1.com/edgedl/release2/chr (...) 173.194.144.23
2019-02-21 01:38:16 +0100
0 - 2 - 0 r1---sn-q4flrnl7.gvt1.com/edgedl/release2/chr (...) 172.217.131.70
2019-02-21 01:33:35 +0100
0 - 0 - 2 hyttetomta.no/ 23.236.62.147
2019-02-21 01:32:16 +0100
0 - 2 - 0 redirector.gvt1.com/edgedl/release2/chrome/AJ (...) 216.58.209.142
2019-02-21 01:28:23 +0100
0 - 2 - 0 redirector.gvt1.com/edgedl/release2/chrome/Wn (...) 172.217.22.174
2019-02-21 01:16:46 +0100
0 - 2 - 0 redirector.gvt1.com/edgedl/release2/chrome/AN (...) 216.58.207.238
2019-02-21 01:02:14 +0100
0 - 2 - 0 redirector.gvt1.com/edgedl/release2/chrome/AJ (...) 172.217.22.174
2019-02-21 00:59:22 +0100
0 - 0 - 3 thefrenchconnection.no/ 23.236.62.147
2019-02-21 00:58:05 +0100
0 - 0 - 2 naked-sex-porn.blogspot.com/search/label/Chel (...) 216.58.207.193
2019-02-21 00:57:01 +0100
0 - 0 - 2 www.danisetiawanku.com/ 216.58.211.19

Last 1 reports on domain: fraudfyi.blogspot.com

Date UQ / IDS / BL URL IP
2018-09-27 00:24:37 +0200
0 - 0 - 1 fraudfyi.blogspot.com/2015_06_01_archive.html 216.58.207.225


JavaScript

Executed Scripts (45)


Executed Evals (0)


Executed Writes (4)

#1 JavaScript::Write (size: 0, repeated: 42) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                    

#2 JavaScript::Write (size: 306, repeated: 1) - SHA256: 264161db8a220a93a331aed7110937b464b8718881278a8ebc31384bd1cfc1bc

                                        < !doctype html > < html > < body > < script > google_sl_win = window.parent;
google_iframe_start_time = new Date().getTime();
google_async_iframe_id = "aswift_0"; < /script><script>window.parent.google_sa_impl({iframeWin: window, pubWin: window.parent, vars: window.parent['google_sv_map']['aswift_0']});</script > < /body></html >
                                    

#3 JavaScript::Write (size: 382, repeated: 1) - SHA256: ed5190be636529fe44951890e8fa47120431aae198c2f6684fd65620546c2fff

                                        < head > < meta http - equiv = "Content-Type"
content = "text/html; charset=UTF8" > < link rel = "stylesheet"
type = "text/css"
href = "https://translate.googleapis.com/translate_static/css/translateelement.css" > < /head><body scroll="no" style="margin:0px;overflow:hidden" dir="ltr" marginHeight=0 marginWidth=0 leftMargin=0 topMargin=0 border=0><div id=":1.menuBody" class="goog-te-menu"></div > < /body>
                                    

#4 JavaScript::Write (size: 1401, repeated: 1) - SHA256: 100adf5eeaa9089d17363ff0fd6029aa5e93e7e5cede785a37515547430696b7

                                        < iframe id = "google_ads_frame6"
name = "google_ads_frame6"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3901061888659765&amp;output=html&amp;adk=1812271804&amp;adf=807048394&amp;lmt=1544959173&amp;loeid=633794000&amp;plat=1%3A1081352%2C2%3A1081352%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A1048576&amp;guci=1.2.0.0.2.2.0.0&amp;format=0x0&amp;url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015_06_01_archive.html&amp;ea=0&amp;flash=10.0.45&amp;pra=5&amp;wgl=0&amp;adsid=NT&amp;dt=1545025463460&amp;bpp=1322&amp;fdt=1549&amp;idt=-M&amp;shv=r20181205&amp;cbv=r20180604&amp;saldr=aa&amp;abxe=1&amp;nras=1&amp;correlator=7495914082760&amp;frm=20&amp;pv=2&amp;ga_vid=1740976016.1545025465&amp;ga_sid=1545025465&amp;ga_hid=1003942487&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=0&amp;ady=0&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;eid=21060853%2C633794002%2C410075081&amp;oid=3&amp;rx=0&amp;eae=6&amp;fc=1936&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cs%7C&amp;abl=NS&amp;ppjl=f&amp;fu=16&amp;bc=1&amp;ifi=6&amp;uci=6.nqrf8ogo7t3o&amp;dtd=1588"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    


HTTP Transactions (103)


Request Response
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Dec 2018 05:44:18 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    54febc3c54307d4353d0e4f3919f78e4
Sha1:   a3d3730eb3f206322d02fa55bf856ce091073e01
Sha256: 04beb295eff42d5f6698c899190e06aa8b8334374b999415f86682c84f1f5de2
                                        
                                            GET /2015_06_01_archive.html HTTP/1.1 
Host: fraudfyi.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Expires: Mon, 17 Dec 2018 05:44:17 GMT
Date: Mon, 17 Dec 2018 05:44:17 GMT
Cache-Control: private, max-age=0
Last-Modified: Sun, 16 Dec 2018 11:19:33 GMT
Etag: W/"d46054643bf6cd71e83ed5a4e69da3e4fdbd4da301b9576734ad2a67b0057f27"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 58654
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   58654
Md5:    2031bcc4e5f25b89137c51b604a69acf
Sha1:   371f844e75b4231d286c9912c7b76333a90549fd
Sha256: f441e3f107c37ae0699842b7ba4ecc5051dbd6e0b08fb6d11e71b0c2a01adf59

Alerts:
  Blacklists:
    - fortinet: Phishing
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Dec 2018 05:44:18 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    d9d754520ae3340aa37cca6115eee05b
Sha1:   a0320372760d99c762cb2eb4b37f776625ef1b33
Sha256: 7dc8284c51c9a38dc1bf03bd28857ea5336e8f5c564eddbb1c9082ee43c93738
                                        
                                            GET /static/v1/widgets/2727757643-css_bundle_v2.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8674
Date: Mon, 10 Dec 2018 21:17:14 GMT
Expires: Tue, 10 Dec 2019 21:17:14 GMT
Last-Modified: Mon, 10 Dec 2018 16:30:23 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 548824
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   8674
Md5:    043de64904af0a83a4d82cc69257af69
Sha1:   8e162a7dd7c6c28e02d33252328420647db677d5
Sha256: ff59304abef0a84d13a1cd43da3a79a6b713648d572426059c201d0da0122c9a
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: fraudfyi.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: image/x-icon; charset=UTF-8
                                        
Expires: Mon, 17 Dec 2018 05:44:18 GMT
Date: Mon, 17 Dec 2018 05:44:18 GMT
Cache-Control: private, max-age=86400
Last-Modified: Sun, 16 Dec 2018 11:19:33 GMT
Etag: W/"d46054643bf6cd71e83ed5a4e69da3e4fdbd4da301b9576734ad2a67b0057f27"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 879
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   879
Md5:    c7ff55bb5e593d7fd4c5b7d1446ab537
Sha1:   d1fea0d2425768f48652b238a0191eb097b4febd
Sha256: a22275e8d5d0c649ea1f2c1145868ef798dedca876b577748e16c11a4f92d3d3
                                        
