Overview

URL mir3.me/images/s.exe
IP216.239.32.21
ASNAS15169 Google Inc.
Location United States
Report completed2019-06-03 08:28:00 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-06-03 08:27:25 CEST 1 Client IP  216.58.207.243 ET TROJAN Single char EXE direct download likely trojan (multiple families)


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 216.239.32.21

Date UQ / IDS / BL URL IP
2019-06-30 00:53:10 +0200
0 - 0 - 0 netskopesg.com 216.239.32.21
2019-06-25 20:52:48 +0200
0 - 0 - 0 snapchat.com 216.239.32.21
2019-06-25 18:19:44 +0200
0 - 0 - 0 x.mdhv.io/ 216.239.32.21
2019-06-16 10:11:20 +0200
0 - 0 - 0 Facebookfunda.com 216.239.32.21
2019-06-14 16:35:57 +0200
0 - 0 - 0 SODEXOIOT.COM 216.239.32.21
2019-06-13 17:48:24 +0200
0 - 0 - 0 https://gotest.tools/ 216.239.32.21
2019-06-12 10:34:59 +0200
0 - 0 - 0 sidn.nl 216.239.32.21
2019-06-10 19:33:56 +0200
0 - 0 - 1 todaytrends.in/~espaceclient/zone.paymen.free (...) 216.239.32.21
2019-06-10 17:32:22 +0200
0 - 0 - 4 silolanginews.com/2017/10/lomba-foto-jurnalis (...) 216.239.32.21
2019-06-10 17:32:18 +0200
0 - 0 - 4 silolanginews.com/2017/08/siapa-di-balik-gedu (...) 216.239.32.21

Last 10 reports on ASN: AS15169 Google Inc.

Date UQ / IDS / BL URL IP
2019-07-01 11:14:59 +0200
0 - 0 - 0 https://docs.google.com/forms/d/e/1FAIpQLSfZp (...) 216.58.207.206
2019-07-01 09:39:24 +0200
0 - 0 - 1 bartuatenbe1974.blogspot.pt 216.58.211.1
2019-07-01 09:33:26 +0200
0 - 0 - 0 https://movieok4k.blogspot.com/2019/06/articl (...) 216.58.211.1
2019-07-01 09:28:48 +0200
0 - 0 - 1 bartuatenbe1974.blogspot.pt/ 216.58.211.1
2019-07-01 09:19:18 +0200
0 - 0 - 1 https://bartuatenbe1974.blogspot.pt/ 216.58.207.193
2019-07-01 08:47:18 +0200
0 - 0 - 1 https://elmulrapan1981.blogspot.ca/ 216.58.207.225
2019-07-01 08:24:54 +0200
0 - 0 - 1 pacarama1983.blogspot.com 216.58.207.193
2019-07-01 08:19:22 +0200
0 - 1 - 0 mycricketlive.live 172.217.22.179
2019-07-01 07:21:49 +0200
0 - 0 - 0 fijisharkdiving.blogspot.com/2018/10/my-fiji- (...) 216.58.207.193
2019-07-01 06:37:59 +0200
0 - 0 - 0 ta.wow-auto-forms.appspot.com/bower_component (...) 216.58.211.148

Last 3 reports on domain: mir3.me

Date UQ / IDS / BL URL IP
2019-05-26 08:03:28 +0200
0 - 1 - 0 mir3.me/images/s.exe 216.239.34.21
2019-05-10 18:06:06 +0200
0 - 1 - 0 mir3.me/images/s.exe 216.239.36.21
2018-12-11 07:15:32 +0100
0 - 2 - 0 mir3.me/images/s.exe 216.239.38.21


JavaScript

Executed Scripts (53)


Executed Evals (0)


Executed Writes (11)

#1 JavaScript::Write (size: 306, repeated: 1) - SHA256: 264161db8a220a93a331aed7110937b464b8718881278a8ebc31384bd1cfc1bc

                                        < !doctype html > < html > < body > < script > google_sl_win = window.parent;
google_iframe_start_time = new Date().getTime();
google_async_iframe_id = "aswift_0"; < /script><script>window.parent.google_sa_impl({iframeWin: window, pubWin: window.parent, vars: window.parent['google_sv_map']['aswift_0']});</script > < /body></html >
                                    

#2 JavaScript::Write (size: 306, repeated: 1) - SHA256: 5efcb9fc2a44ea42dca7f3a6201c413bf996957c8642429d6bfa6d151206a13e

                                        < !doctype html > < html > < body > < script > google_sl_win = window.parent;
google_iframe_start_time = new Date().getTime();
google_async_iframe_id = "aswift_1"; < /script><script>window.parent.google_sa_impl({iframeWin: window, pubWin: window.parent, vars: window.parent['google_sv_map']['aswift_1']});</script > < /body></html >
                                    

#3 JavaScript::Write (size: 306, repeated: 2) - SHA256: ceb1ece9d4cb4964ccd9219016b1b547d99a604ffb0173c99f882e88f578ed73

                                        < !doctype html > < html > < body > < script > google_sl_win = window.parent;
google_iframe_start_time = new Date().getTime();
google_async_iframe_id = "aswift_2"; < /script><script>window.parent.google_sa_impl({iframeWin: window, pubWin: window.parent, vars: window.parent['google_sv_map']['aswift_2']});</script > < /body></html >
                                    

#4 JavaScript::Write (size: 306, repeated: 1) - SHA256: 541c1027668e45b8bed71056a9f7fd353fe9f838e61fc680b505186d01614944

                                        < !doctype html > < html > < body > < script > google_sl_win = window.parent;
google_iframe_start_time = new Date().getTime();
google_async_iframe_id = "aswift_3"; < /script><script>window.parent.google_sa_impl({iframeWin: window, pubWin: window.parent, vars: window.parent['google_sv_map']['aswift_3']});</script > < /body></html >
                                    

#5 JavaScript::Write (size: 306, repeated: 1) - SHA256: d3e2705b97cf99dc54128332a5a61286c6a737079c28ca6c5f98bc91cabe1901

                                        < !doctype html > < html > < body > < script > google_sl_win = window.parent;
google_iframe_start_time = new Date().getTime();
google_async_iframe_id = "aswift_4"; < /script><script>window.parent.google_sa_impl({iframeWin: window, pubWin: window.parent, vars: window.parent['google_sv_map']['aswift_4']});</script > < /body></html >
                                    

#6 JavaScript::Write (size: 1257, repeated: 1) - SHA256: e4d46599cdbeb97d2570d4b2ff1a3720e12ce68eaf0c52a9d2b8687ed6706266

                                        < iframe id = "google_ads_frame1"
name = "google_ads_frame1"
width = "336"
height = "280"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8361282487473612&amp;output=html&amp;h=280&amp;slotname=9452377054&amp;adk=1526967335&amp;adf=807048394&amp;w=336&amp;lmt=1559543245&amp;guci=1.2.0.0.2.2.0.0&amp;format=336x280&amp;url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;dt=1559543247171&amp;bpp=40&amp;fdt=528&amp;idt=528&amp;shv=r20190528&amp;cbv=r20190131&amp;saldr=aa&amp;abxe=1&amp;correlator=3759956316709&amp;frm=20&amp;pv=2&amp;ga_vid=200323022.1559543248&amp;ga_sid=1559543248&amp;ga_hid=463227874&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=352&amp;ady=103&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=656&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;pfx=0&amp;fu=16&amp;bc=1&amp;ifi=1&amp;uci=a!1&amp;dtd=969"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#7 JavaScript::Write (size: 1278, repeated: 1) - SHA256: 8f19740f57656eeb681eeac641bb5376e7bae7d33f4a3cb17a8433f2c865e854

