Overview

URL toosexyforwords.blogspot.si/
IP142.250.74.161
ASNGOOGLE
Location United States
Report completed2022-10-06 11:15:29 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-06 2 toosexyforwords.blogspot.si/ Malware
2022-10-06 2 toosexyforwords.blogspot.com/ Malware
2022-10-06 2 toosexyforwords.blogspot.com/js/cookienotice.js Malware
2022-10-06 2 cdn.widgetserver.com/syndication/subscriber/InsertWidget.js Malware
2022-10-06 2 cdn.widgetserver.com/ Malware
2022-10-06 2 cdn.widgetserver.com/mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBeP (...) Malware
2022-10-06 2 www1.widgetserver.com/ls.php Malware
2022-10-06 2 boirbonx-1.com/api/v1/px?xmlid=ySMMFMdG0fqHaLAq2DNJBFy2vc6YGmZPJFLRtSm1 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed
2022-10-06 2 girlsdivine.life Sinkholed


Files

No files detected



Passive DNS (27)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-10-06 04:46:31 UTC 23.36.76.226
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-06 04:55:14 UTC 34.160.144.191
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-06 04:46:50 UTC 34.117.237.239
mnemonic passive DNS cdn.widgetserver.com (3) 0 2012-05-22 02:51:28 UTC 2022-10-06 03:37:22 UTC 45.33.18.44 Domain (widgetserver.com) ranked at: 501429
mnemonic passive DNS 2.bp.blogspot.com (1) 11071 2013-07-04 03:01:31 UTC 2022-10-06 05:11:52 UTC 142.250.74.161
mnemonic passive DNS boirbonx-1.com (2) 0 2022-09-26 12:59:21 UTC 2022-10-06 08:04:09 UTC 15.197.224.234 Unknown ranking
mnemonic passive DNS toosexyforwords.blogspot.si (1) 0 2022-10-04 11:02:04 UTC 2022-10-06 08:02:02 UTC 142.250.74.161 Unknown ranking
mnemonic passive DNS resources.blogblog.com (8) 13274 2017-01-30 04:47:40 UTC 2022-10-06 07:22:00 UTC 216.58.207.201
mnemonic passive DNS pagead2.googlesyndication.com (1) 101 2021-02-20 15:52:05 UTC 2022-10-06 07:14:40 UTC 142.250.74.98
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-06 05:02:20 UTC 52.41.246.187
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-06 04:25:36 UTC 34.120.237.76
mnemonic passive DNS girlsdivine.life (22) 0 2022-09-20 03:47:07 UTC 2022-10-06 10:22:39 UTC 88.99.80.95 Unknown ranking
mnemonic passive DNS www1.widgetserver.com (5) 0 2018-08-27 05:42:44 UTC 2022-10-06 06:18:58 UTC 75.2.73.197 Domain (widgetserver.com) ranked at: 501429
mnemonic passive DNS irene-eux.com (3) 0 2022-09-21 16:06:22 UTC 2022-10-06 09:04:50 UTC 35.174.150.83 Unknown ranking
mnemonic passive DNS go.findservice.xyz (1) 283167 2021-11-22 07:34:17 UTC 2022-10-06 00:12:39 UTC 20.113.188.243
mnemonic passive DNS data-jsext.com (1) 0 2022-07-27 05:02:20 UTC 2022-10-06 04:35:17 UTC 54.37.5.177 Unknown ranking
mnemonic passive DNS apis.google.com (2) 105 2013-05-30 23:17:44 UTC 2022-10-06 04:50:08 UTC 142.250.74.174
mnemonic passive DNS d38psrni17bvxu.cloudfront.net (1) 0 2022-10-04 07:09:44 UTC 2022-10-06 07:49:39 UTC 54.230.245.8 Unknown ranking
mnemonic passive DNS toosexyforwords.blogspot.com (2) 0 2017-06-24 10:48:24 UTC 2022-10-05 18:31:39 UTC 142.250.74.161 Unknown ranking
mnemonic passive DNS 3.bp.blogspot.com (1) 11048 2013-07-04 04:18:40 UTC 2022-10-06 05:11:52 UTC 142.250.74.161
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-06 05:20:05 UTC 93.184.220.29
mnemonic passive DNS xml-v4.netload1.com (1) 0 2022-09-26 13:05:57 UTC 2022-10-06 07:48:24 UTC 198.134.116.17 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-10-06 05:29:05 UTC 54.230.111.7
mnemonic passive DNS ocsp.pki.goog (11) 175 2017-06-14 07:23:31 UTC 2022-10-06 04:46:05 UTC 142.250.74.3
mnemonic passive DNS www.blogger.com (4) 8975 2012-05-22 07:35:03 UTC 2022-10-06 05:11:52 UTC 216.58.207.201
mnemonic passive DNS 4.bp.blogspot.com (3) 11215 2013-05-06 20:18:52 UTC 2022-10-06 05:07:09 UTC 142.250.74.161
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-10-06 04:51:10 UTC 142.250.74.10


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 142.250.74.161

Date UQ / IDS / BL URL IP
2022-12-03 19:43:46 +0000
0 - 0 - 3 celebrity-style-blog.blogspot.kr/ 142.250.74.161
2022-12-03 19:26:04 +0000
0 - 0 - 2 bestsellerus19.blogspot.com/christmas 142.250.74.161
2022-12-03 19:23:15 +0000
0 - 0 - 3 sdfgsdfgsdfgsdgf.blogspot.ru/search/label/God (...) 142.250.74.161
2022-12-03 19:22:19 +0000
0 - 0 - 2 bocagulosa2.blogspot.fr/search/label/Laura 142.250.74.161
2022-12-03 19:02:34 +0000
0 - 0 - 2 2010-kpss.blogspot.com/search/label/kpss?m=1 142.250.74.161

Last 5 reports on ASN: GOOGLE

Date UQ / IDS / BL URL IP
2022-12-03 19:43:46 +0000
0 - 0 - 3 celebrity-style-blog.blogspot.kr/ 142.250.74.161
2022-12-03 19:42:41 +0000
0 - 0 - 1 intrepidiq.com/ 34.102.136.180
2022-12-03 19:42:29 +0000
0 - 0 - 2 femmeeeeeefemesfacebook.blogspot.hr/ 142.250.74.33
2022-12-03 19:38:31 +0000
0 - 0 - 3 peartreedigitaldesigns.blogspot.fr/2010_04_01 (...) 142.250.74.33
2022-12-03 19:37:37 +0000
0 - 0 - 3 neumo8.blogspot.pt/ 142.250.74.33

Last 1 reports on domain: toosexyforwords.blogspot.si

Date UQ / IDS / BL URL IP
2022-10-06 11:15:29 +0000
0 - 0 - 30 toosexyforwords.blogspot.si/ 142.250.74.161