                                            GET /dyn-css/authorization.css?targetBlogID=5603057404042287247&zx=42a9355b-03f1-4c17-bc50-7c492939f590 HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: text/css; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 17 Dec 2018 05:44:18 GMT
Last-Modified: Mon, 17 Dec 2018 05:44:18 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   21
Md5:    b9afc501fc43fbea335a2dc5d43263a1
Sha1:   7290a2dd6afbf39ecfc35b52dfb32a38fc222994
Sha256: d6e425ca7840c0ab6f26f5fc2822a47e26b4a8bbd104468a9c185bc132b8662f
                                        
                                            GET /img/share_buttons_20_3.png HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/2727757643-css_bundle_v2.css

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 5080
Date: Wed, 12 Dec 2018 05:10:27 GMT
Expires: Wed, 19 Dec 2018 05:10:27 GMT
Last-Modified: Tue, 11 Dec 2018 18:21:50 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 434031
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 120 x 60, 8-bit/color RGBA, non-interlaced
Size:   5080
Md5:    ad9999106d5f550920b586e8e1704e5a
Sha1:   93fd02c51166402a41f96509cd0ca3fb917877dd
Sha256: 3829a5b2ade7cfc416c80b8f3df71e49e68672875f025d525223978f5cee3fd3
                                        
                                            GET /-07EFvex6Y74/VL1ZHI5VzzI/AAAAAAAAAe8/i4WHzevewAY/s1600/header.gif HTTP/1.1 
Host: 1.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.161
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v1f0"
Expires: Wed, 12 Dec 2018 13:38:04 GMT
Content-Disposition: inline;filename="header.gif"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 17 Dec 2018 05:44:18 GMT
Server: fife
Content-Length: 12476
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400, no-transform
Age: 0


--- Additional Info ---
Magic:  GIF image data, version 89a, 1000 x 132
Size:   12476
Md5:    9f09c99ee31a959e004592c4a25491f6
Sha1:   c87f48a9fc3ad1a4dc6644e70eb9315e671ecf19
Sha256: b989a2c21d49f9a529c33e52a47e0c20208733a1da7fd42265e1eddc5c349409
                                        
                                            GET /cse/cse.js?cx=001696415036002314930:1mq8k0bgem8 HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.164
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Location: https://cse.google.com/cse/cse.js?cx=001696415036002314930:1mq8k0bgem8
Cache-Control: private
X-Content-Type-Options: nosniff
Date: Mon, 17 Dec 2018 05:44:19 GMT
Server: sffe
Content-Length: 267
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  HTML document text
Size:   267
Md5:    8e06ee826156a43f73d1b726658c6f6f
Sha1:   4e7ff21259164a8ad33facfd25fc87174fa152e3
Sha256: 8460917d9ab29fc7e1a24a9170368ea35e8ba822a7c105eae20fe2365e598ede
                                        
                                            GET /1kt/simple/paging_dot.png HTTP/1.1 
Host: www.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 99
Date: Wed, 12 Dec 2018 05:08:15 GMT
Expires: Wed, 19 Dec 2018 05:08:15 GMT
Last-Modified: Wed, 12 Dec 2018 04:33:55 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 434164


--- Additional Info ---
Magic:  PNG image, 20 x 18, 8-bit gray+alpha, non-interlaced
Size:   99
Md5:    fcb8627989fa00c5341d05abce52eea9
Sha1:   215f7e27bcb50152a6d87444d3038746c87f1d18
Sha256: 1e3869a752d8d7cfad487a6f4e2def12daa851373a9cce97dcc4a96523501dba
                                        
                                            GET /pagead/show_ads.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Mon, 17 Dec 2018 05:44:19 GMT
Expires: Mon, 17 Dec 2018 05:44:19 GMT
Cache-Control: private, max-age=3600
Etag: 5729135955305440763
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 22290
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   22290
Md5:    d587229cd4b05feda86cac2b8723276f
Sha1:   dc4c46ad734a9b515942138141d739f763435fd6
Sha256: 645203982fef4b2003b03a078563d58568aea60974f6696a56095924b7edda36
                                        
                                            GET /js/cookienotice.js HTTP/1.1 
Host: fraudfyi.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2026
Date: Wed, 12 Dec 2018 21:29:41 GMT
Expires: Wed, 19 Dec 2018 21:29:41 GMT
Last-Modified: Wed, 12 Dec 2018 18:50:53 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 375278


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   2026
Md5:    c4e1ed83d89245089b8a1203be20a377
Sha1:   f3940e1215b89300ef97d57a25993f25243b8688
Sha256: afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
                                        
                                            GET /-iJZMDJ6fxBg/VZFNJjS-EGI/AAAAAAAABbs/VifKcyTFtqk/s320/DAVE-MAURICE-PASSPORT-USEDBYSCAMMERS.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v5bb"
Expires: Tue, 18 Dec 2018 05:44:19 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="DAVE-MAURICE-PASSPORT-USEDBYSCAMMERS.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Mon, 17 Dec 2018 05:44:19 GMT
Server: fife
Content-Length: 33668
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   33668
Md5:    e862773a474c3a14519fde5b88ccc4e9
Sha1:   7a150d549a3bb171a1e01c998212f123f47191e9
Sha256: ad46e52516f8a95dffb6e8a642fcccd7d5663b6925a26b3908e64bce62771920
                                        
                                            GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1 
Host: translate.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Date: Mon, 17 Dec 2018 05:44:19 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Language: en
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: HTTP server (unknown)
Content-Length: 728
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   728
Md5:    ec79f0598e2badc2425cb559c7432068
Sha1:   8eb8ce25e501c05f71fc1144ec677bc168e8a255
Sha256: 8752f477cc8203a9fb0be36a50c931025674b528afcda8999ed7d0606a64094e
                                        
                                            GET /pagead/js/adsbygoogle.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Mon, 17 Dec 2018 05:44:19 GMT
Expires: Mon, 17 Dec 2018 05:44:19 GMT
Cache-Control: private, max-age=3600
Etag: 2266865073180887146
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 28224
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   28224
Md5:    29df8b2db30ed21b89e571a6e39b7156
Sha1:   ba15771b5bf0e8244651558a19a23964abbe2096
Sha256: c4d66fbf75b4b96943c221d79f8734e9a38ac2d40af9c48a50ea3f74870e69de
                                        
                                            GET /gadgets/proxy?url=http://2.bp.blogspot.com/-KfMV_Y5l7q8/VZMRKnXe4VI/AAAAAAAABcg/WGcm6ajsp7k/s113/member-avatar.jpg&container=blogger&gadget=a&rewriteMime=image/* HTTP/1.1 
Host: images-blogger-opensocial.googleusercontent.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.33
HTTP/1.1 200 OK
Content-Type: image/jpeg; charset=UTF-8
                                        
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Cache-Control: public,max-age=37118
Content-Disposition: attachment;filename=p.txt
Date: Mon, 17 Dec 2018 05:44:19 GMT
Expires: Mon, 17 Dec 2018 16:02:57 GMT
Timing-Allow-Origin: *
Content-Length: 5526
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   5526
Md5:    7b88c7e1d7ae6186d120b2e96174d873
Sha1:   ebe6ffc9d9b784d29336559473a21908830a9fbe
Sha256: cff4a714327c6d21e9dcee566b774b5d14c63d509f7ad7fe8ca33b74bb542b35
                                        