                                        < iframe id = "google_ads_frame2"
name = "google_ads_frame2"
width = "250"
height = "250"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8361282487473612&amp;output=html&amp;h=250&amp;slotname=9982983801&amp;adk=2239951807&amp;adf=807048394&amp;w=250&amp;lmt=1559543245&amp;guci=1.2.0.0.2.2.0.0&amp;format=250x250&amp;url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;dt=1559543247212&amp;bpp=54&amp;fdt=945&amp;idt=945&amp;shv=r20190528&amp;cbv=r20190131&amp;saldr=aa&amp;abxe=1&amp;prev_fmts=336x280&amp;correlator=3759956316709&amp;frm=20&amp;pv=1&amp;ga_vid=200323022.1559543248&amp;ga_sid=1559543248&amp;ga_hid=463227874&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=95&amp;ady=471&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=656&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7C%7C&amp;abl=CS&amp;pfx=0&amp;fu=16&amp;bc=1&amp;ifi=2&amp;uci=a!2&amp;dtd=962"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#8 JavaScript::Write (size: 1327, repeated: 1) - SHA256: 23d20127b4eba023d1000819b0cfc73e0e08487a33a45e314320037fb798205a

                                        < iframe id = "google_ads_frame3"
name = "google_ads_frame3"
width = "300"
height = "250"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8361282487473612&amp;output=html&amp;h=250&amp;slotname=5887115686&amp;adk=2965241917&amp;adf=807048394&amp;w=300&amp;fwrn=4&amp;lmt=1559543245&amp;rafmt=11&amp;guci=1.2.0.0.2.2.0.0&amp;format=300x250&amp;url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;dt=1559543247266&amp;bpp=8&amp;fdt=940&amp;idt=941&amp;shv=r20190528&amp;cbv=r20190131&amp;saldr=aa&amp;abxe=1&amp;prev_fmts=336x280%2C250x250&amp;correlator=3759956316709&amp;frm=20&amp;pv=1&amp;ga_vid=200323022.1559543248&amp;ga_sid=1559543248&amp;ga_hid=463227874&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;rplot=4&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=780&amp;ady=757&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=656&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;pfx=0&amp;fu=144&amp;bc=1&amp;ifi=3&amp;uci=a!3&amp;dtd=966"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#9 JavaScript::Write (size: 1410, repeated: 1) - SHA256: 2a5e6bc5b29d04bdece91ca6abb6636eff856610cd1af965c9e6368ab5ddd4b1

                                        < iframe id = "google_ads_frame3"
name = "google_ads_frame3"
width = "300"
height = "250"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8361282487473612&amp;output=html&amp;h=250&amp;slotname=5887115686&amp;adk=2965241917&amp;adf=807048394&amp;w=300&amp;fwrn=4&amp;lmt=1559543245&amp;rafmt=11&amp;guci=1.2.0.0.2.2.0.0&amp;format=300x250&amp;url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;dt=1559543247282&amp;bpp=8&amp;fdt=1707&amp;idt=1707&amp;shv=r20190528&amp;cbv=r20190131&amp;saldr=aa&amp;abxe=1&amp;prev_fmts=336x280%2C250x250%2C300x250%2C300x250%2C300x250&amp;correlator=3759956316709&amp;frm=20&amp;pv=1&amp;ga_vid=200323022.1559543248&amp;ga_sid=1559543248&amp;ga_hid=463227874&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;rplot=4&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=780&amp;ady=806&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;oid=3&amp;loc=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;rx=0&amp;eae=5&amp;fc=656&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;pfx=0&amp;fu=144&amp;bc=1&amp;ifi=3&amp;uci=a!3&amp;dtd=1719"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#10 JavaScript::Write (size: 1336, repeated: 1) - SHA256: 538a1d53616375332838dbd16db7aeb7735c44c43355007ce908956bdf56898f

                                        < iframe id = "google_ads_frame4"
name = "google_ads_frame4"
width = "300"
height = "250"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8361282487473612&amp;output=html&amp;h=250&amp;slotname=1536807134&amp;adk=72909811&amp;adf=807048394&amp;w=300&amp;fwrn=4&amp;lmt=1559543245&amp;rafmt=11&amp;guci=1.2.0.0.2.2.0.0&amp;format=300x250&amp;url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;ea=0&amp;flash=10.0.45&amp;wgl=0&amp;dt=1559543247274&amp;bpp=7&amp;fdt=974&amp;idt=975&amp;shv=r20190528&amp;cbv=r20190131&amp;saldr=aa&amp;abxe=1&amp;prev_fmts=336x280%2C250x250%2C300x250&amp;correlator=3759956316709&amp;frm=20&amp;pv=1&amp;ga_vid=200323022.1559543248&amp;ga_sid=1559543248&amp;ga_hid=463227874&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;rplot=4&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=780&amp;ady=7371&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=656&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;pfx=0&amp;fu=144&amp;bc=1&amp;ifi=4&amp;uci=a!4&amp;dtd=989"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    

#11 JavaScript::Write (size: 1327, repeated: 1) - SHA256: d79fdd7e01754cd606bf7decf0a61c48e825b3f737f761c4306c5a5e198acf41

                                        < iframe id = "google_ads_frame5"
name = "google_ads_frame5"
width = "300"
height = "250"
frameborder = "0"
src = "https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8361282487473612&amp;output=html&amp;h=250&amp;slotname=9204965048&amp;adk=3179406742&amp;adf=807048394&amp;w=300&amp;lmt=1559543245&amp;guci=1.2.0.0.2.2.0.0&amp;format=300x250&amp;url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&amp;ea=0&amp;flash=10.0.45&amp;avail_w=315&amp;wgl=0&amp;dt=1559543247282&amp;bpp=5&amp;fdt=993&amp;idt=994&amp;shv=r20190528&amp;cbv=r20190131&amp;saldr=aa&amp;abxe=1&amp;prev_fmts=336x280%2C250x250%2C300x250%2C300x250&amp;correlator=3759956316709&amp;frm=20&amp;pv=1&amp;ga_vid=200323022.1559543248&amp;ga_sid=1559543248&amp;ga_hid=463227874&amp;ga_fc=0&amp;icsg=0&amp;dssz=0&amp;mdo=0&amp;mso=0&amp;u_tz=120&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=10&amp;u_nmime=92&amp;adx=95&amp;ady=7672&amp;biw=1159&amp;bih=754&amp;scr_x=0&amp;scr_y=0&amp;oid=3&amp;rx=0&amp;eae=4&amp;fc=656&amp;brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&amp;vis=0&amp;rsz=%7C%7Cbr%7C&amp;abl=CS&amp;pfx=0&amp;fu=16&amp;bc=1&amp;ifi=5&amp;uci=a!5&amp;dtd=1010"
marginwidth = "0"
marginheight = "0"
vspace = "0"
hspace = "0"
allowtransparency = "true"
scrolling = "no"
allowfullscreen = "true" > < /iframe>
                                    


HTTP Transactions (53)


