Overview

URL www.heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
IP217.21.95.77
ASNHostinger International Limited
Location Germany
Report completed2022-09-02 19:41:50 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-02 2 heygotrip.com/wp-content/plugins/woocommerce/packages/woocommerce-blocks/bu (...) Malware
2022-09-02 2 heygotrip.com/wp-content/themes/astra/assets/css/minified/compatibility/woo (...) Malware
2022-09-02 2 heygotrip.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Malware
2022-09-02 2 heygotrip.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0 Malware
2022-09-02 2 heygotrip.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ve (...) Malware
2022-09-02 2 heygotrip.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquer (...) Malware
2022-09-02 2 heygotrip.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie. (...) Malware
2022-09-02 2 heygotrip.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce (...) Malware
2022-09-02 2 heygotrip.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragme (...) Malware
2022-09-02 2 heygotrip.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (15)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-09-02 16:02:14 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-02 04:36:08 UTC 44.233.140.213
mnemonic passive DNS fonts.googleapis.com (1) 8877 2014-07-21 13:19:55 UTC 2022-09-02 12:20:47 UTC 142.250.74.10
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-02 18:07:59 UTC 143.204.55.35
mnemonic passive DNS www.heygotrip.com (2) 0 2022-05-10 12:29:54 UTC 2022-09-02 10:05:11 UTC 217.21.95.77 Unknown ranking
mnemonic passive DNS js.stripe.com (3) 1149 2012-09-30 12:39:23 UTC 2022-09-02 05:31:03 UTC 143.204.55.68
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-02 09:29:12 UTC 34.120.237.76
mnemonic passive DNS fonts.gstatic.com (3) 0 2014-08-29 13:43:22 UTC 2022-09-02 04:27:24 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-02 04:26:06 UTC 23.36.76.226
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-02 04:47:06 UTC 143.204.55.25
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-02 04:27:28 UTC 34.117.237.239
mnemonic passive DNS m.stripe.network (2) 1204 2018-06-23 22:39:58 UTC 2022-09-02 05:31:54 UTC 54.230.111.85
mnemonic passive DNS ocsp.pki.goog (6) 175 2017-06-14 07:23:31 UTC 2022-09-02 04:25:33 UTC 142.250.74.3
mnemonic passive DNS heygotrip.com (16) 0 2022-05-10 12:29:54 UTC 2022-09-02 10:05:11 UTC 217.21.95.77 Unknown ranking
mnemonic passive DNS m.stripe.com (1) 1092 2021-04-11 19:21:28 UTC 2022-09-02 11:55:47 UTC 35.83.63.215


Recent reports on same IP/ASN/Domain/Screenshot

Last 3 reports on IP: 217.21.95.77

Date UQ / IDS / BL URL IP
2022-10-06 16:11:07 +0000
0 - 0 - 12 heygotrip.com/rsea?nnit8=wbbd7nox2zwldbu&ozox (...) 217.21.95.77
2022-09-11 22:59:23 +0000
0 - 0 - 12 heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/Iwm (...) 217.21.95.77
2022-09-02 19:41:50 +0000
0 - 0 - 10 www.heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/I (...) 217.21.95.77

Last 5 reports on ASN: Hostinger International Limited

Date UQ / IDS / BL URL IP
2022-12-03 22:49:43 +0000
0 - 0 - 1 gamedownt.com/arquivos/5631 185.213.81.240
2022-12-03 18:26:28 +0000
0 - 0 - 7 tristoshink.online/mobile/1/ 45.84.204.169
2022-12-03 18:25:01 +0000
0 - 0 - 2 khoinghiep247.com/ 151.106.115.136
2022-12-03 17:16:25 +0000
0 - 0 - 12 popa.com.br/wp-content/plugins/super-forms/up (...) 109.106.248.113
2022-12-03 12:44:56 +0000
0 - 0 - 1 applyforpan.online/ 2.57.90.16

Last 3 reports on domain: heygotrip.com

Date UQ / IDS / BL URL IP
2022-10-06 16:11:07 +0000
0 - 0 - 12 heygotrip.com/rsea?nnit8=wbbd7nox2zwldbu&ozox (...) 217.21.95.77
2022-09-11 22:59:23 +0000
0 - 0 - 12 heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/Iwm (...) 217.21.95.77
2022-09-02 19:41:50 +0000
0 - 0 - 10 www.heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/I (...) 217.21.95.77