                                            GET /pagead/js/r20181205/r20180604/show_ads_impl.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Mon, 17 Dec 2018 05:44:19 GMT
Expires: Mon, 17 Dec 2018 05:44:19 GMT
Cache-Control: private, max-age=1209600
Etag: 11651059295933233243
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 75629
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   75629
Md5:    dd8f7327a57b5024b7afe88267e56b35
Sha1:   a700fe67d73e1a345f46126d5ab4193ef0033887
Sha256: 53919813bb81de4065de0878d2a4c54edb7b7999f152b7cecf3338c7dc73506f
                                        
                                            GET /img/icon18_edit_allbkg.gif HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Content-Length: 162
Date: Thu, 13 Dec 2018 02:11:37 GMT
Expires: Thu, 20 Dec 2018 02:11:37 GMT
Last-Modified: Wed, 12 Dec 2018 18:50:53 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 358362
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 18 x 18
Size:   162
Md5:    c991641178ff05adf0d004298b5eafa9
Sha1:   d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
Sha256: ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
                                        
                                            GET /img/icon18_wrench_allbkg.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 475
Date: Mon, 10 Dec 2018 21:17:15 GMT
Expires: Mon, 17 Dec 2018 21:17:15 GMT
Last-Modified: Mon, 10 Dec 2018 00:47:48 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 548824
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 18 x 18, 8-bit colormap, non-interlaced
Size:   475
Md5:    f617effe6d96c15acfea8b2e8aae551f
Sha1:   6d676af11ad2e84b620cce4d5992b657cb2d8ab6
Sha256: d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b
                                        
                                            GET /static/v1/widgets/866654127-widgets.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 52255
Date: Thu, 13 Dec 2018 23:34:40 GMT
Expires: Fri, 13 Dec 2019 23:34:40 GMT
Last-Modified: Thu, 13 Dec 2018 20:18:30 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 281379
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   52255
Md5:    97e343a4b40ff6a24cb84222ad566991
Sha1:   94cebccc99333546e8a21ce78735b15a22c5364f
Sha256: 248be6fe12d43926ef170dc354a9eac67e26cf3be83fb062b418c2ca426b5ae2
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Dec 2018 05:44:20 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    09211a57a949551e156328ebe0afce86
Sha1:   af2aeab5cb5c751c1018bf150a5060ce4a7c4980
Sha256: 00ef6a8658d444dd6a8fe1c198dab90a44d4d423225a1b4c0d3131b9c72e8540
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Dec 2018 05:44:20 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    64ccd7e0f2ff543806f8a171cff3a6b6
Sha1:   9632060d007f883c5ea3cf344692d759d3429043
Sha256: 186d9d2ed67b9b867989d12ff4daa133827258cf3dca3cb62d12116a5683a0e6
                                        
                                            GET /adsid/integrator.js?domain=fraudfyi.blogspot.com HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Mon, 17 Dec 2018 05:44:20 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   104
Md5:    835dc76a57166c8b5b88275a570d1891
Sha1:   0d7e8826520cdadf8db62583b25e26149af2c8ce
Sha256: 6441b99ce0ba328cabe2ff8d6167c3ac47f8d67fc469689fd925f7b57761c333
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Dec 2018 05:44:20 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    a295201129df6ca29b18f2bc21417838
Sha1:   6d882e3a9074b1eeae51e5ec29ba2612e9c825bc
Sha256: 223e1ea37b5fabe05c1fd985d4a3ab695773cdc5e776f57c3f754cd27974b919
                                        
                                            GET /pub-config/r20160913/ca-pub-3901061888659765.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 125
Date: Mon, 17 Dec 2018 03:01:24 GMT
Expires: Mon, 17 Dec 2018 15:01:24 GMT
Last-Modified: Sun, 16 Dec 2018 21:18:44 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=43200
Age: 9776
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   125
Md5:    f80120281945bc2ccdaebc64cbad921d
Sha1:   b5c7ef140888ede182fcac94921a4eb502f07a5c
Sha256: 4cb4b9970ec5cedababe29f9a4ab00d00194bbebd2063cb117dec008b8c6982a
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Dec 2018 05:44:20 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    4dbc61d775bcaf1c594af41728897dc7
Sha1:   059d38b83e22af6c23cf90ab5f8291e099e78216
Sha256: b7d4821fae073ccf7986a427c14beb83b55a03f5b8bb24c976a34b8a013bbc18
                                        
                                            GET /img/widgets/arrow_dropdown.gif HTTP/1.1 
Host: img2.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Content-Length: 141
Date: Thu, 13 Dec 2018 03:45:57 GMT
Expires: Thu, 20 Dec 2018 03:45:57 GMT
Last-Modified: Wed, 12 Dec 2018 10:21:19 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 352703
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 13 x 10
Size:   141
Md5:    2964a07d60a4e76b299130fb1b4115f6
Sha1:   3b72dcc19f3ad685513eaba612e07e0ed495f2e1
Sha256: 28ab89f0285c48d2faed701905c185c302f2b389584a52ceaa76a91ea64dc3a7
                                        
                                            GET /cse/cse.js?cx=001696415036002314930:1mq8k0bgem8 HTTP/1.1 
Host: cse.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Mon, 17 Dec 2018 05:44:20 GMT
Server: gws
Cache-Control: private
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Expires: Mon, 17 Dec 2018 05:44:20 GMT
Set-Cookie: 1P_JAR=2018-12-17-05; expires=Wed, 16-Jan-2019 05:44:20 GMT; path=/; domain=.google.com NID=150=d-WYMO7-61kW5AYGsUsIjZWohQFcQO0uF4vpoPJPtjT40x8hACOjlKatnfaN2PA6QAjFc_k8JVe8USlAVRjwnkhqc19p92AeVwKWv2S8YLR9a85kfqswRKXGfLwiX-0v1JJs_CzEMdy_YBYq__YFbqIWXFLkTWU6vF_htGtb2MI; expires=Tue, 18-Jun-2019 05:44:20 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3411
Md5:    51499882fc112c7d573bc4b7d8f18672
Sha1:   fc8f92dc170a87275613051895cd71208d33d770
Sha256: 030ea958441da689113d5f48e53785ce255f20d56902694b2a91c551c230ff9b
                                        
                                            GET /adsid/integrator.js?domain=fraudfyi.blogspot.com HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
Timing-Allow-Origin: *
Cache-Control: private, no-cache, no-store
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Mon, 17 Dec 2018 05:44:20 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   104
Md5:    835dc76a57166c8b5b88275a570d1891
Sha1:   0d7e8826520cdadf8db62583b25e26149af2c8ce
Sha256: 6441b99ce0ba328cabe2ff8d6167c3ac47f8d67fc469689fd925f7b57761c333
                                        
                                            GET /img/widgets/subscribe-netvibes.png HTTP/1.1 
Host: img1.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 1445
Date: Wed, 12 Dec 2018 11:01:36 GMT
Expires: Wed, 19 Dec 2018 11:01:36 GMT
Last-Modified: Tue, 11 Dec 2018 14:22:32 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 412964
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 91 x 17, 8-bit colormap, non-interlaced
Size:   1445
Md5:    c52a5f4ecb6be5d7e93b23ef4122ee4e
Sha1:   4e698a5f455daf3a8ea1e219b1998079f0546716
Sha256: 71b8ad79c680b3e5d452a792c3b418b23f739a0a34005e0f37ec674f4c78cb5d
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Dec 2018 05:44:20 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    4e05178ab0f30eeec6fa73aed55c87ca
Sha1:   1480fe3241380a207dfa61a56bdde4e449b2e51f
Sha256: 019e8a5391e4dfc4bde863194c0caf74c931981cd522bfb6f92df7c878e10136
                                        