Request Response
                                        
                                            GET /images/s.exe HTTP/1.1 
Host: mir3.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.239.34.21
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Location: http://www.mir3.me/images/s.exe
Date: Mon, 03 Jun 2019 06:27:24 GMT
Server: ghs
Content-Length: 228
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  HTML document text
Size:   228
Md5:    64853b2313ded85e5491353353022d51
Sha1:   3161baf1a0ab44856b58bed278e2aea65fe1be08
Sha256: 7fe4b1f4c81fcff420dba783ac363688daf248c8eda18542ef6c39798f21d334
                                        
                                            GET /js/pinit.js HTTP/1.1 
Host: assets.pinterest.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         151.101.84.84
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Etag: "931070e36fce60f2d86c78abe608ca38"
Content-Encoding: gzip
Content-Length: 286
Connection: keep-alive
X-CDN: fastly
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 86400
Access-Control-Expose-Headers: X-CDN
Vary: Accept-Encoding, Origin
Cache-Control: max-age=300


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   286
Md5:    931070e36fce60f2d86c78abe608ca38
Sha1:   18688d495cb0af4e1ab42c5e36d8a932f74d664d
Sha256: 01e4a21280f97654db979111c842bd0654bc7668104e6c18b22ff268ffa8dba4
                                        
                                            GET /font-awesome/4.0.3/css/font-awesome.css HTTP/1.1 
Host: netdna.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         209.197.3.15
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Date: Mon, 03 Jun 2019 06:27:25 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1544639719"
Content-Encoding: gzip
Content-Length: 4292
Last-Modified: Wed, 12 Dec 2018 18:35:19 GMT
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-Cache: HIT
timing-allow-origin: *
Cache-Control: public, max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4292
Md5:    18902a41533d4e631e65a8d0c1f61282
Sha1:   c956a0dc434b90d06c2528b76c4e5273a30f9ac0
Sha256: 09b434cbaea55c0879a0598d4e3ae8b7ecd3a3a1edd8a995e600f4064ceb5454
                                        
                                            GET /css?family=Fjalla+One HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.42
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
                                        
Access-Control-Allow-Origin: *
timing-allow-origin: *
Expires: Mon, 03 Jun 2019 06:27:25 GMT
Date: Mon, 03 Jun 2019 06:27:25 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   198
Md5:    4e04e013a82f077fe1a81ca0676cfd46
Sha1:   ae041204e1987112a69c0e0f40d67e05392d8827
Sha256: 6822195f800fe007923c014c8ee538cdd6cde2412da66166d171d99b59660a2d
                                        
                                            GET /js/pinit_main.js?0.7614734723264047 HTTP/1.1 
Host: assets.pinterest.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         151.101.84.84
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Etag: "8e815b2e3dab60eb301e4080345e1bb3"
Content-Encoding: gzip
Content-Length: 23756
Connection: keep-alive
X-CDN: fastly
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 86400
Access-Control-Expose-Headers: X-CDN
Vary: Accept-Encoding, Origin
Cache-Control: max-age=300


--- Additional Info ---
Magic:  gzip compressed data, from Unix, max speed
Size:   23756
Md5:    8e815b2e3dab60eb301e4080345e1bb3
Sha1:   aadf7b60e3e6e812526b34a22944877976ead136
Sha256: 204a517398be61ed9294322010d48556efeff5b3c38ce1dafa1146c83b014555
                                        
                                            GET /images/s.exe HTTP/1.1 
Host: www.mir3.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.207.243
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 03 Jun 2019 06:27:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 28827
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   28827
Md5:    fe1ec418e8c2385380b8239089741c00
Sha1:   216e28fb9a3f94392422e74c18793a94bf06fef6
Sha256: 64eba5fb8151ec81707f9634a2345fce98236c6f746b1d0c6dc4daf5e3fc7a8f

Alerts:
  IDS:
    - ET TROJAN Single char EXE direct download likely trojan (multiple families)
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 03 Jun 2019 06:27:25 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    a19e1010a0bc5238cd6a8a1fab267eef
Sha1:   a6bc1c679661b511c7106665c9d31c7f711cb962
Sha256: 7a73865a3e29192861ef32b1685d4668126138903f4e250b9828670d1f8a6f31
                                        
                                            GET /ajax/libs/jquery/1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.211.10
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
timing-allow-origin: *
Content-Length: 33434
Date: Sat, 01 Jun 2019 08:30:18 GMT
Expires: Sun, 31 May 2020 08:30:18 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 165427


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   33434
Md5:    e4bb941e9945e6b8fc2c91584e0545e2
Sha1:   8ac8f5fbba79ab93ff34041cf41ed30b0487354d
Sha256: d5aef23e26c649450ee31e6d65fe05937d337e1e91efdc884893e9f2b1e89971
                                        
                                            POST /gsr2 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 112
Content-Type: application/ocsp-request

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 03 Jun 2019 06:27:25 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 468
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   468
Md5:    5be872b3fe0bb6f31385f91f811e9586
Sha1:   1192231bcb9ee73e9f619d433cdb66dddd9ae7f7
Sha256: db0ad6191770bff9043482b68acf62a4e25d4390a03274cfbe413675dd8c9cf5
                                        
                                            GET /svn/trunk/js/highlight.pack.js HTTP/1.1 
Host: bloggertut.googlecode.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         74.125.131.82
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Referrer-Policy: no-referrer
Content-Length: 1591
Date: Mon, 03 Jun 2019 06:27:25 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1591
Md5:    78aef4ef6c838ecde300e5ed6fcc602d
Sha1:   7078fcc783df22bdabae15eabfbb44dc4ac17545
Sha256: ad7720d87f0e065c67b22cfb00f92bb077a41578a1ef0a90da47ccc80e13ae7a
                                        
                                            GET /static/v1/widgets/2549344219-widget_css_bundle.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.211.9
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6822
Date: Fri, 31 May 2019 21:20:24 GMT
Expires: Sat, 30 May 2020 21:20:24 GMT
Last-Modified: Fri, 31 May 2019 18:28:42 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=31536000
Age: 205621
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   6822
Md5:    50061c169ab8f46a9cc382f148f2dce5
Sha1:   ff4829f3d28740af078781271a61091d8a13c300
Sha256: a8b7114ca2883702b99c0521528cbcce9a0b64cf8283df063cab50372c2e4144
                                        
                                            GET /static/v1/widgets/1535467126-widget_css_2_bundle.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.211.9
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7452
Date: Sat, 01 Jun 2019 08:26:00 GMT
Expires: Sun, 31 May 2020 08:26:00 GMT
Last-Modified: Tue, 25 Nov 2014 14:03:24 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=31536000
Age: 165685
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data
Size:   7452
Md5:    f3167132833424a781f5270b052f9952
Sha1:   39916f5321955446feb471b2c6e5167cf65c8cac
Sha256: 78e311131a88573cc85996e817039c6d361730a065cd3332bed576e00657a482
                                        
                                            GET /svn/trunk/js/highlight.pack.js HTTP/1.1 
Host: bloggertut.googlecode.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         74.125.131.82
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Referrer-Policy: no-referrer
Content-Length: 1591
Date: Mon, 03 Jun 2019 06:27:26 GMT


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1591
Md5:    78aef4ef6c838ecde300e5ed6fcc602d
Sha1:   7078fcc783df22bdabae15eabfbb44dc4ac17545
Sha256: ad7720d87f0e065c67b22cfb00f92bb077a41578a1ef0a90da47ccc80e13ae7a
                                        