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-26 08:12:22 +0000
0 - 0 - 36 dropboox.com/ 69.162.80.61
2022-10-26 06:47:42 +0000
2 - 0 - 34 caloes.ca.gov.rebatesrule.net/ 185.237.225.125
2022-10-26 04:26:33 +0000
0 - 0 - 1 vollbild.info/ 104.21.48.90
2022-10-26 02:47:29 +0000
0 - 0 - 15 alitovari.com/qYZlIi 195.54.174.17
2022-10-24 22:28:59 +0000
0 - 0 - 20 linkpad.org/ 67.227.226.240


JavaScript

Executed Scripts (32)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (95)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: equexBxF8Ugo6eu8rKGrt8i2e1B15jjrJB6A6-oVviMR5HEM10uxuQ==
Age: 70079


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET / HTTP/1.1 
Host: toosexyforwords.blogspot.si
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         142.250.74.161
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
                                        
Location: http://toosexyforwords.blogspot.com/
Content-Encoding: gzip
Date: Thu, 06 Oct 2022 11:15:17 GMT
Expires: Thu, 06 Oct 2022 11:15:17 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 182
Server: GSE


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   182
Md5:    95a9b78f9c3f039c1b28f6f34c5960ec
Sha1:   04804b6b88259fe30f7a87f67a52495d397861a3
Sha256: 9b32fa8cb73063ae73e4b1dbb67f105c9515f768bfd6e0370a14c1967429e1e5

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5061
Expires: Thu, 06 Oct 2022 12:39:38 GMT
Date: Thu, 06 Oct 2022 11:15:17 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B91D37F606EAF448B9C7DFC05566A11DE004CE44503409E1A776288EE2622805"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7897
Expires: Thu, 06 Oct 2022 13:26:54 GMT
Date: Thu, 06 Oct 2022 11:15:17 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: uK5H7HTElcVygEoJZ8b9ITH/SWPR28YidDa9CJ9VbxirkUap6r9yzTHQbzHUoA5y5F8oaw6+c1p9YpqeCrzeKg==
x-amz-request-id: EB3DVNY07W46KAZB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 10:30:45 GMT
age: 2672
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 06 Oct 2022 11:15:17 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET / HTTP/1.1 
Host: toosexyforwords.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Expires: Thu, 06 Oct 2022 11:15:17 GMT
Date: Thu, 06 Oct 2022 11:15:17 GMT
Cache-Control: private, max-age=0
Last-Modified: Mon, 13 Dec 2021 03:28:02 GMT
ETag: W/"f687665f3cf8047a1d8173a61eb8ee4e6d27576801db597dba49e798994add5e"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 24455
Server: GSE


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1495)
Size:   24455
Md5:    20a26bcb340ad926519a643b03d8b839
Sha1:   079273ecd63ca3624aa15ac5c17bd65f00744370
Sha256: 8c03a53ddb5da80c212e4a0fc45d21748eeafdc7697b69c8f3f51580ca066bc6

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /js/cookienotice.js HTTP/1.1 
Host: toosexyforwords.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 04 Oct 2022 10:32:28 GMT
Expires: Tue, 11 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=604800
Last-Modified: Tue, 04 Oct 2022 09:10:01 GMT
Age: 175370


--- Additional Info ---
Magic:  ASCII text
Size:   2026
Md5:    c4e1ed83d89245089b8a1203be20a377
Sha1:   f3940e1215b89300ef97d57a25993f25243b8688
Sha256: afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /static/v1/widgets/2975350028-css_bundle_v2.css HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: text/css
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7776
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 16:35:40 GMT
expires: Thu, 05 Oct 2023 16:35:40 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 04 Oct 2022 18:55:46 GMT
age: 67178
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (35959)
Size:   7776
Md5:    5aa2d3297bdc86bc81322aedecbb5e79
Sha1:   1c0a3c007e41726e167e79b70ddea76198650884
Sha256: feae1fac625d0f30b5f10fa00b62df1a5600cd2178062c427e55f289b29cc630
                                        
                                            GET /img/widgets/subscribe-yahoo.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 02:21:47 GMT
expires: Wed, 12 Oct 2022 02:21:47 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 12:57:07 GMT
age: 118411
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 91 x 17, 8-bit colormap, non-interlaced\012- data
Size:   580
Md5:    79f602b6ac18bee79b4e2353a6674010
Sha1:   28accf82263aa1a11bb821439d4d185865662530
Sha256: bbf9b924cc32bff4738bb54d86905476349f90c8b20f748633e56f64379d553e
                                        
                                            GET /img/widgets/arrow_dropdown.gif HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/gif
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 141
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 10:36:43 GMT
expires: Wed, 12 Oct 2022 10:36:43 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 04:51:44 GMT
age: 88715
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 13 x 10\012- data
Size:   141
Md5:    2964a07d60a4e76b299130fb1b4115f6
Sha1:   3b72dcc19f3ad685513eaba612e07e0ed495f2e1
Sha256: 28ab89f0285c48d2faed701905c185c302f2b389584a52ceaa76a91ea64dc3a7
                                        
                                            GET /img/widgets/subscribe-netvibes.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 1445
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 01:13:54 GMT
expires: Thu, 13 Oct 2022 01:13:54 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 12:00:16 GMT
age: 36084
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 91 x 17, 8-bit colormap, non-interlaced\012- data
Size:   1445
Md5:    c52a5f4ecb6be5d7e93b23ef4122ee4e
Sha1:   4e698a5f455daf3a8ea1e219b1998079f0546716
Sha256: 71b8ad79c680b3e5d452a792c3b418b23f739a0a34005e0f37ec674f4c78cb5d
                                        
                                            GET /img/icon_feed12.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 500
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 06:40:02 GMT
expires: Wed, 12 Oct 2022 06:40:02 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 22:52:56 GMT
age: 102916
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 12 x 12, 8-bit colormap, non-interlaced\012- data
Size:   500
Md5:    44e7355a788fd1082deff0018883758e
Sha1:   50e3a28a44978e85d13c30522e0c71c8d0b24675
Sha256: 3cd341f37642f8a58b0fe14c2645913449c0ffe10be6ba0986275bfef29bc319
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /img/icon18_email.gif HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/gif
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 02:36:19 GMT
expires: Wed, 12 Oct 2022 02:36:19 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 16:56:41 GMT
age: 117539
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 18 x 13\012- data
Size:   164
Md5:    36b9f993db1b953f3b9b08040aaf9af4
Sha1:   18248661b307586dc291fd2dff4bb59cf7579475
Sha256: 1258cbe1e2900ec3df11a83a6bb6008d7a833f783a6df80b0d5d45a052ac1466
                                        