                                            GET /img/widgets/subscribe-yahoo.png HTTP/1.1 
Host: img1.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 580
Date: Mon, 10 Dec 2018 21:17:04 GMT
Expires: Mon, 17 Dec 2018 21:17:04 GMT
Last-Modified: Mon, 10 Dec 2018 00:47:48 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 548836
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 91 x 17, 8-bit colormap, non-interlaced
Size:   580
Md5:    79f602b6ac18bee79b4e2353a6674010
Sha1:   28accf82263aa1a11bb821439d4d185865662530
Sha256: bbf9b924cc32bff4738bb54d86905476349f90c8b20f748633e56f64379d553e
                                        
                                            GET /js/plusone.js HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Timing-Allow-Origin: *
Etag: "f38d4b9b9f113e574c62298d9d818c8d"
Expires: Mon, 17 Dec 2018 05:44:20 GMT
Date: Mon, 17 Dec 2018 05:44:20 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k;Domain=.google.com;Path=/;Expires=Tue, 18-Jun-2019 05:44:20 GMT;HttpOnly
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   16821
Md5:    7d51a60acef6b9b83b6af816339c8686
Sha1:   1506a157a4a890c5dd359aab74c4eb5e6255d406
Sha256: 94e379c9af01cb81e770fd98e9a22fd6fe92ce77d92cdf9553236a313b66e59b
                                        
                                            GET /cse/static/style/look/v2/default.css HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=d-WYMO7-61kW5AYGsUsIjZWohQFcQO0uF4vpoPJPtjT40x8hACOjlKatnfaN2PA6QAjFc_k8JVe8USlAVRjwnkhqc19p92AeVwKWv2S8YLR9a85kfqswRKXGfLwiX-0v1JJs_CzEMdy_YBYq__YFbqIWXFLkTWU6vF_htGtb2MI

                                         
                                         172.217.21.164
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 17 Dec 2018 05:44:20 GMT
Expires: Mon, 17 Dec 2018 05:44:20 GMT
Cache-Control: private, max-age=0
Last-Modified: Mon, 15 Oct 2018 12:00:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3112
Md5:    6ca462e982ff32c81562e772636c896d
Sha1:   e9503d159ca8b984a846c7e9645cc0a491a90946
Sha256: 53ace406162b236b974873dccf5334c42707d309f29a90efbaaf0d2f52eb12ff
                                        
                                            GET /cse/static/element/aab18d33f43dc0c3/cse_element__en.js?usqp=CAI%3D HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=d-WYMO7-61kW5AYGsUsIjZWohQFcQO0uF4vpoPJPtjT40x8hACOjlKatnfaN2PA6QAjFc_k8JVe8USlAVRjwnkhqc19p92AeVwKWv2S8YLR9a85kfqswRKXGfLwiX-0v1JJs_CzEMdy_YBYq__YFbqIWXFLkTWU6vF_htGtb2MI

                                         
                                         172.217.21.164
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 110803
Date: Wed, 12 Dec 2018 05:08:31 GMT
Expires: Thu, 12 Dec 2019 05:08:31 GMT
Last-Modified: Mon, 26 Nov 2018 14:57:13 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 434149
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   110803
Md5:    215494925405fc2f4aaf31b8b7da9042
Sha1:   d38c51ff5650cab73307b0e8a97f11f800205197
Sha256: 57f9b9c53c7739847e7917f02420e73cc2d7986b21ad56364865985068fd0ad1
                                        
                                            GET /img/icon_feed12.png HTTP/1.1 
Host: img1.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 500
Date: Wed, 12 Dec 2018 11:01:25 GMT
Expires: Wed, 19 Dec 2018 11:01:25 GMT
Last-Modified: Wed, 12 Dec 2018 08:23:41 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 412975
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 12 x 12, 8-bit colormap, non-interlaced
Size:   500
Md5:    44e7355a788fd1082deff0018883758e
Sha1:   50e3a28a44978e85d13c30522e0c71c8d0b24675
Sha256: 3cd341f37642f8a58b0fe14c2645913449c0ffe10be6ba0986275bfef29bc319
                                        
                                            GET /cse/static/element/aab18d33f43dc0c3/default+en.css HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=d-WYMO7-61kW5AYGsUsIjZWohQFcQO0uF4vpoPJPtjT40x8hACOjlKatnfaN2PA6QAjFc_k8JVe8USlAVRjwnkhqc19p92AeVwKWv2S8YLR9a85kfqswRKXGfLwiX-0v1JJs_CzEMdy_YBYq__YFbqIWXFLkTWU6vF_htGtb2MI

                                         
                                         172.217.21.164
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10178
Date: Thu, 06 Dec 2018 03:45:22 GMT
Expires: Fri, 06 Dec 2019 03:45:22 GMT
Last-Modified: Mon, 26 Nov 2018 14:57:13 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 957538
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   10178
Md5:    7d45cc6d1ebcf5b635893ad653d4a755
Sha1:   82bdcdc44903467a7f1a699c5d5f166cf1c6c736
Sha256: dca7f53816f6c39ada2a20bf481ccd2c36d756d68bc475992452f93f59d12b1e
                                        
                                            GET /img/logo-16.png HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 279
Date: Wed, 12 Dec 2018 11:02:02 GMT
Expires: Wed, 19 Dec 2018 11:02:02 GMT
Last-Modified: Wed, 12 Dec 2018 07:08:31 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 412939


--- Additional Info ---
Magic:  PNG image, 16 x 16, 8-bit/color RGBA, non-interlaced
Size:   279
Md5:    5ffecab6c722bb0adc3fce8d83b27993
Sha1:   0e59b05d3da526e82bb4f5d47c5d94e2a318dafb
Sha256: cca664ca16fde285160e80eae6ba4501c27b1dd1ce09aec1e84caa74b5baff53
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Dec 2018 05:44:21 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    da8a717338d35f49f6f501624bd4b5f8
Sha1:   c3d0fa840fbf9f5c9105cf3cedd35772034c7ae9
Sha256: 9eace32b8bdcbb7ce20dea6ea0348faf3e7b33d16a1c6d3b207e6b38acf1cb6d
                                        
                                            GET /translate_static/css/translateelement.css HTTP/1.1 
Host: translate.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3619
Date: Mon, 17 Dec 2018 05:33:01 GMT
Expires: Mon, 17 Dec 2018 06:33:01 GMT
Last-Modified: Tue, 26 Jun 2018 22:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 680
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3619
Md5:    bc8f584f2b5c7f9d76b422d2dd31dc07
Sha1:   84328284f26bbb14c2a196dbdc51ccc6fdc33d37
Sha256: 34550162ba6613152b7993d65296c454e0528312bde0dee387a59b9577733978
                                        
                                            GET /translate_static/js/element/main.js HTTP/1.1 
Host: translate.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1523
Date: Mon, 17 Dec 2018 04:47:05 GMT
Expires: Mon, 17 Dec 2018 05:47:05 GMT
Last-Modified: Mon, 22 Oct 2018 19:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 3436
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   1523
Md5:    8f458c8339acbbf57d0d1bdba74617f7
Sha1:   0607b9dc62542b3ee5656cee650a048f01f03700
Sha256: 2efd36287354e113515e4848718fe9422f8e5a871c78faebc1067d3989ee6ecc
                                        