                                            GET /js/cookienotice.js HTTP/1.1 
Host: www.mir3.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.207.243
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2026
Date: Mon, 03 Jun 2019 05:15:17 GMT
Expires: Mon, 10 Jun 2019 05:15:17 GMT
Last-Modified: Sun, 02 Jun 2019 17:07:10 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=604800
Age: 4329


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   2026
Md5:    c4e1ed83d89245089b8a1203be20a377
Sha1:   f3940e1215b89300ef97d57a25993f25243b8688
Sha256: afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
                                        
                                            GET /-gwsFvgzCBDE/UC5jBenZUoI/AAAAAAAACLU/xlY3lJEl2IY/s1600/PhoXo2.png HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v8b5"
Expires: Mon, 03 Jun 2019 21:53:56 GMT
Content-Disposition: inline;filename="PhoXo2.png"
Vary: Origin
Access-Control-Allow-Origin: *
timing-allow-origin: *
X-Content-Type-Options: nosniff
Date: Mon, 03 Jun 2019 05:54:32 GMT
Server: fife
Content-Length: 1610
X-XSS-Protection: 0
Age: 1974
Cache-Control: public, max-age=86400, no-transform


--- Additional Info ---
Magic:  PNG image, 100 x 20, 8-bit/color RGBA, non-interlaced
Size:   1610
Md5:    fdb7528e7ccebcfe1daea52aa0195bd6
Sha1:   caa9b43d3056743538e12cb11a7320f9216712ea
Sha256: 08ee145d75eed8be290285f1a8b9fd40b9b8dc029ad10cc6283945b536270506
                                        
                                            GET /static/v1/widgets/2571851385-widgets.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.211.9
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 55853
Date: Fri, 31 May 2019 21:20:14 GMT
Expires: Sat, 30 May 2020 21:20:14 GMT
Last-Modified: Fri, 31 May 2019 18:28:42 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=31536000
Age: 205632
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   55853
Md5:    c7b91a004533f5a886cafdadb4ebc3a9
Sha1:   79bb398ff3204a5568e6ca4f01652c6b93e16f43
Sha256: a156ba4dfec94a94e08be2531f5c3a54b28a2cb362a579699e9cf3b0a6f66a02
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 03 Jun 2019 06:27:26 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    ac5321002287fcb9ed3e03539a307378
Sha1:   06ac14fa016806f6a3f32edc03cbb6683a812ac0
Sha256: d19dac36040958ac2c2f560e58a2076b96cfad140befa5a66187b0c39d39a56f
                                        
                                            GET /pagead/js/adsbygoogle.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
Vary: Accept-Encoding
Date: Mon, 03 Jun 2019 06:27:26 GMT
Expires: Mon, 03 Jun 2019 06:27:26 GMT
Cache-Control: private, max-age=3600
Etag: 16334509583596850882
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 33179
X-XSS-Protection: 0


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   33179
Md5:    15dc7494291db9c5dca52a2fb735f738
Sha1:   53bb277ab64e6b95521243c86ccc4007f7c4c3ad
Sha256: 9ab271e45872db99767db5d1e82843424ff79ffa1358adc62611ad29632b463a
                                        
                                            GET /img/icon18_wrench_allbkg.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.211.9
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Accept-Ranges: bytes
Content-Length: 475
Date: Fri, 31 May 2019 18:00:45 GMT
Expires: Fri, 07 Jun 2019 18:00:45 GMT
Last-Modified: Fri, 31 May 2019 16:39:50 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=604800
Age: 217601
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  PNG image, 18 x 18, 8-bit colormap, non-interlaced
Size:   475
Md5:    f617effe6d96c15acfea8b2e8aae551f
Sha1:   6d676af11ad2e84b620cce4d5992b657cb2d8ab6
Sha256: d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 03 Jun 2019 06:27:26 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    800e5712c90cb5b26292fd1fce0eb8c4
Sha1:   8c0f8b8cb286c2bf879608018003e96a0542340a
Sha256: 8f5cba1b07e138816d2a68d529391e5adc596fa05af97ea2ed260bf401f1dc86
                                        
                                            GET /dyn-css/authorization.css?targetBlogID=2536384285010130402&zx=77957587-52cc-4f58-823b-5ef41c34af98 HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.211.9
HTTP/1.1 200 OK
Content-Type: text/css; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 03 Jun 2019 06:27:26 GMT
Last-Modified: Mon, 03 Jun 2019 06:27:26 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   21
Md5:    b9afc501fc43fbea335a2dc5d43263a1
Sha1:   7290a2dd6afbf39ecfc35b52dfb32a38fc222994
Sha256: d6e425ca7840c0ab6f26f5fc2822a47e26b4a8bbd104468a9c185bc132b8662f
                                        
                                            GET /en_US/all.js HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         31.13.72.12
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
                                        
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: 8cda7373636124997d7d145696241c05
Etag: "9e7f32c1b58ccf7ec0559d7c774fc6da"
Content-Encoding: gzip
timing-allow-origin: *
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
Expires: Mon, 03 Jun 2019 06:39:06 GMT
Content-MD5: jTrN5v3Sw40NH9q6QrBEZw==
X-FB-Debug: lnlcRPg4JleTkWlrt2DqI73Dntk81BqJWGFuse/WsnnAjzXStL2999VFaa+falEHtiT9tAw3iNAzOSGyuhPplQ==
Date: Mon, 03 Jun 2019 06:27:26 GMT
Connection: keep-alive
Content-Length: 1779


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1779
Md5:    8d3acde6fdd2c38d0d1fdaba42b04467
Sha1:   91c36055dd0bd83f8b33cad1e4aaf9daf0d3e4fb
Sha256: db5c583a9b9ae003f3ff0ba6c840b26c47a7ed5fc6be9d0b3b08a855b2088844
                                        
                                            GET /js/plusone.js HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
timing-allow-origin: *
Etag: "68c91eed4c0a206f27ea86fc89c7755f"
Expires: Mon, 03 Jun 2019 06:27:26 GMT
Date: Mon, 03 Jun 2019 06:27:26 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Set-Cookie: NID=184=qF9tIHMEgcIuzRJoQ7IQMPct3uaHMNb05uJe_nbxfvzTf98CWWAGmN4eQOQ8SEPBd0nDtWXblkiyaTx2aoVDfMFvRGkZLxb0Ar70D2QUGLoEuDBoUjqS1ZqIKzhXKQQUw8kltjb3t781qxhxRVwS8IK3E1as0NDy96HlY2GLvMc;Domain=.google.com;Path=/;Expires=Tue, 03-Dec-2019 06:27:26 GMT;HttpOnly
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17040
Md5:    3bf22716a09645313d21b0edf3d7dedd
Sha1:   ee5a243ec542f038802f5b7d414b5f2b87259a99
Sha256: af46fddeedf88f3a9b8a37f4b382d12158b4c9997c850822578ebbc705ecfcb7
                                        
                                            GET /-GPCAz_baHzA/XKALzxO69rI/AAAAAAAAJM8/WNhxHgz0asMFxFCCyS-TZRWmDHgJXz2pQCLcBGAs/s72-c/Lemon%2BPudding%2BCake.png HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v24d0"
Expires: Tue, 04 Jun 2019 05:15:17 GMT
Content-Disposition: inline;filename="Lemon Pudding Cake.png"
Vary: Origin
Access-Control-Allow-Origin: *
timing-allow-origin: *
X-Content-Type-Options: nosniff
Date: Mon, 03 Jun 2019 05:15:17 GMT
Server: fife
Content-Length: 11800
X-XSS-Protection: 0
Cache-Control: public, max-age=86400, no-transform
Age: 4329
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  PNG image, 72 x 72, 8-bit/color RGB, non-interlaced
Size:   11800
Md5:    bc60838e768dec64996f8e83754370cd
Sha1:   be20051b2d46ff92142143d7661d15d6fb870bc2
Sha256: 1606b21455b47936bc6c72d48054f098604ca0b1611f5dbd9a2cadbfcb20063e
                                        