Last 2 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-06 16:11:07 +0000
0 - 0 - 12 heygotrip.com/rsea?nnit8=wbbd7nox2zwldbu&ozox (...) 217.21.95.77
2022-09-11 22:59:23 +0000
0 - 0 - 12 heygotrip.com/rsea/?Gzut3=eAS8+pxVSVCSPKq/Iwm (...) 217.21.95.77


JavaScript

Executed Scripts (19)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (54)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20965
Expires: Sat, 03 Sep 2022 01:31:05 GMT
Date: Fri, 02 Sep 2022 19:41:40 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 02 Sep 2022 18:41:54 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kgCfExSaeg3RG5QZTrNKXLTeXx5nOLV4l3wl9dTjGAFtfADVFl6Tyg==
Age: 3586


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Sep 2022 01:15:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QWryeIdSvnDfeVSrvwREac77peF2E0bzW6pvg8idxD13kfY-fLUg3A==
age: 66383
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1 HTTP/1.1 
Host: www.heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         217.21.95.77
HTTP/1.1 301 Moved Permanently
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 707
date: Fri, 02 Sep 2022 19:41:40 GMT
server: LiteSpeed
location: https://www.heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
content-security-policy: upgrade-insecure-requests


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   707
Md5:    1304294c0823ca486542ba408ed761e3
Sha1:   b2a70fb2d810ca13985882e6981f33998823e83e
Sha256: 3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 02 Sep 2022 19:41:40 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 02 Sep 2022 19:38:16 GMT
Expires: Fri, 02 Sep 2022 20:15:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NHFMxXtATSWjcIEf8WOQfEeLBYpbyz9V4WzSNz_DHPHEdqAg1SrK4w==
Age: 204


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1 HTTP/1.1 
Host: www.heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         217.21.95.77
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
                                        
x-powered-by: PHP/7.4.27
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
x-litespeed-cache: hit
content-length: 0
date: Fri, 02 Sep 2022 19:41:40 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5145
Cache-Control: 'max-age=158059'
Date: Fri, 02 Sep 2022 19:41:40 GMT
Last-Modified: Fri, 02 Sep 2022 18:15:55 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5309
Cache-Control: 'max-age=158059'
Date: Fri, 02 Sep 2022 19:41:41 GMT
Last-Modified: Fri, 02 Sep 2022 18:13:12 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Sep 2022 19:41:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Sep 2022 19:41:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3grEiY2HD1eYzTYa3oAXiA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         44.233.140.213
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uA5ey2i/HKkehpx5w+wUQHSjH5o=

                                        
                                            GET /rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
x-powered-by: PHP/7.4.27
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://heygotrip.com/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Sep 2022 19:41:40 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (41941), with CRLF, LF line terminators
Size:   24385
Md5:    80632add5a77282b23100901b795ceee
Sha1:   03fe8cf6bd04dac9d08160b1dbe357e0196f419c
Sha256: cb841b5f99850d85be51e7c653f6a19967fb0198acdbe2b62d082b79100feb99
                                        
                                            GET /wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=3.8.5 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 07:44:44 GMT
etag: "b2ca-62ca836c-62fe77623af2d605;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8220
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43644)
Size:   8220
Md5:    0c42c59ce62a5fe6c9f4369d43690ffb
Sha1:   345862304edb1b2bbdfc619e13da7965dc4dfb2d
Sha256: 909a82c3b43fbd0cefe5016d11d06b20da3e672c53cc39237fa86fb9769d1d56
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Wed, 13 Jul 2022 00:23:16 GMT
etag: "15b64-62ce1074-3bc743d0c392089d;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10703
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   10703
Md5:    3314a848319230ac733421112382eec5
Sha1:   98a167f06a0aa192b28891f8abbb13045a59cb93
Sha256: 491c2c2340db0cace5815f2434013e7fecb5bd9b1d9a721811603d7aaa485fbd
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css?ver=7.6.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 10:55:03 GMT
etag: "1345-62cab007-5ac2ecc509d4af23;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1106
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4933), with no line terminators
Size:   1106
Md5:    8227d1018451f5f2b5d556517e3a9c1c
Sha1:   c7d4c64a5aba47ac3a2445b5590efd664dbc381c
Sha256: b6b0b48882efd9ff0a0364874578c4c1d507b6189cca80985b698239a924c663