                                            GET /element/TE_20181015_01/e/js/element/element_main.js HTTP/1.1 
Host: translate.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Length: 88399
Date: Fri, 07 Dec 2018 21:39:56 GMT
Expires: Sat, 07 Dec 2019 21:39:56 GMT
Last-Modified: Thu, 18 Oct 2018 19:00:12 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 806666
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   88399
Md5:    b3116c7233d82bf52687a693f64a5cca
Sha1:   2743717b911c49c62078b5dd862cd82cff636ca0
Sha256: ac979551fdef4010d5d9cdecbd01a4f81d0413ff278e2d2587d746aa35683e14
                                        
                                            GET /img/widgets/s_top.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/2727757643-css_bundle_v2.css

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 335
Date: Mon, 10 Dec 2018 19:43:28 GMT
Expires: Mon, 17 Dec 2018 19:43:28 GMT
Last-Modified: Mon, 10 Dec 2018 00:47:48 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 554455
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 144 x 400, 4-bit colormap, non-interlaced
Size:   335
Md5:    c4908f4189f7698dc8afdd67df8ce041
Sha1:   b6f7cd64ff84e7cedb4b8b92ceb8b9800ad7624a
Sha256: cfe1d5dd45c7f0897d769e6c95ae9036fbdc7dad76ac9ed6ce6b21a785ecd6de
                                        
                                            GET /img/widgets/s_bottom.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.blogger.com/static/v1/widgets/2727757643-css_bundle_v2.css

                                         
                                         172.217.21.137
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 172
Date: Wed, 12 Dec 2018 05:08:13 GMT
Expires: Wed, 19 Dec 2018 05:08:13 GMT
Last-Modified: Tue, 11 Dec 2018 06:31:20 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 434170
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 144 x 3, 4-bit colormap, non-interlaced
Size:   172
Md5:    a9bbd1bf495055e06e61aec7f8c1b6c4
Sha1:   491c1a006da8a9eea4f3d1bb27e5815ab66a9f45
Sha256: 91fe35689444e53c1bf3e04f24c154fa0468be9edd3c84344f9f64c2eff89eeb
                                        
                                            GET /pagead/js/r20181205/r20100101/osd.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Wed, 12 Dec 2018 05:09:31 GMT
Expires: Wed, 26 Dec 2018 05:09:31 GMT
Etag: 10366987592970477111
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 26696
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 434094
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   26696
Md5:    91a87cc2bcd9cbebc88e95671016e324
Sha1:   fdcd51c5aa00495a55a559c4fa79a812d19f1cd7
Sha256: c7ebfc575409dc9731cca912ef08a2ac5f39e40ef4d2d853ec7f45dabacdc7e1
                                        
                                            GET /pagead/html/r20181205/r20180604/zrt_lookup.html HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Vary: Accept-Encoding
Date: Wed, 12 Dec 2018 05:09:51 GMT
Expires: Wed, 26 Dec 2018 05:09:51 GMT
Etag: 12810928231326100212
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 6940
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 434076
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   6940
Md5:    d777326182433d075d044edb2f090fa9
Sha1:   6b39f197a7908fff24360fe81de0d221134a3197
Sha256: c8232f61c75ebbbe71b20c2aca70b70dcb6b65a0d35509a9ada4994a41c1976b
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.en_US.ovH4L1GQXbU.O/m=plusone,profile/rt=j/sv=1/d=1/ed=1/am=QQ/rs=AGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g/cb=gapi.loaded_0 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 66640
Date: Tue, 11 Dec 2018 07:02:53 GMT
Expires: Wed, 11 Dec 2019 07:02:53 GMT
Last-Modified: Sun, 09 Dec 2018 10:31:36 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, immutable, max-age=31536000
Age: 513694
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   66640
Md5:    e8d9655374cd3609b8b8976a8ce75213
Sha1:   835e0d03e08a723262bf1df5e75eab320628097d
Sha256: b4a52ee84e578a8cdc529dcc63c1798069c8f52a4e30da87d1fcbb206cd2506e
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-federal-bureau-of_30.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:27 GMT
Date: Mon, 17 Dec 2018 05:44:27 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3939
Md5:    3dc651ccdac6addfad5e353df81169db
Sha1:   68893e1ea7c0bd48f6daac2e17bdcd2cf9a8651c
Sha256: f73c00e652cdf4eb7481c8da8848ddb24de2042115b3eac7600f772aaef760fc
                                        
                                            GET /pagead/ads?client=ca-pub-3901061888659765&output=html&adk=1812271804&adf=807048394&lmt=1544959173&loeid=633794000&plat=1%3A1081352%2C2%3A1081352%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A1048576&guci=1.2.0.0.2.2.0.0&format=0x0&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015_06_01_archive.html&ea=0&flash=10.0.45&pra=5&wgl=0&adsid=NT&dt=1545025463460&bpp=1322&fdt=1549&idt=-M&shv=r20181205&cbv=r20180604&saldr=aa&abxe=1&nras=1&correlator=7495914082760&frm=20&pv=2&ga_vid=1740976016.1545025465&ga_sid=1545025465&ga_hid=1003942487&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=0&ady=0&biw=1159&bih=754&scr_x=0&scr_y=0&eid=21060853%2C633794002%2C410075081&oid=3&rx=0&eae=6&fc=1936&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cs%7C&abl=NS&ppjl=f&fu=16&bc=1&ifi=6&uci=6.nqrf8ogo7t3o&dtd=1588 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 17 Dec 2018 05:44:27 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 17-Dec-2018 05:59:27 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Expires: Mon, 17 Dec 2018 05:44:27 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   1011
Md5:    f43c0260a485b5e43fc91dfaec0fb42e
Sha1:   f32555928321f31bad139d721e4ec9d3931d5b58
Sha256: e028d49ba99cbcbedcd09a731a88b7fee7d5474b805c4dee6449565d1eba3f0f
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.en_US.ovH4L1GQXbU.O/m=gapi_iframes_style_slide_menu/exm=auth,plusone,profile/rt=j/sv=1/d=1/ed=1/am=QQ/rs=AGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g/cb=gapi.loaded_2 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3273
Date: Tue, 11 Dec 2018 22:44:46 GMT
Expires: Wed, 11 Dec 2019 22:44:46 GMT
Last-Modified: Sun, 09 Dec 2018 10:31:36 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, immutable, max-age=31536000
Age: 457181
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   3273
Md5:    8c50c290f6c515582c36a05bcd9d74bb
Sha1:   e0ed2a4c11c86e1005f866373fca7146d53b5f85
Sha256: a694dfb59c075d80a247eb618be3429d963739e775083e247918a8ba73e7bf5e
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-western-union-agent_30.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:28 GMT
Date: Mon, 17 Dec 2018 05:44:28 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3939
Md5:    9574c94896b3eef866d5eb392c4ce9a2
Sha1:   97bd81d07d095789dd0fb5765a262f57b9beaeb7
Sha256: 34ea2bece8d9a2997e5432f2ee736e675b30c2a2479d8412d90ae7870b6571f9
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-secretary-of-us.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:28 GMT
Date: Mon, 17 Dec 2018 05:44:28 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3934
Md5:    4205cf4a62a6d58d1de7a84bf14c227d
Sha1:   64275136635e0a6a3f5e445fae612743e79011af
Sha256: 3c01c691299f03d0bd72f07dc9e6989be9610c22c62574be47b08113b95a69a8
                                        