                                            GET /-v3sfVt9tGz4/XKMcg6qGfaI/AAAAAAAAJUk/jhnrbw4lG6MmgzCQpp4WpQUMrHwqEt0mgCLcBGAs/s72-c/POTATO%252C%2BBROCCOLI%2B%2526%2BEGG%2BCASSEROLE.png HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v254a"
Expires: Tue, 04 Jun 2019 05:15:17 GMT
Content-Disposition: inline;filename="POTATO, BROCCOLI & EGG CASSEROLE.png"
Vary: Origin
Access-Control-Allow-Origin: *
timing-allow-origin: *
X-Content-Type-Options: nosniff
Date: Mon, 03 Jun 2019 05:15:17 GMT
Server: fife
Content-Length: 11068
X-XSS-Protection: 0
Cache-Control: public, max-age=86400, no-transform
Age: 4329
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  PNG image, 72 x 72, 8-bit/color RGB, non-interlaced
Size:   11068
Md5:    ad0e08ea5de651c0b33b597f49491620
Sha1:   177739025212d400a6dadf826a5b472585d2f366
Sha256: 694c646f1cdf1ae905c7986a69b767a88baca23e9f6b159439f9ec1eebe60348
                                        
                                            GET /pagead/js/google_top_exp.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
Vary: Accept-Encoding
Date: Sun, 02 Jun 2019 22:01:29 GMT
Expires: Sun, 16 Jun 2019 22:01:29 GMT
Etag: 13036835877489095579
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Cache-Control: public, max-age=1209600
Age: 30357


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   67
Md5:    9bbc3ca32ec951a484589ce0e6b4db73
Sha1:   753d6f6183b33b2dee5dde2208fca91c17f5bb13
Sha256: b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
                                        
                                            GET /font-awesome/4.0.3/fonts/fontawesome-webfont.woff?v=4.0.3 HTTP/1.1 
Host: netdna.bootstrapcdn.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css
Origin: http://www.mir3.me

                                         
                                         209.197.3.15
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Date: Mon, 03 Jun 2019 06:27:26 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Etag: "1544639743"
Content-Encoding: gzip
Content-Length: 44433
Last-Modified: Wed, 12 Dec 2018 18:35:43 GMT
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
X-Cache: HIT
timing-allow-origin: *
Cache-Control: public, max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   44433
Md5:    122359bdfee05a5b4ce0f19b244e85bb
Sha1:   35d57f1553391ddfdb1525ffd37ca902f79d2d7e
Sha256: 3e8f404d881f687fdcc53a1a7f8c59d3bdfa201c14e3d8470fb55eb99c4fdc4a
                                        
                                            GET /s/fjallaone/v6/Yq6R-LCAWCX3-6Ky7FAFrOF6lA.woff HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fonts.googleapis.com/css?family=Fjalla+One
Origin: http://www.mir3.me

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: font/woff
                                        
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
timing-allow-origin: *
Content-Length: 19976
Date: Sat, 01 Jun 2019 08:48:15 GMT
Expires: Sun, 31 May 2020 08:48:15 GMT
Last-Modified: Tue, 19 Feb 2019 22:34:07 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, max-age=31536000
Age: 164351


--- Additional Info ---
Magic:  data
Size:   19976
Md5:    7710e53ee1e24055dd9ba499766cbf2a
Sha1:   84b6d697b33ebfbdc7e7892d1b51fec3cc3af64b
Sha256: da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
                                        
                                            GET /-yNE4A_H3C2o/U1E6RPYNEpI/AAAAAAAADRQ/UOP1mUKaxGE/s1600/line.png HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "vd15"
Expires: Tue, 04 Jun 2019 02:18:33 GMT
Content-Disposition: inline;filename="line.png"
Vary: Origin
Access-Control-Allow-Origin: *
timing-allow-origin: *
X-Content-Type-Options: nosniff
Date: Mon, 03 Jun 2019 06:21:05 GMT
Server: fife
Content-Length: 735
X-XSS-Protection: 0
Age: 381
Cache-Control: public, max-age=86400, no-transform


--- Additional Info ---
Magic:  PNG image, 371 x 5, 8-bit/color RGBA, non-interlaced
Size:   735
Md5:    15ded568eb1e378aa000ab4fc9622c7e
Sha1:   71889b7db45f87fd62dae699575cc2d1dc1aec35
Sha256: 92dc3b64537e4a7710d452daaba3ed22fda5e21df2db4ccfbd81c129df9d5116
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.mir3.me
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.207.243
HTTP/1.1 200 OK
Content-Type: image/x-icon; charset=UTF-8
                                        
Expires: Mon, 03 Jun 2019 06:27:26 GMT
Date: Mon, 03 Jun 2019 06:27:26 GMT
Cache-Control: private, max-age=86400
Last-Modified: Tue, 21 May 2019 01:13:42 GMT
Etag: W/"146797ffeefd791716d09386379e8b34a1a49cac5c5132651f20e65b796be799"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 933
Server: GSE


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   933
Md5:    073f35b647d0bd70cd1780fcbfd1a482
Sha1:   006bce9af752851d246dd1d3f136a8468edd92a8
Sha256: 3d85fb44be02e0b6a32254f205777a4ff17741ae648c7af589fd5727d0ee6ed9
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.en_US.E_qD2c1OPEU.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCP9A3UkJ2KOyoLJQryL03NxsUFfNg/cb=gapi.loaded_0 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe
Cookie: NID=184=qF9tIHMEgcIuzRJoQ7IQMPct3uaHMNb05uJe_nbxfvzTf98CWWAGmN4eQOQ8SEPBd0nDtWXblkiyaTx2aoVDfMFvRGkZLxb0Ar70D2QUGLoEuDBoUjqS1ZqIKzhXKQQUw8kltjb3t781qxhxRVwS8IK3E1as0NDy96HlY2GLvMc

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 49548
Date: Thu, 30 May 2019 22:40:54 GMT
Expires: Fri, 29 May 2020 22:40:54 GMT
Last-Modified: Tue, 28 May 2019 13:48:52 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, immutable, max-age=31536000
Age: 287193
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   49548
Md5:    74f907a4d74e678044b5d3e2eca0ea7a
Sha1:   edec37911ba3d02b09104faa989c0a40a6beb425
Sha256: 5ffe56e886352ddfd39c35e008016b09b2b07e66cfe38c78b1977faaecf69beb
                                        
                                            GET /pagead/js/r20190528/r20190131/show_ads_impl.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
Vary: Accept-Encoding
Date: Mon, 03 Jun 2019 06:27:27 GMT
Expires: Mon, 03 Jun 2019 06:27:27 GMT
Cache-Control: private, max-age=1209600
Etag: 17420060008506778792
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 79092
X-XSS-Protection: 0


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   79092
Md5:    f7e1ae8847ebb6bbdee67f8269d2a53b
Sha1:   fdaab0407aad41f3eb3cd7494b85a480488992a2
Sha256: 1e6f7dbc825df4ece60877abd351b8c2c3c795e71426877c3e4bc8dde5b8825d
                                        