                                            GET /static/v1/widgets/829820975-widgets.js HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56806
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 02:07:50 GMT
expires: Thu, 05 Oct 2023 02:07:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 05 Oct 2022 00:52:39 GMT
age: 119248
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2221)
Size:   56806
Md5:    b18547f3bc01f36c7dd3a6b6082feeb0
Sha1:   ca60d4a2bcd171bfe918249742cfde4223f0ba00
Sha256: 7666d4f1e68fda03543de42ac22d422822013499d6937cc08ae884bfdef3688b
                                        
                                            GET /img/icon18_edit_allbkg.gif HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/gif
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 162
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:57:04 GMT
expires: Wed, 12 Oct 2022 19:57:04 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 12:00:16 GMT
age: 55094
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 18 x 18\012- data
Size:   162
Md5:    c991641178ff05adf0d004298b5eafa9
Sha1:   d8f6ce8ecd92b86d49849360f6b81ceb10b4c941
Sha256: ca9848e6006cfec8f9ffa29433ade8152204bdb95579200831c6dc0f53dff70b
                                        
                                            GET /-DlMw7qqNF30/UjXCgARx09I/AAAAAAAAATA/BY4FX_uOh9Y/s320/5.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="5.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 15370
X-XSS-Protection: 0
Date: Thu, 06 Oct 2022 11:15:18 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v131"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 262x320, components 3\012- data
Size:   15370
Md5:    5fbc2a2df4ad57f2c1c57cf179f16c6b
Sha1:   20a039f1e8735f34db4b74e118f55f85b3b066e8
Sha256: 0e4792942a33b6650952b97b67c4b3d4e337b3fc7ba0d5ffacf705e45f987013
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_0?le=scs HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 57995
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 07:25:42 GMT
expires: Mon, 02 Oct 2023 07:25:42 GMT
cache-control: public, max-age=31536000
age: 359376
last-modified: Sat, 30 Jul 2022 15:17:53 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (580)
Size:   57995
Md5:    d70fcc84d705c565b31a5835c0938d5b
Sha1:   d28e5dc9fcc6239d67986df3205468072023d2d7
Sha256: 1d558c94793446aa6a7832dde0c39ed7d9c77fd963ffb738c460e4f7369a7f4e
                                        
                                            GET /pagead/js/google_top_exp.js HTTP/1.1 
Host: pagead2.googlesyndication.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.98
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 67
X-XSS-Protection: 0
Date: Thu, 06 Oct 2022 10:23:14 GMT
Expires: Thu, 20 Oct 2022 10:23:14 GMT
Cache-Control: public, max-age=1209600
ETag: 13036835877489095579
Age: 3124


--- Additional Info ---
Magic:  ASCII text
Size:   67
Md5:    9bbc3ca32ec951a484589ce0e6b4db73
Sha1:   753d6f6183b33b2dee5dde2208fca91c17f5bb13
Sha256: b8f16a16d2a7ea39a9cc079fdbe3af7d31393d62a853668bdd549e0a0311cb3c
                                        
                                            GET /img/widgets/s_top.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 335
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 11:54:51 GMT
expires: Wed, 12 Oct 2022 11:54:51 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Oct 2022 07:18:22 GMT
age: 84027
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 144 x 400, 4-bit colormap, non-interlaced\012- data
Size:   335
Md5:    c4908f4189f7698dc8afdd67df8ce041
Sha1:   b6f7cd64ff84e7cedb4b8b92ceb8b9800ad7624a
Sha256: cfe1d5dd45c7f0897d769e6c95ae9036fbdc7dad76ac9ed6ce6b21a785ecd6de
                                        
                                            GET /img/widgets/s_bottom.png HTTP/1.1 
Host: resources.blogblog.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.blogger.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: image/png
                                        
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 172
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 00:24:32 GMT
expires: Wed, 12 Oct 2022 00:24:32 GMT
cache-control: public, max-age=604800
last-modified: Tue, 04 Oct 2022 09:10:01 GMT
age: 125446
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 144 x 3, 4-bit colormap, non-interlaced\012- data
Size:   172
Md5:    a9bbd1bf495055e06e61aec7f8c1b6c4
Sha1:   491c1a006da8a9eea4f3d1bb27e5815ab66a9f45
Sha256: 91fe35689444e53c1bf3e04f24c154fa0468be9edd3c84344f9f64c2eff89eeb
                                        
                                            GET /dyn-css/authorization.css?targetBlogID=6116713463870618879&zx=34234300-3bb2-470f-87e2-7517cbb0192f HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 06 Oct 2022 11:15:18 GMT
last-modified: Thu, 06 Oct 2022 11:15:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   21
Md5:    a62e4d501434033d5d177e67d3aafdd0
Sha1:   34f7300c9ed47334cf10826d57af785321e3138b
Sha256: b0cabcbfed4b1830ab1956efbd2eec32289a968323cb854a47ef98360ed0f522
                                        
                                            GET /blogin.g?blogspotURL=http://toosexyforwords.blogspot.com/&type=blog HTTP/1.1 
Host: www.blogger.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.201
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
location: https://accounts.google.com/ServiceLogin?passive=true&continue=https://www.blogger.com/blogin.g?blogspotURL%3Dhttp://toosexyforwords.blogspot.com/%26type%3Dblog%26bpli%3D1&followup=https://www.blogger.com/blogin.g?blogspotURL%3Dhttp://toosexyforwords.blogspot.com/%26type%3Dblog%26bpli%3D1&go=true
content-encoding: gzip
date: Thu, 06 Oct 2022 11:15:18 GMT
expires: Thu, 06 Oct 2022 11:15:18 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 285
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (352)
Size:   285
Md5:    3ec2f0483ac5381ccf6d8a79f0fc15d4
Sha1:   5ef0cafa4487c15e7b22335dd7dce142d3109e60
Sha256: e4d2ac4ebf6107b154c848196aae0f067b0c394325d5535e970564f6d04c6097
                                        
                                            GET /-OZea-y-gD-k/UiNPzpPKiEI/AAAAAAAAARo/Lc1gM_bh-5Q/s320/IMG_1325.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="IMG_1325.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 8790
X-XSS-Protection: 0
Date: Thu, 06 Oct 2022 11:15:18 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v11b"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 90x320, components 3\012- data
Size:   8790
Md5:    3b6d45bfa20279b2a8d010082785e1bb
Sha1:   6f7da1da5df88b15f867cdfacd2b316b2f42260b
Sha256: 3b02535be3300ab1b1c7e5e31c32000e74bdecc547cb85f5a3ca55cc26f42cb0
                                        
                                            GET /_/scs/abc-static/_/js/k=gapi.lb.en.z9QjrzsHcOc.O/m=profile/exm=gapi_iframes,gapi_iframes_style_bubble/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8359JQqZQ0dzCVJ5Ui3CZcERHEWA/cb=gapi.loaded_1?le=scs HTTP/1.1 
Host: apis.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 12103
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:23:57 GMT
expires: Thu, 05 Oct 2023 19:23:57 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 30 Jul 2022 15:17:53 GMT
age: 57081
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (536)
Size:   12103
Md5:    e4fb51c04ea660686e6550b82c1a18ca
Sha1:   a58d0f29017553ee017db3ff88682c046481baf6
Sha256: 9d1a0929c0bad4402483d5fa706f3433a06414cd5514a3cd48ae6c4a1b61f8cc
                                        