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce-layout.min.css?ver=3.8.5 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 07:44:44 GMT
etag: "439b-62ca836c-c5cfec20360210ae;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1859
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (17307), with no line terminators
Size:   1859
Md5:    ce92ba9873f44306c1923b9a842de314
Sha1:   a419ae2994fb067411e8b1bd1d092624a832f61b
Sha256: 0becc3c090a52685cad296878a0c594c198820294125909c7d53452f84eb129a
                                        
                                            GET /wp-content/themes/astra/assets/css/minified/compatibility/woocommerce/woocommerce.min.css?ver=3.8.5 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 07:44:44 GMT
etag: "199e0-62ca836c-48af6abffc833749;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 13476
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65524), with no line terminators
Size:   13476
Md5:    2711a3405b9c53651953af05101be784
Sha1:   a5dc06e036b426aa3640a179f839068ce9f5b1eb
Sha256: 881d2d854b5684c0deefd0d958ce9c87f770b888df27805d3caba11340a35390

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Tue, 10 May 2022 12:21:53 GMT
etag: "2bd8-627a58e1-6e56352c018a7d6d;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3984
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   3984
Md5:    4116c2be947ecf205a0c7fc117ca55f0
Sha1:   0cd8efc9fe349d67a86b49d1e5582a9b21d05add
Sha256: 6b1970b536b88a18b0eb4fe138e677b9736294057660676507fabee57cb0462c

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/packages/woocommerce-blocks/build/wc-blocks-style.css?ver=7.6.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: text/css
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 10:55:03 GMT
etag: "33aa6-62cab007-47c1873b63f8916f;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 20199
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Size:   20199
Md5:    fe6da10b73634ff8e693ddc5874fb059
Sha1:   dd7e93a4b08b5518cdc78d309bed25fd10a35e19
Sha256: e79bd06b8cc74572af296b3d9a30867ac6b7dd8e42f1609211e51d6dab9afba6
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Tue, 10 May 2022 12:21:53 GMT
etag: "15db1-627a58e1-4a99e7c381a9e622;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 30027
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   30027
Md5:    63373db5c13254717674a1af4cd88aa2
Sha1:   21a1962ab8597d9066640a7157a41370341ff0cf
Sha256: d883f77be0299ddb715175908b03076554287b13f87570369fb58adeade16891

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2022/07/HeyGotrip-logo.png HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: image/png
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 08:00:53 GMT
etag: "469e-62ca8735-ece42ae61ffa492e;;;"
accept-ranges: bytes
content-length: 18078
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 417 x 151, 8-bit/color RGBA, non-interlaced\012- data
Size:   18078
Md5:    c110f1e913fe79b6391a2b5c8254af0f
Sha1:   56352b0dd20ff5f426323eaee4c3cad217179444
Sha256: 55c200df301e1f65ec8a3c3c0032c19fde95ef01ee8451ffbf9120d247e2e3c4
                                        
                                            GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.8.5 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 07:44:43 GMT
etag: "415c-62ca836b-8b077ce23b66a62c;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3760
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (16732), with no line terminators
Size:   3760
Md5:    81c05f8a8e2da82167b0c694dfd4761e
Sha1:   420bbf1127899dd7e610cf8cd2b5797e07b4b1bd
Sha256: d1de2393fb4ed38efcb8de50f43abf89bbb75ab2958bd368b4609141f82a40e1

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.7.0-wc.6.6.1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 10:55:11 GMT
etag: "253d-62cab00f-8677cf1b8273be11;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3242
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9139)
Size:   3242
Md5:    2334040ad30a3a3cc5055ad8643b2e10
Sha1:   6a6ff9799ad8cac3502e2189a02ed74ca02ff4a3
Sha256: 08acb85d899a61171f9c6721e41ed8022d7aa4f6cc1aab9c7c39fe55cdd18960

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc.6.6.1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 10:55:11 GMT
etag: "72a-62cab00f-fc97abbe7a04aa7c;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 899
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1668)
Size:   899
Md5:    22d65ba38528349e705d912ce26bf8ac
Sha1:   c89ba006009043d93b88ff155b4fec8797330550
Sha256: 6253bcb85e4267ad3ba843145534e729ee2c1d7e85e5b4ab5b2e074ae636bca3