                                            GET /feedback/js/help/prod/service/lazy.min.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         216.58.207.195
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11314
Date: Wed, 12 Dec 2018 05:08:02 GMT
Expires: Wed, 19 Dec 2018 05:08:02 GMT
Last-Modified: Tue, 11 Dec 2018 13:52:01 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 434186
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   11314
Md5:    54d75c87660cff5630c2868e8f53579b
Sha1:   11271ab1aaa828d2a22aac04107cd7f798e77c70
Sha256: a9defc94ccdf4fe8c44ba408d839e3a5de618a9c7356a6c9ffc35631cc3d3fbe
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Fgold-scam-email-from-mr-yussif.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:28 GMT
Date: Mon, 17 Dec 2018 05:44:28 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3930
Md5:    2bef02e231a43c12a5ad605964c9e27e
Sha1:   709d3a12dff51a5e3db7b738be47f9d1c5d10b58
Sha256: dbe8e904e8d6dc4aa827511e84f722e5b2845776e64dffe5baf6a76d3ed451ae
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-nigeria-national.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:28 GMT
Date: Mon, 17 Dec 2018 05:44:28 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3935
Md5:    c110a8e0da930e4b4c6a54c8d2290edf
Sha1:   ca94d8279adf1598023902fae906d143586c3e41
Sha256: 5eebc772a01588995a11f981ea1d583c5b589ff023bf4a62bd769ab9a24f5e6f
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.en_US.ovH4L1GQXbU.O/m=auth/exm=plusone,profile/rt=j/sv=1/d=1/ed=1/am=QQ/rs=AGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g/cb=gapi.loaded_1 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 27568
Date: Tue, 11 Dec 2018 22:38:00 GMT
Expires: Wed, 11 Dec 2019 22:38:00 GMT
Last-Modified: Sun, 09 Dec 2018 10:31:36 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, immutable, max-age=31536000
Age: 457588
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   27568
Md5:    2a5f6a00dcd1010503d4fcd01cd0d71a
Sha1:   be5522f231bebe763d1a50df6a715b5a6bbf2725
Sha256: d62f5b8ab5e7dd8ff34fb500e918215c3bc913344a320b33c2ac351467bbc4cd
                                        
                                            GET /images/cleardot.gif HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.21.164
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Content-Length: 43
Date: Mon, 17 Dec 2018 05:44:28 GMT
Expires: Mon, 17 Dec 2018 05:44:28 GMT
Cache-Control: private, max-age=31536000
Last-Modified: Thu, 08 Dec 2016 01:00:57 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    fc94fb0c3ed8a8f909dbc7630a0987ff
Sha1:   56d45f8a17f5078a20af9962c992ca4678450765
Sha256: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-louis-ankrah.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:28 GMT
Date: Mon, 17 Dec 2018 05:44:28 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3932
Md5:    62a794d16feb0daeb5a3136e35954be4
Sha1:   5a6e949ef182630365953186213ce97909aed21e
Sha256: e1914af7dcc59ecb10f513832837de94d85cf860031764f3bc4e4e5c3e6f9dc3
                                        
                                            GET /images/branding/product/2x/translate_24dp.png HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://translate.googleapis.com/translate_static/css/translateelement.css

                                         
                                         216.58.207.195
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Vary: Origin
Content-Length: 1847
Date: Tue, 11 Dec 2018 21:46:34 GMT
Expires: Wed, 11 Dec 2019 21:46:34 GMT
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 460675
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 48 x 48, 8-bit/color RGBA, non-interlaced
Size:   1847
Md5:    bfa09d19aea98592c45ce0a814f0eb2c
Sha1:   5db965a451d9b6b3a5156836182abe8240d4a0de
Sha256: 5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-fake-us-soldier_30.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:28 GMT
Date: Mon, 17 Dec 2018 05:44:28 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3936
Md5:    779e78945f7881725103775d7a80b285
Sha1:   12555671fa1636ccee77961ce1d8af7b36612b24
Sha256: 0ff8f1eef4884221fb79fed56496845e80fd0337503108333b75b7f2404eb1a0
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 107
Content-Type: application/ocsp-request

                                         
                                         216.58.209.142
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   463
Md5:    a745f07feae64f370a1b53d5e77dd6f8
Sha1:   9cb7dd679c81d60729a61d76b24eda0d93e802c0
Sha256: 9828a8df1d2461c344b10536dfe3142cf69dbb65a2c1b6a14f208a26296a42f3
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Fromance-scam-email-from-greg-in-syria.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3934
Md5:    46cd16892d65fcbfd0f0b5f15a89f936
Sha1:   777bd193282321c33c7079227a9ade12fe677c59
Sha256: acd30c827c5ea76791b446a4064c15f065d75d4ba76606d0b7f40284dbe1e1f2
                                        
                                            GET /translate_a/l?client=te&alpha=true&hl=en&cb=_callbacks____0jprw9ss6 HTTP/1.1 
Host: translate.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Date: Mon, 17 Dec 2018 05:44:28 GMT
Expires: Mon, 17 Dec 2018 05:44:28 GMT
Cache-Control: private, max-age=86400
Content-Language: en
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: HTTP server (unknown)
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   920
Md5:    fafc027bb5e9200a9fb0050faec0266c
Sha1:   23311f3cd270692f01dfcc4d7dc7775ede7731a3
Sha256: 149700129681e442f0f86c338c62d3803310c43f97cea812ff292fb32595cd1d
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-western-union-mr_73.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3938
Md5:    8314b271340e787c584b4466774bc35d
Sha1:   926bc832a48929453ad8ae3c9b87efa243731393
Sha256: 5dfa566b8622b866153d7eda2dbf0d0c9cacefa33860cc77b680f2c99aac815f
                                        