                                            GET /-N-8MRPZzbL0/UiNQIroO5bI/AAAAAAAAASQ/-tG5_zHctaE/s320/MVI_9543a.jpg HTTP/1.1 
Host: 3.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9543a.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19422
X-XSS-Protection: 0
Date: Thu, 06 Oct 2022 11:15:18 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v125"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x240, components 3\012- data
Size:   19422
Md5:    a09837187a8a3c2a1642478dec669afd
Sha1:   0dd0a7851b7d1cfc8b9e7d0bd7cdf24a2808119f
Sha256: c0a9a7b1268746d4f9d89e87ba30d761d7f03744896b3b9d2eb23160de7033dc
                                        
                                            GET /-BBsaLr-gQ3I/UjXCWu8AlcI/AAAAAAAAASo/FgU8inYk4Bs/s320/1.jpg HTTP/1.1 
Host: 4.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="1.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 17032
X-XSS-Protection: 0
Date: Thu, 06 Oct 2022 11:15:18 GMT
Expires: Wed, 05 Oct 2022 10:32:52 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v12b"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x229, components 3\012- data
Size:   17032
Md5:    37629fa165c183504ca19d2313f1d236
Sha1:   0ee9998f0bebe0be6b015679efaf4987e7e1d6ce
Sha256: 466542845248756086e57edba1721c87a48e63b2ed0dbd8f9a90d6b57495d706
                                        
                                            GET /syndication/subscriber/InsertWidget.js HTTP/1.1 
Host: cdn.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         45.33.18.44
HTTP/1.1 200 OK
content-type: application/javascript
                                        
server: openresty/1.13.6.1
date: Thu, 06 Oct 2022 11:15:18 GMT
content-length: 157
last-modified: Fri, 09 Mar 2018 19:33:30 GMT
etag: "5aa2e18a-9d"
accept-ranges: bytes
connection: close


--- Additional Info ---
Magic:  ASCII text
Size:   157
Md5:    67e216a27dda24bdcb086c2385b0cb99
Sha1:   17141c80f5d32bec3691c5ab24741d8b7dd5f0c6
Sha256: 9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /-wwwQEraY-k4/UiNQN-hlfyI/AAAAAAAAASY/clEiapzlLxs/s320/MVI_9734e.jpg HTTP/1.1 
Host: 2.bp.blogspot.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/

                                         
                                         142.250.74.161
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="MVI_9734e.jpg"
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 19577
X-XSS-Protection: 0
Date: Thu, 06 Oct 2022 11:15:18 GMT
Expires: Wed, 05 Oct 2022 10:32:28 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v127"
Age: 0


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x298, components 3\012- data
Size:   19577
Md5:    204bba7d342a02160332f15d9ca41dfb
Sha1:   2651fc04d29b5552aff23d491193a9d711887259
Sha256: 670772f4f8b82a7b38a80c6dde77221cab7b1d34f0c98bb631823d7893959c65
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 06 Oct 2022 10:29:41 GMT
Expires: Thu, 06 Oct 2022 10:49:48 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 38ZU8nK_5wQBEh1OaQdS3tWxuv7Hiz-XZAn83p2Tfwjv7onjIsEAcA==
Age: 2737


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5141
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 11:15:18 GMT
Last-Modified: Thu, 06 Oct 2022 09:49:37 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kujWUGyvGhVbd8vSaplFYg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.41.246.187
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: avvB3RP2vjd4N743NIqoAc2Ow8g=

                                        
                                            GET / HTTP/1.1 
Host: cdn.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://toosexyforwords.blogspot.com/
Upgrade-Insecure-Requests: 1

                                         
                                         45.33.18.44
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
server: openresty/1.13.6.1
date: Thu, 06 Oct 2022 11:15:18 GMT
content-length: 7182
vary: Accept-Language
content-language: en
connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (338)
Size:   7182
Md5:    5a41dcd0a089f041c1690f309bf6672f
Sha1:   7b330e9290315c7263955e1981c105ecfac47e5b
Sha256: fbc330417bb23cbfda4b3492ffaafb3f7ba184da56b69b7fb26b532865c302fa

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /mtm/async/.eJxdjEsOwiAQhu_CshJwqTWexVCYUhLo4DC2GOPdBePK3fc_X-JBQYxCCykM-dKwEcEMBNTEwpxHrRmxQH3OSDuSK2qK6EtGVhZTny5Y-LaaBG1i3ar24DxwAdqAeqe_WwuZW85QWS-cojQ5x2ANB1x17c6h_rspXu7XozrLkIwHbbYw_3CHKctBD9_8JN4fl79F_w:1ogOqU:lvkD_8giRPjZYF4nn-fR5ahv0bs/1/0 HTTP/1.1 
Host: cdn.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://cdn.widgetserver.com/
Connection: keep-alive

                                         
                                         45.33.18.44
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
                                        
server: openresty/1.13.6.1
date: Thu, 06 Oct 2022 11:15:19 GMT
content-length: 256
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJjZG4ud2lkZ2V0c2VydmVyLmNvbSIsImh0dHA6Ly93d3cxLndpZGdldHNlcnZlci5jb20vP3RtPTEmc3ViaWQ0PTE2NjUwNTE3NTIuMDM0MTQ2MDAwMCZLVzE9RXVyb3BlJTIwRGVkaWNhdGVkJTIwU2VydmVycyZLVzI9Tm9yd2F5JTIwRGVkaWNhdGVkJTIwU2VydmVycyZLVzM9T3NsbyUyMENvdW50eSUyMERlZGljYXRlZCUyMFNlcnZlcnMmS1c0PU9zbG8lMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJktXNT1DdXN0b20lMjBEZWRpY2F0ZWQlMjBTZXJ2ZXJzJnNlYXJjaGJveD0wJmJhY2tmaWxsPTAiLDEsIjIwMjItMTAtMDYgMTA6MjI6MzMiLDIsIjE2NjUwNTE3NTIuMDM0MTQ2Mjk0MyIsMSxudWxsLG51bGxd:1ogOqV:j2pbb63rs2b3Yv2qFfmVZ_6lcjg; expires=Thu, 06-Oct-2022 12:15:19 GMT; Max-Age=3600; Path=/
connection: close


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   256
Md5:    45eea48fe047e232f5b7585644fd565b
Sha1:   45a12c68b3186818b4a20c975714de92f67a3970
Sha256: baea31febac187e32e50a61d017fef724baa32e790ea3ae338e1c8f4062d4fd1