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=6.6.1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 10:55:11 GMT
etag: "85b-62cab00f-519d97ceb1b54f1c;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 677
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2139), with no line terminators
Size:   677
Md5:    a43fc0dde8fdd69656ad0957e62849c7
Sha1:   4b07cf702ac8a770c8cbffc22b9a788b6e5389ba
Sha256: 1ce3d0493424870c81deec0ec41de0592d2af9f91cd8081cd40a1d7ea89b614f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=6.6.1 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sun, 10 Jul 2022 10:55:11 GMT
etag: "b7a-62cab00f-e60ab174764c82d3;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 935
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2938), with no line terminators
Size:   935
Md5:    ff0db23445ccd7328c7f10de152fb16b
Sha1:   ff94beb84c601febafb3b51e4f054f920ffb75fc
Sha256: 91034f25ae6d0e9f62eb1407e288f5b37140ad5ce9cd0d1d77d79e63d45882e3

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1 
Host: heygotrip.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/rsea/?O0D=eAS8+pxVSVCSPKq/IwmkSLBlGGrRuPpifCOhjejUIUFAtNeBujWPnczxjaYv/4QpCQs=&9rbPKz=zzr83p0hCf1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         217.21.95.77
HTTP/2 200 OK
content-type: application/x-javascript
                                        
cache-control: public, max-age=604800
expires: Fri, 09 Sep 2022 19:41:41 GMT
last-modified: Sat, 02 Jul 2022 20:00:54 GMT
etag: "48b9-62c0a3f6-1140ea29c8d85bec;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4572
date: Fri, 02 Sep 2022 19:41:41 GMT
server: LiteSpeed
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   4572
Md5:    4402e98c197d70e9bc78b1da062e658a
Sha1:   b1d2477c6b1dfa9283d79a0a3944098dde573f68
Sha256: 4e646c55a8c057d08458aed4f913f5ae713e1351aadc0bcdf947bc48fb6a73ed

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15682
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 19:41:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15682
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 19:41:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15682
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 19:41:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15682
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 19:41:42 GMT
Connection: keep-alive