                                            GET /-FXCcLfYFU0c/XHM2kYcIQCI/AAAAAAAAHuE/yTDbN9uey2gZvY63kbT6Rq3BihS4qXcdwCLcBGAs/s72-c/Low-Carb-Zucchini-Boats.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v1ee2"
Expires: Tue, 04 Jun 2019 05:15:17 GMT
Content-Disposition: inline;filename="Low-Carb-Zucchini-Boats.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
timing-allow-origin: *
X-Content-Type-Options: nosniff
Date: Mon, 03 Jun 2019 05:15:17 GMT
Server: fife
Content-Length: 5940
X-XSS-Protection: 0
Cache-Control: public, max-age=86400, no-transform
Age: 4330
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01
Size:   5940
Md5:    ef3fe2a6886bcef2e7b269cd3f512540
Sha1:   81693e6a323e072d18432c6c1e91d8eb2c6bd161
Sha256: b7448b5ef6fdaf81376a97412edfeb4416a0b740576b8b9b454af08dc4d8e891
                                        
                                            POST /GTSGIAG3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         216.58.207.227
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 03 Jun 2019 06:27:28 GMT
Cache-Control: public, max-age=86400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  data
Size:   471
Md5:    917d8785cecb86cbc288bc7f7b74173d
Sha1:   865684296dedc488fffa11d8eebefa580741fce5
Sha256: 93c0c4773edceed3595c85dda6edb27e390049b4ccc90417ec75d8d0da5f9f73
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.en_US.E_qD2c1OPEU.O/m=gapi_iframes,gapi_iframes_style_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCP9A3UkJ2KOyoLJQryL03NxsUFfNg/cb=gapi.loaded_1 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe
Cookie: NID=184=qF9tIHMEgcIuzRJoQ7IQMPct3uaHMNb05uJe_nbxfvzTf98CWWAGmN4eQOQ8SEPBd0nDtWXblkiyaTx2aoVDfMFvRGkZLxb0Ar70D2QUGLoEuDBoUjqS1ZqIKzhXKQQUw8kltjb3t781qxhxRVwS8IK3E1as0NDy96HlY2GLvMc

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 17555
Date: Thu, 30 May 2019 22:51:26 GMT
Expires: Fri, 29 May 2020 22:51:26 GMT
Last-Modified: Tue, 28 May 2019 13:48:52 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, immutable, max-age=31536000
Age: 286562
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   17555
Md5:    18f16a1d62ff83d73488b9219a7305a5
Sha1:   07810ce6a0bda39a34982e725981bcbd8256027e
Sha256: 27a14e572b97875b45809b1459022f0410a632256f863aca59fc4807e33993eb
                                        
                                            GET /pagead/html/r20190528/r20190131/zrt_lookup.html HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
Vary: Accept-Encoding
Date: Sun, 02 Jun 2019 21:52:08 GMT
Expires: Sun, 16 Jun 2019 21:52:08 GMT
Etag: 13732316697317830675
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 7014
X-XSS-Protection: 0
Cache-Control: public, max-age=1209600
Age: 30920
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   7014
Md5:    166d4e51ebaafe16ead787ba56e0c689
Sha1:   b9a424c145f8f0ed012dde137b3b1d1d75a138be
Sha256: 2460402655f6e065e99b29cf976b67b00fea31eab177822d28a584645462acd0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=105557
Date: Mon, 03 Jun 2019 06:27:28 GMT
Etag: "5cf39bdc-1d7"
Expires: Tue, 04 Jun 2019 11:46:45 GMT
Last-Modified: Sun, 02 Jun 2019 09:50:20 GMT
Server: ECS (lcy/1D24)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    206771d83ef933a3bf8f523388fd3ae3
Sha1:   1e70cdc4995bd2e05583f9ffe01756378e04cfb1
Sha256: 5c459f1184bf7bd874313be02ac883624fc0e936ee6d7e3713338203f0f930c7
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=114116
Date: Mon, 03 Jun 2019 06:27:28 GMT
Etag: "5cf3bf09-1d7"
Expires: Tue, 04 Jun 2019 14:09:24 GMT
Last-Modified: Sun, 02 Jun 2019 12:20:25 GMT
Server: ECS (lcy/1D6F)
X-Cache: HIT
Content-Length: 471


--- Additional Info ---
Magic:  data
Size:   471
Md5:    7443b75c32e392d351b0c06b0dcc49f6
Sha1:   6e8c078962fb7a1dd8c9c13ee1768fb4535d24a5
Sha256: a9f93d376e2b47e3d70c19e9bbfea221ef441597b474243d511501c5013d5635
                                        
                                            GET /pub-config/r20160913/ca-pub-8361282487473612.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Mon, 03 Jun 2019 05:15:19 GMT
Expires: Mon, 03 Jun 2019 17:15:19 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
Content-Length: 88
X-XSS-Protection: 0
Cache-Control: public, max-age=43200
Age: 4329
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   88
Md5:    447300cfe76a026545c27482e7ada077
Sha1:   995fa7efb4f9b8be29ea4c3c69a361e0a1f27ba1
Sha256: 994d8a1f3b94c1b503343b827ffd37a0a2a50015d48a054812591825cc305a40
                                        
                                            GET /navbar.g?targetBlogID=2536384285010130402&blogName=mir3.me&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://www.mir3.me/search&blogLocale=en&v=2&homepageUrl=http://www.mir3.me/&vt=4168018376631044168&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.E_qD2c1OPEU.O%2Fam%3DwQE%2Fd%3D1%2Frs%3DAGLTcCP9A3UkJ2KOyoLJQryL03NxsUFfNg%2Fm%3D__features__ HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.211.9
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 03 Jun 2019 06:27:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   2561
Md5:    16cf65c0b741d5c1f36b2c111f771d6c
Sha1:   e75fe8785a18f933831533d07d8f5b426c37d902
Sha256: b4b7ff2e26c1463c82b8805de225a371c6fff18c24f6507343393b3004e34884
                                        
                                            GET /-fWthLNjqhWY/XKAI5DsxuMI/AAAAAAAAJMk/uYDZauE2qzgupqwZBlf5SrQOHsAW56YJwCLcBGAs/s72-c/CHOCOLATE%2BSPONGE%2BCAKE.png HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v24ca"
Expires: Tue, 04 Jun 2019 05:15:17 GMT
Content-Disposition: inline;filename="CHOCOLATE SPONGE CAKE.png"
Vary: Origin
Access-Control-Allow-Origin: *
timing-allow-origin: *
X-Content-Type-Options: nosniff
Date: Mon, 03 Jun 2019 05:15:17 GMT
Server: fife
Content-Length: 8690
X-XSS-Protection: 0
Cache-Control: public, max-age=86400, no-transform
Age: 4330
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  PNG image, 72 x 72, 8-bit/color RGB, non-interlaced
Size:   8690
Md5:    7eb01b707005fe0c51d51748cb5d52db
Sha1:   5b2eb1f733f61495ad65093f0032d42f81cf12f7
Sha256: bd01952f60633ba0989704ece0ecc2d6714eef6adcd4adaa72321c07ba557932
                                        