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /?tm=1&subid4=1665051752.0341460000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0 HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cdn.widgetserver.com/
Upgrade-Insecure-Requests: 1

                                         
                                         75.2.73.197
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 06 Oct 2022 11:15:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2246)
Size:   2492
Md5:    6e6694d829236c8277cef29a9df9a70a
Sha1:   d32ebea87677ef3b4dfc00152bcf00b01234061a
Sha256: a21239f35761e1b8458024869f7cb13d332b35eac95bea1fccd566ff273d0184
                                        
                                            GET /scripts/js3.js HTTP/1.1 
Host: d38psrni17bvxu.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/

                                         
                                         54.230.245.8
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Thu, 06 Oct 2022 09:14:34 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 53mxsYphXpths2mUFToQ8M_pttJENk5ah6ilivXXbizpd0cRaYGI4A==
Age: 7246


--- Additional Info ---
Magic:  ASCII text, with very long lines (506)
Size:   1134
Md5:    64b79b43df8fbf2c5d082964b9116a68
Sha1:   dc3c763519baf0f4c32bb60bfc429651a491ea01
Sha256: c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12472
Expires: Thu, 06 Oct 2022 14:43:12 GMT
Date: Thu, 06 Oct 2022 11:15:20 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12472
Expires: Thu, 06 Oct 2022 14:43:12 GMT
Date: Thu, 06 Oct 2022 11:15:20 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12472
Expires: Thu, 06 Oct 2022 14:43:12 GMT
Date: Thu, 06 Oct 2022 11:15:20 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12472
Expires: Thu, 06 Oct 2022 14:43:12 GMT
Date: Thu, 06 Oct 2022 11:15:20 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5b87135-538c-4c9f-b146-1da5b13ce157.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8360
x-amzn-requestid: bd55219f-b8e2-4a03-a301-02cf9eab03e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKLC-H0TIAMF2Uw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f212-7f1cc90d1e28f8170ce2f219;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UlO0u-eW8URZYj0kBAv35fJSQZ527l3IEUC28xUJlUVm9e7x5uaAiA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:44:49 GMT
age: 48631
etag: "e98c870fd29b56fa4c3847008bedc0f01f222744"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8360
Md5:    a7bcc50ecfeeca47de68cb437e966f29
Sha1:   e98c870fd29b56fa4c3847008bedc0f01f222744
Sha256: 47a82bb40ead4346323b68c886cb88528cb2162666e9549b2ab215b86a499985
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7270
x-amzn-requestid: f2f15f43-6054-40f5-943a-530671e772dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjOZjF3aIAMFW9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df770-5e2253791a927c8c40a0ff0d;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:30:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: xRuMce_9OkP3R2DqHjZI34GwkDezdfGKsgntCMTZG2c6SJUcyv0Ckg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 583992e175976bd59a21b4416890271e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:56:40 GMT
etag: "447cbf348ef10d0136a1811e843c46937defbba1"
age: 47920
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7270
Md5:    e238ccaa3b9fa88476a8514855e8232f
Sha1:   447cbf348ef10d0136a1811e843c46937defbba1
Sha256: 43dce3c1eb388dfaddca4176acb6eb32f76fc4c03fca18e7a315c9ddb43d2b02
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F913c841b-40a5-4fa4-bc55-0e9d1369640e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10809
x-amzn-requestid: db4d1d2a-05b8-403e-a7ca-8b8a6a0a4087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjQb-HrTIAMFtNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dfab2-74f184406a48e42c0ecc4ec9;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: tv80OXQUu13gDuuFESnEnXMuFdNBmGc1y592euL7QnfZW5PwJym9-g==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 de8fc80b494d3d381f7e006918dcc588.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:53:39 GMT
age: 48101
etag: "8c7ecefe6908387e2128dc849a6ba857991ba0ab"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10809
Md5:    a508ac9cd743bec987b2a24454418265
Sha1:   8c7ecefe6908387e2128dc849a6ba857991ba0ab
Sha256: afb2c2b51f2ce445ada599068901551beee594b15c152ed7551ab7a8835dde6d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7511
x-amzn-requestid: 995b51dd-5484-4b4c-ad40-550f7fd85930
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO6uG70IAMFjBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df844-70f17f6f24dce0003d03902a;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 3lKuGlFCBN2wEsp9-Oa3ysQg62py090H30jy6_bR02Ufs0KGPrVC4w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:36:41 GMT
age: 49119
etag: "69ad212cb7ae309d4f02019552887135bfae67da"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7511
Md5:    9e520f87cae411cfc2ed1c8a14184385
Sha1:   69ad212cb7ae309d4f02019552887135bfae67da
Sha256: 723b10bfbcde201b5811e3bd0560f02f90775e4d18b28d19e6c814899f2da71a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9044
x-amzn-requestid: 127bce04-9f75-4bb1-bbe7-33bf1694d96c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZdZPmHG5oAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ba263-3896085b3b73ff5403237206;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 03:02:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E4yZTPRLFdK717YfwjOIFOJDi0wYpyA736dQELeM5iPLvGDXBosEWg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 04:27:43 GMT
age: 24457
etag: "ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9044
Md5:    70ea26af79226e9ff06d6198e2c019dc
Sha1:   ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57
Sha256: f9393e7b8cbaedc8e1ef87fd89c617cf102f58813d84d866ff68e3124f94d44c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fac259b-7a22-4aa2-ba3f-682cb749091c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11080
x-amzn-requestid: 8fa4d19d-87a5-46c5-96c5-4aec793daad9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO7xE5eoAMFQLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df84b-5c422c7a168c014f57559037;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:34:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: TlEKsCdhNhlKmA2Yhz8FarEUG18gQZMKGRD6SnzCnUMiKyGS9-UeOQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:38:04 GMT
etag: "531d9e4ec9078cd2d7376a19fcb287084af36c82"
age: 49036
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11080
Md5:    2277f8f2d93b4bc3b05d348343177892
Sha1:   531d9e4ec9078cd2d7376a19fcb287084af36c82
Sha256: 62907648de4a2ed390232a71ab7dce49f1e9c3363cde6a2f30ecae10ab67f93a
                                        
                                            GET /track.php?domain=widgetserver.com&toggle=browserjs&uid=MTY2NTA1NDkxOS40ODc0OmY0NTg2YmJmOWU5YjYzY2U4ODAzNzMxYjM2YjU2ZDE2YTQyNjc0ZTYzNTAwMjA3M2Y0OTRlYmMzODE2NTRiYzM6NjMzZWI4Yzc3NmZmNA%3D%3D HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1665051752.0341460000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

                                         
                                         75.2.73.197
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 06 Oct 2022 11:15:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            POST /ls.php HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2198
Origin: http://www1.widgetserver.com
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1665051752.0341460000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