                                        
                                            GET /v3/m-outer-e52e635988f6f4658a329b4b948f1007.html HTTP/1.1 
Host: js.stripe.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         143.204.55.68
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
content-length: 186
last-modified: Fri, 02 Sep 2022 18:36:32 GMT
accept-ranges: bytes
server: Cloudfront
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
timing-allow-origin: *
date: Fri, 02 Sep 2022 19:37:58 GMT
cache-control: max-age=31536000
etag: "e52e635988f6f4658a329b4b948f1007"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: t_PLax-9d3lwqAj8sVNueitRwGnhS_XJiO3l_cGPl7n8olcRj4hksQ==
age: 251
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size:   186
Md5:    e52e635988f6f4658a329b4b948f1007
Sha1:   3d42a057beffe1459ee2f143144172f381f41d9d
Sha256: 5903ac62a504525a0c57b90ed548c2415f542e242d4c64edd369db6cf82aab6f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9252
x-amzn-requestid: 7feebba8-f6b9-4b79-9726-5a7534da277e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyVG5DoAMF_Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112675-3123158f3dcfbd476537ca3c;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BOa5zGQyJS9q9bHmtKzlNtyS9ToGPZJkDFo2uY2lzz8Lnd3cZLQEaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:48:18 GMT
age: 75204
etag: "cbb4546228115cccc122b16209e70171bef5c1f2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9252
Md5:    5ba50b2fd1814c5ffc95aef40c69ce8c
Sha1:   cbb4546228115cccc122b16209e70171bef5c1f2
Sha256: de822c8549508b28a07d29b203ae3ef356470df906cba727fc765f1bd14bb866
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15682
Expires: Sat, 03 Sep 2022 00:03:04 GMT
Date: Fri, 02 Sep 2022 19:41:42 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6196
x-amzn-requestid: a7d6ce70-06d7-498c-8024-80185a3fc3e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyLFmVIAMFkcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112674-3fad622927177e9236d7c50a;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qAMCgNpYR80vXSDyHFOFcbT8VukBemR2AGoGNaCfYaszKshu-gv6zg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:54:15 GMT
age: 78447
etag: "ec65cb47d86488f734c945a210d5f636a40fea2c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6196
Md5:    5e05660322f0368dd2bf8067d7e4554d
Sha1:   ec65cb47d86488f734c945a210d5f636a40fea2c
Sha256: 98875230ec45766102191bdc4180742fa3b8f3ad5ad1a128d12437105f86247e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6DJbsUGTdXT42cNLTDq6Uz28H2SDhwq6drdKP4axAHsBz471X7r_g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:37:26 GMT
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
age: 79456
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10435
Md5:    955f2a35bd6b3802670e7fa8a7cda833
Sha1:   4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
Sha256: 2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5079
x-amzn-requestid: 3b19c77a-2e9b-499f-890b-36fc4ee72ba7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XslOVEtZIAMFv1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e825b-01b7b71617b59f7414a0e5e5;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 21:34:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: zYT0vF7Bxa5m84D12jI2w_A-MzR3wIMBOb0ubTEdNMlpYUes5aYdlQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:44:27 GMT
age: 79035
etag: "288b82ad8f924eb9570ae1c55da84d041f862366"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5079
Md5:    5c3b7580a37e6eb7e5bd18491f1d4dd6
Sha1:   288b82ad8f924eb9570ae1c55da84d041f862366
Sha256: 046d1ef76448c53446068ef5f8315b7299484996cdebfd9d1e749b4ded9c7d3c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Sep 2022 19:41:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16818
x-amzn-requestid: 6950a3c5-2cdc-4a21-854c-10d925e32ecd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XiYLvHRSIAMFotQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a6d7e-6e98b9a77e592bd01afb1d97;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 19:16:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3eBLhLH4APXLyj9kLHXNCFT9ccS_bnBp5INvMI93IFvOuBMERe_GgQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 13:36:12 GMT
age: 21930
etag: "9fef9b071daea6793cbbdfe391254ac4326b1aa2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16818
Md5:    12756903aaa74164feb5f8525398ca36
Sha1:   9fef9b071daea6793cbbdfe391254ac4326b1aa2
Sha256: 6d474a6d96aebfed43a4f6812f18a1be8d100c590f75eb0fbf4ec7277dd0c442
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5889
x-amzn-requestid: 42237574-f86e-4ece-b986-6d0c5910fcc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzMVgHajoAMFmXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112756-48ff9d98464cf3c9680d97b4;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:42:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _7BBSlQQucoO5poncTYuX4fcmS4WFg3UcVFXalckGCCNFKJ0h5UpsQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:31:42 GMT
etag: "85239ef4f2fee8d3345e599bc942cab63ff3aaf6"
age: 76200
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5889
Md5:    24d848f7606889b048b6334e70d8a5e0
Sha1:   85239ef4f2fee8d3345e599bc942cab63ff3aaf6
Sha256: da6cf33b440b51f72a70f309d62fd581aed246b6a78b8f329fa3899db15ff86d
                                        
                                            GET /v3/fingerprinted/js/m-outer-a0304d3ea31e8647892809f01854788c.js HTTP/1.1 
Host: js.stripe.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.stripe.com/v3/m-outer-e52e635988f6f4658a329b4b948f1007.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         143.204.55.68
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
content-length: 526
last-modified: Fri, 02 Sep 2022 18:36:32 GMT
accept-ranges: bytes
server: Cloudfront
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
date: Fri, 02 Sep 2022 19:41:42 GMT
cache-control: max-age=60
etag: "d96c709017743c0759cf3853d1806ba5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fg38BICnUXQVl_MEHLFDOqeEc1CZZb8WtR5zHNJQmF9jZNuVjB0SvQ==
age: 6
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (526), with no line terminators
Size:   526
Md5:    d96c709017743c0759cf3853d1806ba5
Sha1:   72e21587610c49c8305a55e71f73fa88ed618205
Sha256: ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652
                                        
                                            GET /s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://heygotrip.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 Aug 2022 21:03:13 GMT
expires: Tue, 29 Aug 2023 21:03:13 GMT
cache-control: public, max-age=31536000
age: 340709
last-modified: Mon, 09 May 2022 18:27:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12860, version 1.0\012- data
Size:   12860
Md5:    ab21c24efd75543e16e34807ebc6cdec
Sha1:   eb2562f9729079333fbcbbe94868695669dd3301
Sha256: 88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Sep 2022 19:41:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Sep 2022 19:41:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://heygotrip.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12684
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 Aug 2022 21:03:14 GMT
expires: Tue, 29 Aug 2023 21:03:14 GMT
cache-control: public, max-age=31536000
age: 340708
last-modified: Mon, 09 May 2022 18:28:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12684, version 1.0\012- data
Size:   12684
Md5:    0c235386bcf6af06f67e6c89fd19e434
Sha1:   10720574d4609322023984a761f32f9518c07bc4
Sha256: c1c30918a861cb6a985ab55d54ad7e861682354197f164cb3b7194f20eed67ac
                                        