                                            GET /o/oauth2/postmessageRelay?parent=http%3A%2F%2Ffraudfyi.blogspot.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: accounts.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.173
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   360
Md5:    6d9f798da7a26051e393e87c90c2e3e2
Sha1:   7cbd80ebdb180e06ef2207065c7e40be52a2c7c1
Sha256: e140078d268583e29d7edaf673ca613d04c9763b6f055fe68cfbdc9e7c3fcaf5
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-personal-assistance.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:28 GMT
Date: Mon, 17 Dec 2018 05:44:28 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3935
Md5:    b8fcd70c84de8723c87fc1f86c6cc247
Sha1:   7ca599306377860a1fc2910188e94a3370754146
Sha256: 0fe59eb579da1ea3011fe360626e7db2526a45138eec8cac2dd16ff2f5b84047
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Floan-scam-email-from-mr-bill-west.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3931
Md5:    0a97121fb4ad041a90ff78e3545c8a1f
Sha1:   c2ee9269ef4eaaecbb647e5272bbe08a936cf4f8
Sha256: a2bc918e2f67126a6422d68af3993cbc0909b6316be2ad97b29994a21862205e
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Floan-scam-email-from-dane-harley.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3931
Md5:    a5f3caeeb4cda1405f49c1d246691319
Sha1:   3cd58e10b213f623993f49d0095bc1bc09555d72
Sha256: 98b539b8202bccc3f880b37cc4638b58fd52624c910bc7fc47f14aad72c54c1c
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-dhl-dr-robert-dewar.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3938
Md5:    56ed2ab419c10d1a6133c3cecce54248
Sha1:   a462c056bae4a56586a3cb560f3c6fd89009cd0d
Sha256: 308422b4bbfd02871bd41366367bb436ffc20689fc393803c9484355031799bb
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-mr-james-comey.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3935
Md5:    2a07c42a0084b63cb9b2fdd8958f0dfb
Sha1:   9c28c15e60205407aef511c29e41655ce53ea89a
Sha256: 4808609f3ecf1d684e27427353112f0ebf1e33cc32f85fbe618713e1938d0cba
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Flottery-scam-email-from-oversea-credit.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3935
Md5:    34d27f083b9c4fa3c15033f84d1b615f
Sha1:   e8ca5dd157ca996558ab08298a1c054ae6197fb1
Sha256: 97f4d2dcd89292f27b501910448b2a83b14207740423d742beca0acce53cc9aa
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-with-fake-passport-from.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3937
Md5:    2bb0f578984c1b7b90254b465b12b69a
Sha1:   505036b497160ca4712c692e9893377de137bee2
Sha256: 2338b797b8561b1a08363e26c18142d2eaa7283384002ae85ebbb9544272c1d6
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-ups-delivering.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3933
Md5:    bfe3bf3473b7e967b73acde4c2da3873
Sha1:   9c93497743d2daef87e34898029262d7d2e86113
Sha256: 314a27f1cc40f4983ec75b1a4e1e2578612feb8d4653c77ab223d65b26eb8c0e
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-us-ambassador-mr.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3935
Md5:    2d4bcc9d1e88e9ff454228b532183c10
Sha1:   30c24f9f463c937e508ebde905d94bfcc8fb8621
Sha256: 1a409779b2557302c5829c2ac600523728e049ed678b1ca499b3564466668e87
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-director-money-gram.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3937
Md5:    04308711c649d20bbbca2d5580a5fb18
Sha1:   0fbbbcfc002791fa08c0cec121d558c50ce245b1
Sha256: 0d38bbe246b18f8c42b6afee45a6edcee5068721c316cf5ea246e4dfdf34457b
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Fphishing-alert-phishing-email-from-uba.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3931
Md5:    88f39bb9ae32eefe8fabaa9091559c4f
Sha1:   26db11875d9f6b30a2650d311ab9e302d3fd371b
Sha256: 1952fc530f9a24ad474970cf95c719ef03f142438152547103be311b8bf991dd
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-bank-of-america-ceo.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3937
Md5:    142a25db99cbbc4f0b60c04f09fc35e6
Sha1:   36b641725821e45c71e56fda0163e153976c432f
Sha256: fc06d656d364d7eb1ef8852a70135a71c3bb239ea1376ddae343b913d93ed83a
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-mrs-michelle-obama_29.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3939
Md5:    4d63db35a516194f1236661b26fef2ba
Sha1:   fb44239022c74c282a785483d3affa989283f0a5
Sha256: c72ed9d8a7947bfc4ba782f86d78859a0f14e7707a3ceb050c225fe9f23b0b51
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-western-union-mr_29.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3937
Md5:    5153839f549eb34c8f2f57b3ce026c65
Sha1:   715dfbf521680be1e4b22685d76e90620f2e287d
Sha256: 6ada55c439c7faae887a695f850b581d6bb221417a4012c00a96389d832ca66d
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-mr-joao-manson.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:29 GMT
Date: Mon, 17 Dec 2018 05:44:29 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3934
Md5:    43eb299a3f3de31cb41c235b17fe2035
Sha1:   bd48bfc5a0200ee7a733a7598a77750a00f050d7
Sha256: 12ae9eeaad5a522fa8918ec7179c6ca7521fdebf80314411883fd94441393eac
                                        
                                            GET /images/branding/product/1x/translate_24dp.png HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         216.58.207.195
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Vary: Origin
Content-Length: 825
Date: Wed, 12 Dec 2018 05:09:00 GMT
Expires: Thu, 12 Dec 2019 05:09:00 GMT
Last-Modified: Thu, 21 Apr 2016 03:17:22 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 434130
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  PNG image, 24 x 24, 8-bit/color RGBA, non-interlaced
Size:   825
Md5:    55ff382a8b09329e3230a1797eb8f5fd
Sha1:   026ae089006a674da7dcc9bf6b986c5d59e75478
Sha256: 1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-mr-robert-hamsons.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3936
Md5:    ce092e87ac61d32eb9e90e76af6235ae
Sha1:   c27600b44b877053c3278bda6b289eccc7729f04
Sha256: b9d6abc22170f182985110080f1299d5f3c18f60b3a580d608c751f147211e3e
                                        
                                            GET /translate_static/img/te_ctrl3.gif HTTP/1.1 
Host: translate.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html