                                         
                                         75.2.73.197
HTTP/1.1 201 Created
Content-Type: text/javascript;charset=UTF-8
                                        
Date: Thu, 06 Oct 2022 11:15:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 633eb8c868d6de53c82dd855
Charset: utf-8
Access-Control-Allow-Origin: http://www1.widgetserver.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_SUPSYTS2PCRh8Ls5zp1NSmxeij00Qvlwhvjl2cyGx0vBj3mon9/x1+ONnws1ZpP257yznaZ50Ban0jeT28eI6Q==


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1665051752.0341460000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

                                         
                                         75.2.73.197
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Thu, 06 Oct 2022 11:15:21 GMT
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

                                        
                                            GET /track.php?click=7734c042495d131ef4c95617c4712d5c9f446293&domain=widgetserver.com&uid=MTY2NTA1NDkxOS40ODc0OmY0NTg2YmJmOWU5YjYzY2U4ODAzNzMxYjM2YjU2ZDE2YTQyNjc0ZTYzNTAwMjA3M2Y0OTRlYmMzODE2NTRiYzM6NjMzZWI4Yzc3NmZmNA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzNlYjhjNzc2ZmRmfHx8MTY2NTA1NDkxOS44ODM2fGY1MzRjYzZmMTBkMTc2MGMwNWIxNzBkYTY3YjJhYzVkNDgxZjVkMmZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwxYmE0MzgwOTQwMDBiZjVkM2QzMGUxMWZmZDY3YTE0ODBkZDNiZjQxfDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1 
Host: www1.widgetserver.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/?tm=1&subid4=1665051752.0341460000&KW1=Europe%20Dedicated%20Servers&KW2=Norway%20Dedicated%20Servers&KW3=Oslo%20County%20Dedicated%20Servers&KW4=Oslo%20Dedicated%20Servers&KW5=Custom%20Dedicated%20Servers&searchbox=0&backfill=0

                                         
                                         75.2.73.197
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 06 Oct 2022 11:15:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /zcvisitor/29ad4514-4568-11ed-b25a-12ed4c49f177/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=29c9a6b4-4568-11ed-b25a-12ed4c49f177 HTTP/1.1 
Host: irene-eux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.widgetserver.com/
Upgrade-Insecure-Requests: 1

                                         
                                         35.174.150.83
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 06 Oct 2022 11:15:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: bVpHbluj


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   996
Md5:    a8862f5075c84c14cc60e3d4c9333155
Sha1:   c88806d97caaf974d87993f61b744232d8db9a1c
Sha256: b078e08ea9ec4bc7fdf6236a3f8fb51f2031e68598fe8a00cfef0d304dcd2aee
                                        
                                            GET /zcredirect?visitid=29ad4514-4568-11ed-b25a-12ed4c49f177&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1 
Host: irene-eux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcvisitor/29ad4514-4568-11ed-b25a-12ed4c49f177/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=29c9a6b4-4568-11ed-b25a-12ed4c49f177
Upgrade-Insecure-Requests: 1

                                         
                                         35.174.150.83
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 06 Oct 2022 11:15:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: RDaBbFOp


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   338
Md5:    a829e1c738684b93a4b4eee63ea94874
Sha1:   70f141a3f725409283a703a528ee6d19f396a8ae
Sha256: fba84ccb8f964e719ef853d58786898760d5fc297cffd25325d6f27cda3b8540
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: irene-eux.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/zcredirect?visitid=29ad4514-4568-11ed-b25a-12ed4c49f177&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

                                         
                                         35.174.150.83
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Thu, 06 Oct 2022 11:15:21 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: RDaBbFOp


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            GET /api/v1/px?xmlid=ySMMFMdG0fqHaLAq2DNJBFy2vc6YGmZPJFLRtSm1 HTTP/1.1 
Host: boirbonx-1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://irene-eux.com/
Upgrade-Insecure-Requests: 1

                                         
                                         15.197.224.234
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 06 Oct 2022 11:15:21 GMT
Content-Length: 5238
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"1476-RMGP1eM5Ts8zDUIYM6IZ/aR3xYY"


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   5238
Md5:    c353b4346722174370227498dd4b62f3
Sha1:   44c18fd5e3394ecf330d421833a219fda477c586
Sha256: 84f38d361587668217b1dc5fe62b7da75648f7948e5ca9bd10bcd912201ebed2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /api/v1/pxcheck?impId=ySMMFMdG0fqHaLAq2DNJBFy2vc6YGmZPJFLRtSm1&minfo=eyJjb29raWVEaXNhYmxlZCI6ZmFsc2UsInVhIjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjAiLCJpZnJhbWUiOmZhbHNlLCJkZXZpY2VQaXhlbFJhdGlvIjoxLCJ3bmRMb2NIcmVmIjoiaHR0cDovL2JvaXJib254LTEuY29tL2FwaS92MS9weD94bWxpZD15U01NRk1kRzBmcUhhTEFxMkROSkJGeTJ2YzZZR21aUEpGTFJ0U20xIiwiZGV2aWNlU3JlZW5TaXplIjoiMTAwMngxMjgwIiwiZGV2aWNlV2luZG93U2l6ZSI6IjkzOXgxMjgwIiwid25kMnNyY1JhdGlvTHdyMDYiOmZhbHNlLCJpc0JvdCI6Im9mZiJ9 HTTP/1.1 
Host: boirbonx-1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://boirbonx-1.com/api/v1/px?xmlid=ySMMFMdG0fqHaLAq2DNJBFy2vc6YGmZPJFLRtSm1
Upgrade-Insecure-Requests: 1

                                         
                                         15.197.224.234
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Date: Thu, 06 Oct 2022 11:15:21 GMT
Content-Length: 174
Connection: keep-alive
Access-Control-Allow-Origin: *
Location: http://xml-v4.netload1.com/click?seat=2113743&i=jLW2x8aZ3zk_0
Vary: Accept


--- Additional Info ---
Magic:  HTML document, ASCII text, with no line terminators
Size:   174
Md5:    982798cc6d13e3a1208f9f71b18e7a17
Sha1:   321d8a2f6bc180774212a85ad9871037bb880f40
Sha256: 315303fac3792acca523bebbe3c7807db84ccd0e17317a3ff1c374f418db35f5
                                        
                                            GET /click?seat=2113743&i=jLW2x8aZ3zk_0 HTTP/1.1 
Host: xml-v4.netload1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://boirbonx-1.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://go.findservice.xyz/15GtWZ?zoneid=34e37b298b7fb7a18d5f7e1e1&pubfeed=295724/295724.34e37b298b7fb7a18d5f7e1e1&campaign=670550&cost=0.00031
Pragma: no-cache

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "188D78E0292C306E1F4A349E25AABC7FF7A72459EBD2A810A6A1426656A02D85"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14345
Expires: Thu, 06 Oct 2022 15:14:27 GMT
Date: Thu, 06 Oct 2022 11:15:22 GMT
Connection: keep-alive