                                            GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM73w5aXo.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://heygotrip.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12848
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 16:43:29 GMT
expires: Fri, 01 Sep 2023 16:43:29 GMT
cache-control: public, max-age=31536000
age: 97093
last-modified: Mon, 11 Jul 2022 18:56:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 12848, version 1.0\012- data
Size:   12848
Md5:    f0b3206d02a2f684530117ce1d7e8ce0
Sha1:   f3708b707b65e241b0f1c819d5f7bf7da8412653
Sha256: f31b80562610135edd91a86ec7f243c5eeaec2ec08337e6a20c2d135d8e217da
                                        
                                            GET /inner.html HTTP/1.1 
Host: m.stripe.network
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.85
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
content-length: 930
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
accept-ranges: bytes
server: Cloudfront
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
date: Fri, 02 Sep 2022 19:38:05 GMT
cache-control: max-age=300, public
etag: "fc2e029628f163bb59adc6fa5a31161c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: AVAhY5bBVCNQmpV79yjlQPjyVS4DJBiOzlpUpIHncwzWW49TjdfAUw==
age: 220
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (930), with no line terminators
Size:   930
Md5:    fc2e029628f163bb59adc6fa5a31161c
Sha1:   0f4547ae510d1bf36e3630d41bdab29d64c03d64
Sha256: a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 02 Sep 2022 19:41:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4716
Cache-Control: 'max-age=158059'
Date: Fri, 02 Sep 2022 19:41:42 GMT
Last-Modified: Fri, 02 Sep 2022 18:23:06 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /6 HTTP/1.1 
Host: m.stripe.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2712
Origin: https://m.stripe.network
Connection: keep-alive
Referer: https://m.stripe.network/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         35.83.63.215
HTTP/2 200 OK
content-type: application/json;charset=utf-8
                                        
server: nginx
date: Fri, 02 Sep 2022 19:41:42 GMT
content-length: 156
set-cookie: m=1c7028e3-3f9f-4b37-b1bc-3d550053d55b67c3cd;Expires=Sun, 01-Sep-2024 19:41:42 GMT;Secure;HttpOnly; SameSite=None
x-content-type-options: nosniff
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
strict-transport-security: max-age=31556926; includeSubDomains; preload
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   156
Md5:    347f49e269d36931aa1934cb78b67426
Sha1:   b298e206c47aff8fd26cf150184b2f87054e3852
Sha256: f18c265d0d6dee704b21e78542d278e0d902fa0b4a795e9d805385caa1754524
                                        
                                            GET /out-4.5.42.js HTTP/1.1 
Host: m.stripe.network
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://m.stripe.network/inner.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.85
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
last-modified: Thu, 17 Mar 2022 19:03:12 GMT
server: Cloudfront
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
date: Fri, 02 Sep 2022 19:41:09 GMT
cache-control: max-age=300, public
etag: W/"21df7244385e5c0bdf32da01d0dad6c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: s6kzCDwu9DzjFZWsDOY6GTwizL2QoIePnkLmAIPWD4PYMPs2roZ_Dg==
age: 36
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /v3/?ver=1.4.6 HTTP/1.1 
Host: js.stripe.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.68
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
last-modified: Fri, 02 Sep 2022 19:27:27 GMT
server: Cloudfront
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
content-encoding: br
date: Fri, 02 Sep 2022 19:41:18 GMT
cache-control: max-age=60
etag: W/"c60bded5fc23fe5642fa6fa5eed6fe25"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x_MLd1vTrNv0hBJKs7hicMHOR5ZaZHaa-uJxE-bueapKq809sZ0Snw==
age: 24
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Noto+Sans%3A400%2C700%7CMontserrat%3A700&display=fallback&ver=3.8.5 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://heygotrip.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Sep 2022 19:41:41 GMT
date: Fri, 02 Sep 2022 19:41:41 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---