                                            GET /pagead/ads?client=ca-pub-8361282487473612&output=html&h=250&slotname=9982983801&adk=2239951807&adf=807048394&w=250&lmt=1559543245&guci=1.2.0.0.2.2.0.0&format=250x250&url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&ea=0&flash=10.0.45&wgl=0&dt=1559543247212&bpp=54&fdt=945&idt=945&shv=r20190528&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=336x280&correlator=3759956316709&frm=20&pv=1&ga_vid=200323022.1559543248&ga_sid=1559543248&ga_hid=463227874&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=95&ady=471&biw=1159&bih=754&scr_x=0&scr_y=0&oid=3&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&pfx=0&fu=16&bc=1&ifi=2&uci=a!2&dtd=962 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 03 Jun 2019 06:27:29 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 03-Jun-2019 06:42:29 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
Expires: Mon, 03 Jun 2019 06:27:29 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   82
Md5:    87b49554493c15fb23b8e5d2f13b1ebf
Sha1:   328cbcb1c58530fd3f554ca7386ef7a85e1e982f
Sha256: 590b4bba70579d67368d97259fc85f56fda4fa5cb82f404fa8ec67a43369db17
                                        
                                            GET /-ciOXUNujRow/XHskFcWhW-I/AAAAAAAAIg4/bXiIM7-oNX8xkp8xmqzPr28hN_aVn8EvACLcBGAs/s1600/MIR3.ME.png HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v220f"
Expires: Tue, 04 Jun 2019 05:15:20 GMT
Content-Disposition: inline;filename="MIR3.ME.png"
Vary: Origin
Access-Control-Allow-Origin: *
timing-allow-origin: *
X-Content-Type-Options: nosniff
Date: Mon, 03 Jun 2019 05:15:20 GMT
Server: fife
Content-Length: 18472
X-XSS-Protection: 0
Cache-Control: public, max-age=86400, no-transform
Age: 4329
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  PNG image, 100 x 100, 8-bit/color RGB, non-interlaced
Size:   18472
Md5:    f8f580fd00907eee16a0c9db6380de4c
Sha1:   634124d50ce2fef890f1f51d605302ac7a7413ee
Sha256: b7d413bbc4590ebbdc407549c783b73781704361443531e0af74bd79460105d6
                                        
                                            GET /pagead/ads?client=ca-pub-8361282487473612&output=html&h=250&slotname=1536807134&adk=72909811&adf=807048394&w=300&fwrn=4&lmt=1559543245&rafmt=11&guci=1.2.0.0.2.2.0.0&format=300x250&url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&ea=0&flash=10.0.45&wgl=0&dt=1559543247274&bpp=7&fdt=974&idt=975&shv=r20190528&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=336x280%2C250x250%2C300x250&correlator=3759956316709&frm=20&pv=1&ga_vid=200323022.1559543248&ga_sid=1559543248&ga_hid=463227874&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&rplot=4&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=780&ady=7371&biw=1159&bih=754&scr_x=0&scr_y=0&oid=3&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&pfx=0&fu=144&bc=1&ifi=4&uci=a!4&dtd=989 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 03 Jun 2019 06:27:29 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 03-Jun-2019 06:42:29 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
Expires: Mon, 03 Jun 2019 06:27:29 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   82
Md5:    87b49554493c15fb23b8e5d2f13b1ebf
Sha1:   328cbcb1c58530fd3f554ca7386ef7a85e1e982f
Sha256: 590b4bba70579d67368d97259fc85f56fda4fa5cb82f404fa8ec67a43369db17
                                        
                                            GET /en_US/all.js?hash=92b6ddb42c65da7cebec06167251d4a6 HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         31.13.72.12
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
                                        
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: b3bb61c93369a3114c6a798220bbc855
Etag: "1c89322b1e2d3e387f3144788c80bf9d"
Content-Encoding: gzip
timing-allow-origin: *
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=31536000,stale-while-revalidate=3600,immutable
Expires: Tue, 02 Jun 2020 05:05:14 GMT
Content-MD5: edxrZIsNBwJejS095nl+BA==
X-FB-Debug: aKAx3Hy5mhZwPRLg09Ytl3XGqOIf5GOx/v/XiUT6wkoMlSsfUumuZPLPq5L9BoWoZq+RijPkidlu5I7C/q0cCg==
Date: Mon, 03 Jun 2019 06:27:29 GMT
Connection: keep-alive
Content-Length: 58309


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   58309
Md5:    79dc6b648b0d07025e8d2d3de6797e04
Sha1:   965d2a62d39537581f233a4efebeab7cbc3b3974
Sha256: 245b7976669900734237ab3cfa8d2aff2cc612eacf53af883427d60db8486c51
                                        
                                            GET /js/platform:gapi.iframes.style.common.js HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.blogger.com/navbar.g?targetBlogID=2536384285010130402&blogName=mir3.me&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://www.mir3.me/search&blogLocale=en&v=2&homepageUrl=http://www.mir3.me/&vt=4168018376631044168&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.E_qD2c1OPEU.O%2Fam%3DwQE%2Fd%3D1%2Frs%3DAGLTcCP9A3UkJ2KOyoLJQryL03NxsUFfNg%2Fm%3D__features__
Cookie: NID=184=qF9tIHMEgcIuzRJoQ7IQMPct3uaHMNb05uJe_nbxfvzTf98CWWAGmN4eQOQ8SEPBd0nDtWXblkiyaTx2aoVDfMFvRGkZLxb0Ar70D2QUGLoEuDBoUjqS1ZqIKzhXKQQUw8kltjb3t781qxhxRVwS8IK3E1as0NDy96HlY2GLvMc

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
x-ua-compatible: IE=edge, chrome=1
timing-allow-origin: *
Etag: "8fd477e81db9b3a1dde6f19bbe83fc93"
Expires: Mon, 03 Jun 2019 06:27:29 GMT
Date: Mon, 03 Jun 2019 06:27:29 GMT
Cache-Control: private, max-age=1800, stale-while-revalidate=1800
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17054
Md5:    1550f63cf3e2ab263f5db16783bcafd6
Sha1:   f7176fe31dae5b9cd33bb8c9dfcddd4feb32db68
Sha256: 81ff3f3c9323915653eccda8e2edc802fe20acba65a960e59372db8a97255a92
                                        
                                            GET /pagead/ads?client=ca-pub-8361282487473612&output=html&h=250&slotname=5887115686&adk=2965241917&adf=807048394&w=300&fwrn=4&lmt=1559543245&rafmt=11&guci=1.2.0.0.2.2.0.0&format=300x250&url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&ea=0&flash=10.0.45&wgl=0&dt=1559543247282&bpp=8&fdt=1707&idt=1707&shv=r20190528&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=336x280%2C250x250%2C300x250%2C300x250%2C300x250&correlator=3759956316709&frm=20&pv=1&ga_vid=200323022.1559543248&ga_sid=1559543248&ga_hid=463227874&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&rplot=4&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=780&ady=806&biw=1159&bih=754&scr_x=0&scr_y=0&oid=3&loc=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&rx=0&eae=5&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&pfx=0&fu=144&bc=1&ifi=3&uci=a!3&dtd=1719 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 03 Jun 2019 06:27:29 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 03-Jun-2019 06:42:29 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
Expires: Mon, 03 Jun 2019 06:27:29 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   82
Md5:    87b49554493c15fb23b8e5d2f13b1ebf
Sha1:   328cbcb1c58530fd3f554ca7386ef7a85e1e982f
Sha256: 590b4bba70579d67368d97259fc85f56fda4fa5cb82f404fa8ec67a43369db17
                                        