                                        
                                            GET /15GtWZ?zoneid=34e37b298b7fb7a18d5f7e1e1&pubfeed=295724/295724.34e37b298b7fb7a18d5f7e1e1&campaign=670550&cost=0.00031 HTTP/1.1 
Host: go.findservice.xyz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://boirbonx-1.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         20.113.188.243
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.23.0
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 320
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GtWZo=20221006141665055292421; domain=.go.findservice.xyz; path=/;expires=Fri, 07 Oct 2022 11:15:22 GMT; httpOnly=true;SameSite=None; Secure; _pc_lc_id=15GtWZ; domain=.go.findservice.xyz; path=/;expires=Fri, 07 Oct 2022 11:15:22 GMT; httpOnly=true;SameSite=None; Secure; peerclickcid=54fa658d8fa83f138827fd967ec48e03-11246-1006; domain=.go.findservice.xyz; path=/;expires=Fri, 07 Oct 2022 11:15:22 GMT; httpOnly=true;SameSite=None; Secure; _norg=1; domain=.go.findservice.xyz; path=/;expires=Fri, 07 Oct 2022 11:15:22 GMT; httpOnly=true;SameSite=None; Secure;
Location: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Vary: Accept


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (320), with no line terminators
Size:   320
Md5:    0528482000e019191ef595c66fa8f0da
Sha1:   58622cd6552c9eb91f4b76db57f886341d1f5808
Sha256: cce6d6318ac9befd17cd4f3cc77eda162f79434da5e0d47fbd9890ce9f46efcd
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8946402ADBBEE9726D835E1551F6E6D65A65AE62979B8CB10CB6125E6BEE303D"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11908
Expires: Thu, 06 Oct 2022 14:33:50 GMT
Date: Thu, 06 Oct 2022 11:15:22 GMT
Connection: keep-alive

                                        
                                            GET /?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://boirbonx-1.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 6637
Connection: keep-alive
set-cookie: sid=t2~4vmf3ptfey30otl5cjvrica2; path=/
cache-control: private, no-transform


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (528), with CRLF line terminators
Size:   6637
Md5:    13c7aac942ec89f25eff30294d14082b
Sha1:   353f2e2ac9dfc500379f4fcd2d39f0044e5211a3
Sha256: b553818163bc6e8df1156c220cb90701763ef219f88fcf498c547f2e5d3c965d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 06 Oct 2022 11:15:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /media/dating/sinderv2/css/bootstrap.min.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 109540
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "03d06426a30f77095d7511e1ca74d225"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B75473FF97DED
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (65367), with CRLF line terminators
Size:   109540
Md5:    03d06426a30f77095d7511e1ca74d225
Sha1:   d1a349294f6fe94ffb17a50097b37bd81e9ba56a
Sha256: 3f7e6f3cb6ba8e2effbdd260131ce0d2f332fb00ba3feca1a5bc9c3ee7f9e2a6

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/js/vegas.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 21792
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "85310f0fc6d54ab6c4aa2a2efa1e8514"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B75BCDA111D52
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   21792
Md5:    85310f0fc6d54ab6c4aa2a2efa1e8514
Sha1:   dbd124ed40a22170b23709711d4572ff93c9fe6f
Sha256: 17d0a5e4e45104aec83860cf51f19bb232747a586a74fc841b9771a9aa9e42b2

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /css?family=Roboto:400,300,700|Raleway:400,700&subset=latin,cyrillic HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 06 Oct 2022 11:15:22 GMT
date: Thu, 06 Oct 2022 11:15:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1223
Md5:    d042d7f0020dd874e4902db4dc60aa4a
Sha1:   6208ffbce6a6e35357c412c52a053d0429618966
Sha256: 7e38c3fed263dedb6039185f76eeb1ce418ced73cd64b56ebe350a6055d9255a
                                        
                                            GET /media/dating/sinderv2/css/style.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 19825
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "481d04e228d83633ad28310d09905526"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B7673F0E6C333
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   19825
Md5:    481d04e228d83633ad28310d09905526
Sha1:   f5c81ac5514271f64001c41f5b03e92df55c1a02
Sha256: 25fc219b42657e82593f2b07e3d4ae7d615031234f9b2732f5457338d779cf30

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /cookie/js.cookie.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 4264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a7e9883924072f15259de6888d5ef515"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B764E1D32F2B5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (1709), with CRLF line terminators
Size:   4264
Md5:    a7e9883924072f15259de6888d5ef515
Sha1:   7f4f6e5938e68f55aef81e0cd0145f008cd28382
Sha256: 985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/css/vegas.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 19822
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "357c7befa8bdef911f02f48f49e10628"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B759B624CBD4A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   19822
Md5:    357c7befa8bdef911f02f48f49e10628
Sha1:   47972e3c4591058dce82dd3b08bed8e0b8ae5c8f
Sha256: 47f3bef4746b798892c7beff212618616b0950f33f416f03db243578f89135e3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /util/flag-icon/css/flag-icon.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 40627
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0a47b937981e7389e3ebe63e4a503066"
Last-Modified: Wed, 31 Aug 2022 09:38:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B7654E3EB213C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   40627
Md5:    0a47b937981e7389e3ebe63e4a503066
Sha1:   01b395ad016a1d9d15016d765f7d2c51a6e2809b
Sha256: d6afd8d9abc2967f29ad396854cd05b1a12dcf9b7084f944c136ca6f540c5a39

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /util/utils.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 7512
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "01816d15ca03032751161a746e2fb7c3"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B764F1115C5F1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (641), with CRLF line terminators
Size:   7512
Md5:    01816d15ca03032751161a746e2fb7c3
Sha1:   dcc72ea5fa1356490ba473288159df9786b4a3c3
Sha256: 8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/js/timer.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 621
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "40fe503eb84093a37b15e39365ffc587"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B759DF934A9CF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text
Size:   621
Md5:    40fe503eb84093a37b15e39365ffc587
Sha1:   911128043c901314d283fe478477d26e2b3d821a
Sha256: 60b0f0de4c72c1ce9c05b36ba776f12538b1d9b80858b7099068a3e7e0415bc1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/css/animate.css HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 61188
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "1cbfbb2c4ef85880799a74ab2f290f2a"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B754748122E86
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (460), with CRLF line terminators
Size:   61188
Md5:    1cbfbb2c4ef85880799a74ab2f290f2a
Sha1:   9b6366d6c7ad05010f7070db70fba10754be6e9c
Sha256: bfdad6766b12a3826bf32024f0fc13fffbcee84f102034b9270da7e538451031

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/js/trls.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 17300
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "eb1b6bc6776b3e1f520ad0d6c03a92ad"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B7601F54675B9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   17300
Md5:    eb1b6bc6776b3e1f520ad0d6c03a92ad
Sha1:   5adcdd94fd541e5ff347cb317418f77ebcd7a714
Sha256: d87b9de60e8a4d614e0f4e34da021c835852d802f8b6de2aee6a3fa034e3b2b5