                                         
                                         216.58.211.138
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Accept-Ranges: bytes
Content-Length: 1412
Date: Fri, 07 Dec 2018 20:04:24 GMT
Expires: Sat, 07 Dec 2019 20:04:24 GMT
Last-Modified: Tue, 15 Aug 2017 20:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 812406
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  GIF image data, version 89a, 84 x 19
Size:   1412
Md5:    9afe50090c0bc612953d081295eab5b1
Sha1:   71a4da2a622879c29176ecfa5afe1bbe3e8cfa40
Sha256: d228d0256370863119c043f1e5ca8f3930f6999bd9f250434b6d8935f45dc171
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-icb-bank-of-ghana.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3937
Md5:    e5b0991476a3c24483a01b23b488bf29
Sha1:   0d4b4bf93e40176b17eeb49daf4d8f96291e3563
Sha256: 2753bb7142f435c6b6b0946e1adac6015fbc0fb0cd2ddb1a8ae1df9c20447c0f
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-mr-lawton-roberts.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3936
Md5:    ab8cbba057b771b048897a1dbf50073c
Sha1:   3aad713b751a89d476a2b40922e928fd6b91328f
Sha256: 14ad4fde4e44331d8fee49f78bb787063380c62ab8abc3e7a85b2a4b468ef2e2
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-rbi-governor-dr.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3934
Md5:    7db4c5dcd02e60a8e505d89423f3b47e
Sha1:   1f7111cbcdbab53a905a08a3e2d768855826446c
Sha256: 265b68f8f2273221e6eeb4a4a6ae8db9349ef95d74001dfb5222efff2d885796
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-central-bank-of_29.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3935
Md5:    9bbe98a024152c8e6838dca68f65be3b
Sha1:   cae454e9fb252b009fdb3fbf0718ba156ad28455
Sha256: 9366eb709189eda6bf3a092ae16a16eab5e63e808187f269fa8906bfd55d0854
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-markus-j-levy.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3934
Md5:    a25cd7f4e7f52ba8221594b47ed5a714
Sha1:   43d3c0c6449cdc5042df55f693a5704f7d861684
Sha256: 8ebc2ffb33b93b6a7cbc183d3fa38c23a72a43c20133d164f51c871270c7cfc0
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-abdul-qadeer-fitrat.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3938
Md5:    d2242286d5caa9d3165bc623ebc25b91
Sha1:   7901a665b8b00009ad160192b734b6993fef980b
Sha256: 451ed416ae16b24b26652b8b7b75c22d3678f5d17ac6543fe15b350a446b1afa
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Floan-scam-message-left-as-comment-on_29.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3932
Md5:    45a5391a6b28d9fe9dcdb8e0e2aefc6a
Sha1:   277f560bdaa3070155c2b39044ec16e348f327a3
Sha256: 4c071fb06e082614eaf827523e62187fbcf217841c9fdf1d9f871dfc406943f8
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-mr-gania-omoowo.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3935
Md5:    b32246ec5a398edda6f9c745dce724b3
Sha1:   de86177a7956353eff62e9d87763970f4327a94c
Sha256: 8f9417c93937899bdff15db537528f87651441eaa2b407bd58ee551403ad41cc
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-mrs-anastasia-m.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3935
Md5:    dc3d57e139c68082297b5cf85a7a8b8c
Sha1:   89abbe7cf48e5a2a074648f99eabc90f7e9e705f
Sha256: e7abb8942b7f80d5ee94632dc1c97fef093b36f2ea1aad3a439028ddd39df300
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-mrs-anastasia-m_28.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3938
Md5:    87888147145d50839c7f0bb50e26d5b3
Sha1:   287eb9cdf08538cb5a43c1e8630f949bb0ee3e49
Sha256: 9b1853bb45792a1ec37f2bc8c940895db3b4499c919e32b70546f383c22dfa7b
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-goodbody-chambers.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3935
Md5:    a5cc79c0792d9ef0bc021f3b6e3b3ba3
Sha1:   2ad5b7869b6a181cf34cf40d42167c1c9139081a
Sha256: d99382a256a4e056d3c6c410819272ec739e6e411439b3b19b9914bec89bd5b5
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Fphishing-alert-phishing-email-from_44.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3930
Md5:    711017a30d43a83777dd15385c872c08
Sha1:   5b43b43b659532ce82929f7236c7a4ab40b4998c
Sha256: 6a00d7d40dbb872f0f2d214232cd48d5a65a496ab6e1434f8007705b54d340b3
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.en_US.ovH4L1GQXbU.O/am=QQ/rt=j/d=1/rs=AGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g/m=googleapis_client,gapi_iframes_style_common,gapi_iframes_iframer HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://apis.google.com/se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-federal-bureau-of_30.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 46204
Date: Tue, 11 Dec 2018 15:32:18 GMT
Expires: Wed, 11 Dec 2019 15:32:18 GMT
Last-Modified: Sun, 09 Dec 2018 10:31:36 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, immutable, max-age=31536000
Age: 483132
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   46204
Md5:    51e6a329c5f697183a1947f68f0bace0
Sha1:   75edbda98dc1c82060fe99d6579e731fab7334d7
Sha256: c6f8f6951a766f828c5bba434030c1cbe1660989ed7fadb7ad117187e3d9fbaa
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Floan-scam-email-sent-through-fraudfyi_28.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3933
Md5:    3e1893f8485a542989a855514145d027
Sha1:   c1471d50940ce4d6b76af9ddfcd3c8bab0ad16ee
Sha256: b85324f539a6d4057517fc846be95d2162ecfb9088c874c3a84fe8afe11ba01d
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2Fphishing-alert-phishing-email-from_28.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3930
Md5:    ce03e036edd5fc8ceb72ae57de525334
Sha1:   4ba4ac436b946fe2eaa100c329f73efbfb0ddde3
Sha256: ae8353408ccceb5a83985bfa31f52906a9dd637841b521ff5edc07094936759e
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-mrs-emilly-olivier_28.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3939
Md5:    89bed1ea97d71a161dde0013d0dd12da
Sha1:   3b9136dd7e5b4b9d2b99ef97b0814903ad2c3ed8
Sha256: 72007414c25c1735c7ff9e495560f1602dd3e6692aa9999e6e7e937a0b61d42b
                                        
                                            GET /accounts/o/748736246-postmessagerelay.js HTTP/1.1 
Host: ssl.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Ffraudfyi.blogspot.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__

                                         
                                         172.217.22.163
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3892
Date: Tue, 11 Dec 2018 16:57:46 GMT
Expires: Wed, 11 Dec 2019 16:57:46 GMT
Last-Modified: Sat, 08 Dec 2018 03:24:37 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 478004
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3892
Md5:    426c1a3faf24e442993d785a45b961ec
Sha1:   66c3e6a705875959be219d8f0be12c03bf4651e4
Sha256: de8a66f90d2f8097aa0df79cbda696701ebfb9f3372ca2462d8892d13ef2f3af
                                        
                                            GET /se/0/_/+1/fastbutton?usegapi=1&annotation=inline&width=300&size=medium&source=blogger%3Ablog%3Aplusone&hl=en&origin=http%3A%2F%2Ffraudfyi.blogspot.com&url=http%3A%2F%2Ffraudfyi.blogspot.com%2F2015%2F06%2F419-scam-email-from-international_28.html&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__ HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fraudfyi.blogspot.com/2015_06_01_archive.html
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Vary: Accept-Encoding
Timing-Allow-Origin: *
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=3600
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   3934
Md5:    28b6ad3b6755996b1a22e198ce34e116
Sha1:   1752addfa757b6639cac38fd6568f6366ea8f304
Sha256: d5570c6c7dc15e4c9339abf4e7108bcfdbe6e07a44074cd791bebe1b78a876d8
                                        
                                            GET /js/rpc:shindig_random.js?onload=init HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Ffraudfyi.blogspot.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
Timing-Allow-Origin: *
Etag: "8dadb9c819cb616fc7497904867e9275"
Expires: Mon, 17 Dec 2018 05:44:30 GMT
Date: Mon, 17 Dec 2018 05:44:30 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   4678
Md5:    ec6d7fbedf4d7465d1325a6e626b59a3
Sha1:   d12466b456aad5b30fbe6237b15a21655ed5ecd4
Sha256: c5bed090188f1c35294ecbccab1b2c8d0b7a7e23520f73cf99458e9390e0cf66
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.en_US.ovH4L1GQXbU.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=QQ/rs=AGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g/cb=gapi.loaded_0 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://accounts.google.com/o/oauth2/postmessageRelay?parent=http%3A%2F%2Ffraudfyi.blogspot.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.ovH4L1GQXbU.O%2Fam%3DQQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCPIcZXE9FCiF0NG096nQcdxr7QS9g%2Fm%3D__features__
Cookie: 1P_JAR=2018-12-17-05; NID=150=rizk1kHWntfKFjgoJZj4Ds1AxabLCerunKMRgV8Omh4MiM86zBsgWbU1Jq8qsvifNROAFzBHFBtbzs16GOYbseaKaOYr49cqgSgdS0Xlh0vMDVgcMvwo6FDWfSNAaXN9kkbZL85SdlH-HrH8lspxKoJVZ34O_NG6tQ2M25wMV5k

                                         
                                         172.217.22.174
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 16531
Date: Tue, 11 Dec 2018 00:02:40 GMT
Expires: Wed, 11 Dec 2019 00:02:40 GMT
Last-Modified: Sun, 09 Dec 2018 10:31:36 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, immutable, max-age=31536000
Age: 538910
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   16531
Md5:    a12587ad338bb85386ed1cf2faa492b4
Sha1:   78c057341c8356a4c4bf422b02d7157427e26b5f
Sha256: 3461305450815481c8e5a0b27699e44e6fddda92bf5dd72f313cbd1a6ead5842