                                            GET /-8x1dlC0ZQHA/XKMHA9468nI/AAAAAAAAJUM/QZh9KEwUnckqQ9xHqOAyK1RKJEdHng2gACLcBGAs/s72-c/EASY%2BBEST%2BKETO%2BCHOCOLATE%2BFROSTY.png HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         216.58.207.193
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Access-Control-Expose-Headers: Content-Length
Etag: "v2544"
Expires: Tue, 04 Jun 2019 05:15:17 GMT
Content-Disposition: inline;filename="EASY BEST KETO CHOCOLATE FROSTY.png"
Vary: Origin
Access-Control-Allow-Origin: *
timing-allow-origin: *
X-Content-Type-Options: nosniff
Date: Mon, 03 Jun 2019 05:15:17 GMT
Server: fife
Content-Length: 10606
X-XSS-Protection: 0
Cache-Control: public, max-age=86400, no-transform
Age: 4332
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  PNG image, 72 x 72, 8-bit/color RGB, non-interlaced
Size:   10606
Md5:    69c50f2572461d95c5f0d19327594ced
Sha1:   94e48d2b1792df7b3303648025e9518d7ca8220f
Sha256: d56ffeed3de079b67758cc132bbc66059592e7fd1935d70d9e2f3b813c8b07d4
                                        
                                            GET /_/scs/apps-static/_/js/k=oz.gapi.en_US.E_qD2c1OPEU.O/m=gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCP9A3UkJ2KOyoLJQryL03NxsUFfNg/cb=gapi.loaded_0 HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://www.blogger.com/navbar.g?targetBlogID=2536384285010130402&blogName=mir3.me&publishMode=PUBLISH_MODE_HOSTED&navbarType=LIGHT&layoutType=LAYOUTS&searchRoot=http://www.mir3.me/search&blogLocale=en&v=2&homepageUrl=http://www.mir3.me/&vt=4168018376631044168&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.E_qD2c1OPEU.O%2Fam%3DwQE%2Fd%3D1%2Frs%3DAGLTcCP9A3UkJ2KOyoLJQryL03NxsUFfNg%2Fm%3D__features__
Cookie: NID=184=qF9tIHMEgcIuzRJoQ7IQMPct3uaHMNb05uJe_nbxfvzTf98CWWAGmN4eQOQ8SEPBd0nDtWXblkiyaTx2aoVDfMFvRGkZLxb0Ar70D2QUGLoEuDBoUjqS1ZqIKzhXKQQUw8kltjb3t781qxhxRVwS8IK3E1as0NDy96HlY2GLvMc

                                         
                                         172.217.20.46
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 41289
Date: Sun, 02 Jun 2019 09:06:46 GMT
Expires: Mon, 01 Jun 2020 09:06:46 GMT
Last-Modified: Tue, 28 May 2019 13:48:52 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Cache-Control: public, immutable, max-age=31536000
Age: 76843
Alt-Svc: quic=":443"; ma=2592000; v="46,44,43,39"


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size:   41289
Md5:    ad495dacbcc4e188cc20b8cea6b04eae
Sha1:   018e2d4f70ea1897822c4b261c33b065a7f843a5
Sha256: e554aa48a6010e4f530dc46f78e488755fd3e328c90ef538929f2ef58272c562
                                        
                                            GET /activeview/js/current/osd.js?cb=%2Fr20100101 HTTP/1.1 
Host: www.googletagservices.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 03 Jun 2019 06:27:29 GMT
Expires: Mon, 03 Jun 2019 06:27:29 GMT
Cache-Control: private, max-age=3000
Etag: "1559301155462102"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   28172
Md5:    304a93d0a8ce58bbe3ae8d4d6343966d
Sha1:   1d1f33acd16e891d2bf5cf1e40b15d69980e91d4
Sha256: 707959bd3fad0130ccb0272f46d1d6de86cab34f6e65bbe86182217760c5df11
                                        
                                            GET /pagead/ads?client=ca-pub-8361282487473612&output=html&h=250&slotname=9204965048&adk=3179406742&adf=807048394&w=300&lmt=1559543245&guci=1.2.0.0.2.2.0.0&format=300x250&url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&ea=0&flash=10.0.45&avail_w=315&wgl=0&dt=1559543247282&bpp=5&fdt=993&idt=994&shv=r20190528&cbv=r20190131&saldr=aa&abxe=1&prev_fmts=336x280%2C250x250%2C300x250%2C300x250&correlator=3759956316709&frm=20&pv=1&ga_vid=200323022.1559543248&ga_sid=1559543248&ga_hid=463227874&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=95&ady=7672&biw=1159&bih=754&scr_x=0&scr_y=0&oid=3&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7Cbr%7C&abl=CS&pfx=0&fu=16&bc=1&ifi=5&uci=a!5&dtd=1010 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 03 Jun 2019 06:27:29 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 03-Jun-2019 06:42:29 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
Expires: Mon, 03 Jun 2019 06:27:29 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   82
Md5:    87b49554493c15fb23b8e5d2f13b1ebf
Sha1:   328cbcb1c58530fd3f554ca7386ef7a85e1e982f
Sha256: 590b4bba70579d67368d97259fc85f56fda4fa5cb82f404fa8ec67a43369db17
                                        
                                            GET /pagead/ads?client=ca-pub-8361282487473612&output=html&h=280&slotname=9452377054&adk=1526967335&adf=807048394&w=336&lmt=1559543245&guci=1.2.0.0.2.2.0.0&format=336x280&url=http%3A%2F%2Fwww.mir3.me%2Fimages%2Fs.exe&ea=0&flash=10.0.45&wgl=0&dt=1559543247171&bpp=40&fdt=528&idt=528&shv=r20190528&cbv=r20190131&saldr=aa&abxe=1&correlator=3759956316709&frm=20&pv=2&ga_vid=200323022.1559543248&ga_sid=1559543248&ga_hid=463227874&ga_fc=0&icsg=0&dssz=0&mdo=0&mso=0&u_tz=120&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=10&u_nmime=92&adx=352&ady=103&biw=1159&bih=754&scr_x=0&scr_y=0&oid=3&rx=0&eae=4&fc=656&brdim=%2C%2C-4%2C-4%2C1176%2C0%2C1184%2C863%2C1176%2C754&vis=0&rsz=%7C%7C%7C&abl=CS&pfx=0&fu=16&bc=1&ifi=1&uci=a!1&dtd=969 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.mir3.me/images/s.exe

                                         
                                         172.217.20.34
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Mon, 03 Jun 2019 06:27:29 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Mon, 03-Jun-2019 06:42:29 GMT; path=/; domain=.doubleclick.net
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,44,43,39",quic=":443"; ma=2592000; v="46,44,43,39"
Expires: Mon, 03 Jun 2019 06:27:29 GMT
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   82
Md5:    87b49554493c15fb23b8e5d2f13b1ebf
Sha1:   328cbcb1c58530fd3f554ca7386ef7a85e1e982f
Sha256: 590b4bba70579d67368d97259fc85f56fda4fa5cb82f404fa8ec67a43369db17
                                        
                                            GET /-ciOXUNujRow/XHskFcWhW-I/AAAAAAAAIg4/bXiIM7-oNX8xkp8xmqzPr28hN_aVn8EvACLcBGAs/s1600/MIR3.ME.png HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         0.0.0.0
                                        


--- Additional Info ---