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/exit-new/exit1.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 3473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "625e5e2950612f771e246beb33c9ea61"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B764B288E8A44
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (641), with CRLF line terminators
Size:   3473
Md5:    625e5e2950612f771e246beb33c9ea61
Sha1:   e4fc251c6c000496c285f8dc3fa097040b031681
Sha256: 618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/bb.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 639
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d553e4bac91c74bfee2dbabba61e99e"
Last-Modified: Wed, 31 Aug 2022 09:32:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B764B288B86CC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (639), with no line terminators
Size:   639
Md5:    0d553e4bac91c74bfee2dbabba61e99e
Sha1:   5af71e2377c9c012a7826a695f2724901941b19b
Sha256: 1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/js/jquery.js HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:22 GMT
Content-Length: 93064
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "df6173bad69801a82b84701789ab16c5"
Last-Modified: Wed, 31 Aug 2022 09:34:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B7577503BA21A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:22 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (32072)
Size:   93064
Md5:    df6173bad69801a82b84701789ab16c5
Sha1:   94908755cae039762ad53086b858eac553e3f56e
Sha256: cd8f413e39247d48ea354b8fb11c227e72f641403bd8d4dd81cd7473d60daafb

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/images/logo-loveme_white1.svg HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:23 GMT
Content-Length: 4564
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "896592d7f2fa3d761c0b767e9399b010"
Last-Modified: Wed, 31 Aug 2022 09:34:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B756598D3EE9C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:23 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   4564
Md5:    896592d7f2fa3d761c0b767e9399b010
Sha1:   ed1c0502263392938f4cbdd72afb1a8704bf840e
Sha256: 3417f549b6a1018ee687dd84aec136cb7fba2bb5b4c83cf269f9f8e958cc48de

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/fonts/5c92d5d3e39a260d5dd06ced7eca070d.woff2 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:23 GMT
Content-Length: 22284
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5c92d5d3e39a260d5dd06ced7eca070d"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B758BB925FF6D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:23 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 22284, version 3.786\012- data
Size:   22284
Md5:    5c92d5d3e39a260d5dd06ced7eca070d
Sha1:   64df09fd462e6bb76890b7782578777b901f2003
Sha256: 2a99c11dd137ef8b515b3a95d2bdb38ec99bf745b2865196aa910628bcb144b9

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/fonts/b796339b324ec08006ca04dca90284cf.woff2 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:23 GMT
Content-Length: 21796
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b796339b324ec08006ca04dca90284cf"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B769A407E66F9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:23 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 21796, version 3.786\012- data
Size:   21796
Md5:    b796339b324ec08006ca04dca90284cf
Sha1:   4283d779705f09e68939572df76c52cb41a3ec68
Sha256: d65bbca022f8953936d6e60b9a59fc27f9bfd74ba96257ffe14df83b3d8eb0e3

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /util/flag-icon/flags/4x3/no.svg HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/util/flag-icon/css/flag-icon.css
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:23 GMT
Content-Length: 331
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c7ecfe59439b5fd23924fd206cf2fded"
Last-Modified: Wed, 31 Aug 2022 09:38:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B757256C2EB9C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:23 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Size:   331
Md5:    c7ecfe59439b5fd23924fd206cf2fded
Sha1:   056fbd2b17c7f08bfb480d21973a96bf86fbd72a
Sha256: 4027f3320608508754640a6de4cb1cdabdef4654b5a214e875c134802345683f

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/fonts/bcf3bb1b7f7a3436181788e748bae013.woff2 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:23 GMT
Content-Length: 14772
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "bcf3bb1b7f7a3436181788e748bae013"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B758BB9076D26
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:23 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 14772, version 3.327\012- data
Size:   14772
Md5:    bcf3bb1b7f7a3436181788e748bae013
Sha1:   8ee24d38f618f070a43619f1d471d90f17d666f1
Sha256: 42e50c76c1bf569cb8b597ffc8cdd18a6f4a311832f46fdc1489145027550781

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /media/dating/sinderv2/fonts/2e5fca371696cab9fb5a9fe214c1319c.woff2 HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://girlsdivine.life/media/dating/sinderv2/css/style.css
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:23 GMT
Content-Length: 21908
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2e5fca371696cab9fb5a9fe214c1319c"
Last-Modified: Wed, 31 Aug 2022 09:34:21 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B76A17E78FA2B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:23 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 21908, version 3.786\012- data
Size:   21908
Md5:    2e5fca371696cab9fb5a9fe214c1319c
Sha1:   4bd3fe039b2f65d10d1b8c1b30c7962bdc313b7a
Sha256: f8b1a05998ba7e93e5c9f41b004496a3576b8d10d9fafc2f7014894ebc3e72e9

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "60F4E8A64F9C652ECF5B0D5C518C84D6F02D1DFE104D5FD5514E4B4BC529AC2E"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3758
Expires: Thu, 06 Oct 2022 12:18:01 GMT
Date: Thu, 06 Oct 2022 11:15:23 GMT
Connection: keep-alive

                                        
                                            GET /media/dating/sinderv2/images/scandinavia1.jpg HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:23 GMT
Content-Length: 112943
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0f9a4527dedf00f0c0a990615b2519df"
Last-Modified: Wed, 31 Aug 2022 09:34:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 171B7543725E6335
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Fri, 06 Oct 2023 11:15:23 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS3 Windows, datetime=2018:12:04 15:45:49], baseline, precision 8, 1980x1080, components 3\012- data
Size:   112943
Md5:    0f9a4527dedf00f0c0a990615b2519df
Sha1:   0a630419869a18bfb73c3d62c28f2f38cde507ba
Sha256: bb2af625a058610ae2f7f96ee82469238a9c389ca76373217593f508fba11918

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /ExtService.svc/getextparams HTTP/1.1 
Host: data-jsext.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://girlsdivine.life
Connection: keep-alive
Referer: https://girlsdivine.life/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.37.5.177
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:23 GMT
Content-Length: 515
Connection: keep-alive
Access-Control-Allow-Origin: *


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (472), with no line terminators
Size:   515
Md5:    2e2a7f61ae1efa530bbcebf1693ac292
Sha1:   37767c8aa04a870dd713da7cb45e451b4b24d3b9
Sha256: f41890a855fd526c0e7d9702328729cea951b676eec1056e0cdc7250a49e9646
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: girlsdivine.life
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlsdivine.life/?u=7pfk605&o=e9ym176&t=34e37b298b7fb7a18d5f7e1e1_laxy&cid=54fa658d8fa83f138827fd967ec48e03-11246-1006
Cookie: sid=t2~4vmf3ptfey30otl5cjvrica2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         88.99.80.95
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Thu, 06 Oct 2022 11:15:23 GMT
Connection: keep-alive
Cache-Control: no-transform


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed